What is “crss.exe” and how do I remove it?

Mar 8th, 2009 | By Justin Montgomery | Category: Microsoft, Tips and advice, Windows


What is crss There’s a misconception with the crss.exe process as to whether it’s a virus or a necessary Windows process.  Let’s dig a little deeper to understand what it is and how it differs from other processes with similar names.

“Crss.exe” and “csrss.exe” are two processes that are commonly mistaken.  Crss.exe is a process that, in most cases, is a worm virus contracted by an email attachment or similar Web-based service.  Csrss.exe (notice the extra “s”) on the other hand is a very needed Windows component that should be left alone.  If you open your task manager and click the “processes” tab, you’ll likely find the csrss.exe process running. 

This is your “Client Server Runtime Process,” and is actually the fourth most important Windows process after the “smss.exe,” system and system idle processes.  Because it’s a process running on almost all Windows-based machines, it’s a likely candidate for the name of a virus.  Because it can’t use the exact name using the same “.exe” extension, it removes the “s” to trick people into thinking it’s a normal Windows process running in the background.

The worm-virus associated with crss.exe is a process which is likely registered as the “W32.AGOBOT.GH” Worm.  It’s most commonly distributed via the Internet and comes in the form of an email message in the hopes that you open its virus-laden attachment.  The worm also has its own SMTP engine which means it gathers emails from your local computer and re-distributes itself to anyone that’s sent you a message or that you’ve sent a message.  It can even allow attackers to access your computer, stealing passwords and personal data.

If you’ve identified a crss.exe process, you’ll obviously want to get rid of it as soon as possible.  To do so, simply run your favorite anti-virus or spyware software.  Hopefully, if you have an updated definitions file, the software will catch and remove the worm, subsequently removing any crss.exe processes.  If a first scan doesn’t find it, simply update you definitions file.  Once the process is removed, it’s a good idea (as always) to run your spyware and anti-virus software as often as possible.


Related:

  • Trojan attacks Google Adsense
  • How to speed up Windows XP - top 5 tips
  • Qantas removes Dell batteries
  • Did a false report regarding Steve Jobs health cause Apple’s stock to drop?
  • Fancy a meal of not-so-yummy cottonseed?

    • Leave Comment