ThreatExpert's awareness of the file "csrss.exe":

Across all ThreatExpert reports, the file "csrss.exe" was mostly identified as a threat.

File "csrss.exe" has the following statistics:

Total number of reports analysed	611,932
Number of cases that involved the file "csrss.exe"	3,720
Number of incidents when this file was found to be a threat	3,371
Statistical volume of cases when "csrss.exe" was a threat	91%

Please enable javascript to display the chart.

Notes:

Please note that the name of the file should NOT be used to define if it is legitimate or not. Such determination can only be made by observing its dynamic behaviour.
In order to check a file, please submit it to ThreatExpert.
For a comprehensive pro-active protection against threats, please consider ThreatFire - our behavioral antivirus solution.

The file "csrss.exe" is known to be created under the following filenames:

%AllUsersProfile%\cncdown.exe

%AllUsersProfile%\common files\csrss.exe

%AppData%\%username%.task\chasnah.exe

%AppData%\%username%.task\csrss.exe

%AppData%\%username%.task\lsass.exe

%AppData%\%username%.task\server.exe

%AppData%\%username%.task\smss.exe

%AppData%\{187412dd-6f8d-45a5-a1f6-e7b6fe193f5b}\csrss.exe

%AppData%\{bfb5f154-9212-46f3-b547-ac6106030a54}\csrss.exe

%AppData%\1.exe

%AppData%\blaah.exe

%AppData%\br6657on.exe

%AppData%\calc.exe

%AppData%\codecsetup.exe

%AppData%\codecsetup3788.exe

%AppData%\codecsetup4127.exe

%AppData%\codecsetup6400.exe

%AppData%\codecsetup8536.exe

%AppData%\cp_setup_assist.exe

%AppData%\csrss.exe

%AppData%\cuda.exe

%AppData%\dealassistant\dauninstall.exe

%AppData%\digifast\dfuninstall.exe

%AppData%\dv6173880x\yesbron.com

%AppData%\hose.exe

%AppData%\idtemplate.exe

%AppData%\ijango_toolbar_installer.exe

%AppData%\inetinfo.exe

%AppData%\jalak-931738815-bali.com

%AppData%\ldr.exe

%AppData%\lsass.exe

%AppData%\microsoft\cd burning\coolworld.exe

%AppData%\microsoft\csrss.exe

%AppData%\microsoft\dtsc\t.exe

%AppData%\microsoft\office71\vhchk.exe

%AppData%\microsoft\windows\ernsjyi.exe

%AppData%\microsoft\windows\jjcmdrj.exe

%AppData%\microsoft\windows\nheste.exe

%AppData%\microsoft\windows\nxmwp.exe

%AppData%\microsoft\windows\rwmgh.exe

%AppData%\microsoft\windows\security\user0.exe

%AppData%\microsoft\windows\tbljxjk.exe

%AppData%\microsoft\windows\vohth.exe

%AppData%\microsoft\windows\vvpmyvaw.exe

%AppData%\mxplay\temp\mxplay_installer.exe

%AppData%\ntcom.dll

%AppData%\nthead.dll

%AppData%\pak-5593.exe

%AppData%\pak-5594.exe

%AppData%\pak-5595.exe

%AppData%\pak-5596.exe

%AppData%\pak-5597.exe

%AppData%\pak-5598.exe

%AppData%\pak-5599.exe

%AppData%\pak-5600.exe

%AppData%\pak-5601.exe

%AppData%\pak-5602.exe

%AppData%\pak-5603.exe

%AppData%\salehoo\auctionalert\_tmp\aa.exe

%AppData%\salehoo\salehooalert\_tmp\aa.exe

%AppData%\scvhost.exe

%AppData%\services.exe

%AppData%\silverlight\silverlight.exe

%AppData%\skynet\muonline\_cw0srv.exe

%AppData%\skynet\muonline\234672.exe

%AppData%\skynet\muonline\239874.exe

%AppData%\skynet\muonline\293874.exe

%AppData%\skynet\muonline\345674.exe

%AppData%\skynet\muonline\345676.exe

%AppData%\skynet\muonline\435627.exe

%AppData%\skynet\muonline\543978.exe

%AppData%\skynet\muonline\546783.exe

%AppData%\smss.exe

%AppData%\speedrunner\sruninstall.exe

%AppData%\svchost.exe

%AppData%\temp.dll

%AppData%\truesword4.exe

%AppData%\wefisetup.exe

%AppData%\winbutler\winbuninstaller.exe

%AppData%\winbutler\winbutler.exe

%AppData%\windows.exe

%AppData%\windows\csrss.exe

%AppData%\windows\lsass.exe

%AppData%\windows\services.exe

%AppData%\windows\smss.exe

%AppData%\windows\winlogon.exe

%AppData%\winlogon.exe

%AppData%\wintouch\wintouch.exe

%AppData%\wintouch\wtuninstaller.exe

%AppData%\wrar380d.exe

%AppData%\yeah\yeah374809.exe

%CommonAppData%\{01e69986-a054-4c52-abe8-ef63df1c5211}\csrss.exe

%CommonAppData%\{0ee3f0b3-6a98-44e2-bec4-981e4de63d62}\csrss.exe

%CommonAppData%\{12d39bc8-00cc-41b6-8c5a-30d476632c5e}\csrss.exe

%CommonAppData%\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a}\csrss.exe

%CommonAppData%\{402d5ec6-b1e5-49dd-86f3-ceeda6bc9518}\csrss.exe

%CommonAppData%\{61914010-49e8-467e-99cb-a7b03d9d7af2}\csrss.exe

%CommonAppData%\{6226ba26-c017-4007-928c-de9715c6fa67}\csrss.exe

%CommonAppData%\{83dc8bd3-ab6c-4e32-bf78-40f1200d598e}\csrss.exe

%CommonAppData%\{85493d9b-a4a2-478c-b36f-b729202df748}\csrss.exe

Notes:

%AllUsersProfile% is a variable that specifies the all users' profile folder. By default, this is C:\Documents and Settings\All Users (Windows NT/2000/XP).
%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.

The file "csrss.exe" has the following possible countries of origin:

Origin		Number of Incidents
	United Kingdom	106
	Brazil	48
	Russian Federation	37
	China	28
	Saudi Arabia	19
	Netherlands	6
	Spain	5
	Italy	4
	Algeria	3
	France	3
	Germany	3
	Turkey	2
	Bulgaria	1
	Iran	1
	South Africa	1
	Sweden	1

The following threats are known to be associated with the file "csrss.exe":

Threat Alias	Number of Incidents
W32/Rontokbro.gen@MM [McAfee]	80,592
Email-Worm.Win32.Brontok.n [Kaspersky Lab]	78,130
W32.Rontokbro.U@mm [Symantec]	74,815
WORM_BRONTOK.BA [Trend Micro]	69,314
Worm.Brontok.BA [PC Tools]	33,649
Worm.Brontok.BK [PC Tools]	29,327
Worm.Brontok.Gen!Pac.3 [PC Tools]	13,645
WORM_RONTKBR.GEN [Trend Micro]	9,074
W32.Rontokbro.X@mm [Symantec]	3,844
W32.Rontokbro@mm [Symantec]	3,756
I-Worm.Brontok.AY [PC Tools]	2,528
WORM_BRONTOK.IE [Trend Micro]	2,020
PE_PARITE.A [Trend Micro]	1,805
Virus.Win32.Parite.b [Kaspersky Lab]	1,804
W32/Pate.b [McAfee]	1,804
Win32.Parite.B [PC Tools]	1,800
Email-Worm.Win32.Brontok.N [Ikarus]	1,550
W32.SillyFDC [Symantec]	1,217
W32/Zaflen.a [McAfee]	1,073
Worm.VB.FKF [PC Tools]	1,071
Worm.Win32.VB.gr [Kaspersky Lab]	1,025
W32/Rontokbr-A [Sophos]	938
I-Worm.Brontok.BM [PC Tools]	680
W32/Brontok-AE [Sophos]	430
Email-Worm.Win32.Brontok.q [Kaspersky Lab]	362
PE_FLUENZA.ART-O [Trend Micro]	345
Backdoor.Trojan [Symantec]	340
Worm.Brontok.Gen.1 [PC Tools]	331
Trojan-Downloader.Win32.Agent.bl [Kaspersky Lab]	235
TROJ_MALOE5.A [Trend Micro]	135
W32/Brontok-Gen, W32/Brontok-Gen, Mal/Packer, Mal/Behav-024 [Sophos]	131
TrojanClicker:Win32/Hatigh.C [Microsoft]	126
Backdoor.VB.DVIH [PC Tools]	124
Mal/EncPk-KP [Sophos]	122
W32/Generic!worm [McAfee]	121
Gen.Packed [Ikarus]	120
Trojan Horse [Symantec]	117
Packed.Generic.233 [Symantec]	110
Generic.dx!fml [McAfee]	108
Mal/Generic-A [Sophos]	107
Mal/VB-F [Sophos]	104
Email-Worm.Brontok!sd5 [PC Tools]	95
Troj/Bckdr-QPB [Sophos]	93
W32/Brontok-Gen, W32/Brontok-Gen, Mal/Behav-024 [Sophos]	91
W32/Brontok-Gen, W32/Brontok-Gen, Mal/Behav-024, Mal/Heuri-D, Mal/Emogen-N [Sophos]	82
Worm.Win32.VB.ft [Kaspersky Lab]	80
W32/Lovelet-AD [Sophos]	75
WORM_VB.CBS [Trend Micro]	75
Worm:Win32/Zaflen.A@mm [Microsoft]	74
W32/Brontok-Gen, W32/Brontok-Gen, Mal/Emogen-N, Mal/Heuri-D [Sophos]	73
Backdoor.Win32.VB.brg [Kaspersky Lab]	71
Backdoor:Win32/VB.ANS [Microsoft]	65
Constructor.Win32.Binder.kh [Ikarus]	65
Email-Worm.Win32.Brontok.A [Ikarus]	60
Worm:Win32/Brontok.BJ@mm [Microsoft]	59
W32/Virut.gen [McAfee]	57
Worm.Win32.VB.ft [Ikarus]	55
Worm.VB.GMH [PC Tools]	54
Worm.Win32.VB.iq [Ikarus]	54
Worm:Win32/Usbalex.A [Microsoft]	54
W32/Sality-AM [Sophos]	52
I-Worm.Brontok.Gen.2 [PC Tools]	51
Virus:Win32/Sality.AM [Microsoft]	51
Gen.Trojan [Ikarus]	49
Email-Worm.Win32.Brontok [Ikarus]	48
W32.Sality.AE [Symantec]	47
Generic.dx [McAfee]	46
I-Worm.Brontok.CU [PC Tools]	46
W32/Brontok-K [Sophos]	46
Virus.Win32.Sality.aa [Kaspersky Lab]	44
WORM_RONTKBR.D [Trend Micro]	44
Downloader [Symantec]	42
Packed/MEW [PC Tools]	42
Worm:Win32/Brontok.AF@mm [Microsoft]	42
Worm.Win32.AutoRun [Ikarus]	41
Generic.dx!cpp [McAfee]	40
Trojan-Downloader.Win32.Agent.cmok [Kaspersky Lab]	40
W32.Imaut [Symantec]	40
Win-Trojan/Downloader.103424.P [AhnLab]	40
Worm.Autorun.ADN [PC Tools]	40
Worm.Win32.AutoRun.dkk [Kaspersky Lab]	40
Generic Downloader.s [McAfee]	38
W32/Brontok-BB [Sophos]	38
Infostealer.Bancos [Symantec]	37
Win-Trojan/Xema.variant [AhnLab]	37
Email-Worm.Win32.Brontok.a [Kaspersky Lab]	35
W32/Sality.gen [McAfee]	35
WORM_RONTKBR.B [Trend Micro]	35
Worm:Win32/SillyFDC [Microsoft]	34
Downloader.Trojan [Symantec]	31
W32.Spybot.Worm [Symantec]	31
Backdoor:Win32/VB.AT [Microsoft]	30
Hacktool [Symantec]	30
not-a-virus:Server-FTP.Win32.Serv-U.gen [Kaspersky Lab]	30
Virus.Win32.Virut.q [Kaspersky Lab]	30
Mal_Banker [Trend Micro]	28
Virus.Win32.Agent.WAJ [Ikarus]	28
Win32.Sality.AA [PC Tools]	27
PE_SALITY.AL [Trend Micro]	26
Win32/Kashu.B [AhnLab]	26