csrss.exe

Hello Leo/
do you know how to delete the RP09.exe? is this a virus? I think it is connected to csrss.exe. I have two (2) csrss.exe processing in my TaskManager is this normal? Do you know how to remove "ñiäw", i believe this is some kind of a virus. Tnx...hope U can HELP.

For CODE_RYAN

Just an Info, I have encountered this RP09.EXE, if they said its not a virus then what's inside "ñiäw", there you could also find a copy of RP09.EXE as well as indside the "system volume information" folder.

I you think you're in doubt then try opening your registry "type REGEDIT inside START->RUN" then press F3-find then type "RP09", I know it will find one, under MOUNTPOINTS2 where WORMS usually imprint their AUTORUN.INF instructions.

Be carefull in choosing a drive then using the RIGHT CLICK bcoz EXPLORE, OPEN, AUTOPLAY are already their trigger in spreading.

As of Now, Im doing it manually since I've got nothing, no available anti virus online for now. WE ARE ON OUR OWN, unless any of you guys got some AV for this, please....

there are 2 other csrss.exe that can be found on your computer once you are infected by this virus. One is on C:\Documents and Settings\user\csrss.exe and the other is on C:\Program files\Microsoft Fronpage\csrss.exe and together with is is a .reg file (18something) and a time.dat. These too are also products of the virus

csrss.exe is a windows program. But when you see two csrss.exe in your task manager, it could be a virus. Avast anti-virus can remove this virus.

Or

Manually delete:
1. Boot in Safe Mode, this limits the program that are running in the background.
2. Goto Start - run, then type MSCONFIG.
3. Goto Startup, then find and uncheck any RP09.exe or csrss.exe that you will see. Don't be afraid of csrss.exe. The original csrss.exe of windows is loaded in different location.
4. Right click "My Computer", then select explore.
5. Click "C:" from the left pane. Then delete "autorun.inf", "ñiäw" folder and an exe file with a filename of your computer name and an icon of folder. ex. if your computer name is andrew, delete the file "andrew.exe".
6. Delete also "RP09.exe" from the following directory:
C:\program files\Microsoft Frontpage\ (as well as the reg file).
C:\Documents and Settings.
C:\System Volume Information.
7. restart you computer...

:)

csrss.exe is not always a virus... it can be normal to have it running multiple times. if your not sure open up do this

1. hit windows key+r
2. type in cmd
3. hit enter
4. type in tasklist
5. find and write down the PID of both processes
6. now type in tasklist /v
7. find both csrss.exe and see who authorised it. If it is a virus one of the two is not authorised by "NT AUTHORITY\SYSTEM"
8. remember the PID of the virus and type in tasklist /fi "pid eq (your virus pid)"
9. Now you should see just one process. remember the mem usage (at me 4.652 K) and hit ctrl+shift+esc
10. find your virus and kill the processnow find it and delete it :D

I have a pop up window on my desktop: Windos - No Disk Exception Processing Messag c0000013 Parametes 75b6bf9c 4 75b6bf9c 75b6bf9c. Could this be a problem with the crss.exe file?

So, I have a huge problem with csrss.exe eating my CPU up to 99%, and I don't have the virus, I only have csrss.exe in the right place (SYSTEM). I started a new profile on my computer and intended to erase the previous one to check if that could help, but before I had the chance to do this, csrss.exe took over the new profile too, which is why I sincerely doubt it will do any good to erase the first profile. I also installed a "hotfix" that would fix a problem with csrss.exe that starts when right-clicking something, when I was unsure that it might be the problem (since the description of my problem was exactly the same: 100% CPU). HEEELP! :-/ Thanx!

Looking at another page I found the help I needed, and I post it here so that it might help someone else. I updated the graphics. As simple as that. All problems gone!

hi!

to remove RP09.exe

1. run command prompt
2. type cd\
3. type ATTRIB -H -S -R /S /D..it would few minutes if your drive have many files and folders..
4. manually delete autorun.inf, syste~1, niaw folder.. just type "del autorun.inf" etc...

5. run regedit.exe using command prompt or RUN command.
6. Press Ctrl + F.
7. Find syste~1\_resto~1\RP09.exe
8. delete it.
6.

thats it..

I've seen this virus/worm/malware... I've infected my gf's anti-virus-less internet-less computer by accidentally clicking a file that looks like a folder. I searched the registry but I couldn't find the source...

I went to this website for advice and I figured out how this virus works...

1. It creates a file csrss.exe in Documents and Settings folder
2. The main executable and registry file are located at Program Files\microsoft frontpage
3. Just like any other malware, it creates duplicates on USB flash drives with autorun.inf

I think it creates a registry entry in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer and creates a subdirectory "run". You can find the directory path of the virus through there so you can delete it manually. Delete the whole "Run" subdirectory
Correct me if i'm wrong.

Make sure before attempting to delete the malware, start your computer in safe mode (Press F8 after the BIOS but before Windows loads)

I'd think the creator of this malware is very crafty that he wants the virus not to be detected even by experienced computer users. He didn't put those in the commonly used HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run as this would be too obvious for experienced users