How to Fix the CSRSS.EXE Virus
The Client Server Run-Time Subsystem (CSRSS) is a critical system file used by the Microsoft Windows operating system. Your computer should always be using the CSRSS.exe file, which is why a malicious program called the Ahlem.A worm creates another file with the same name. If you want to fix a computer infected with the worm, you will need to take steps to ensure that you don't accidentally delete the wrong version of the file.
Open the Start menu and click \"My Computer.\" Select \"Tools\" and then click \"Folder Options.\" Navigate to the \"View\" tab.
Scroll down to the heading labeled \"Hidden Files and Folders.\" Click the \"Show Hidden Files and Folders\" radio button and then click \"Apply.\"
Press the \"Ctrl,\" \"Alt\" and \"Delete\" keys together at the same time. Select \"Open Task Manager.\" Look through the list of processes and find the two files named \"CSRSS.exe.\"
Click the first instance of the file and then choose \"End Process.\" Click \"Cancel\" if a pop-up window appears warning you that the file is a system file. Click the second instance of the file and choose \"End Process\" if the first instance was a system file.
Return to the Start menu and open the Search option. Type \"csrss.exe\" and press \"Enter.\" Right-click the first instance of the file and choose \"Properties.\"
Look at the \"Location\" field to see if the file is located in the folder named \"C:\\WINDOWS\\System32.\" Right-click and delete the file if it is located in any other folder.
Check the location of the second instance of the \"csrss.exe\" file if the first file is located in the System32 folder. Right-click and delete the file if it is located in a different folder.
Search for and delete the files \"iemsg.dll\" and \"iemsg.dllcsrss.exe.\" Search for the registry editor program by typing \"Regedit\" into the search field. Click the registry editor's icon.
Open the registry editor's search feature by pressing the \"Ctrl\" and \"F\" keys. Type \"FFFFFFFF-FFFF-FFFF-FFFF-5F8507C5F4E7\" and press \"Enter.\" Right-click and delete each of the registry values that show up in the results.
Search for and delete each of the values labeled \"BD51AEC6-7991-4A60-94D6-D5FEBB655D10,\" \"iempg.iempgobj\" and \"iempg.iempgobj.1.\" Restart the computer's operating system.
Tips & Warnings
- If your system has been infected with the malicious CSRSS.exe file, you should assume there are other infections on your hard drive as well. Download and run an antivirus tool to prevent your computer from experiencing any further virus problems.
- Create backup copies of any files you need before attempting to fix the CSRSS.exe virus. If the wrong version of the file is deleted, your operating system will no longer run properly.