Do I have a virus/malicious software? phantomows folder running csrss.exe
Hey guys,
Recently been have malwarebytes pop up warning me that it has blocked a process accessing websites - many different ones.
The process in question is named csrss.exe and described as "Microsoft Security Client User Interface".
The thing is, it's running from the /Users/<me>/Appdata/Local/Temp/phantomows folder.
Sometimes the file phantomows.zip appears here too after I've deleted the phantomows folder.
Ran scans with Nod32/MS Security Essentials/Malwarebytes AntiMalware and nothing was reported.
Should I be worried?
Re: Do I have a virus/malicious software? phantomows folder running csrss.exe
It's a relatively new case and I think should have been dealt with by Malwarebytes by now.
You are right though, it is malicious -
https://forums.malwarebytes.com/topi...ting-detected/
Apparently removing Java solves it, but that is probably just because the program runs if Java. It's a work around.
Re: Do I have a virus/malicious software? phantomows folder running csrss.exe
Thanks DejaVu.
Removed Java as a start.
On a side note I always assumed Malwarebytes Premium 3 was an extra cost as I'd already paid for a legit version of the original. DL'd the trial and it lapped up my reg details - happy days.
No time to do a new scan now but will update when I can. I have that temp folder currently popping up when windows starts as I'm paranoid now.
Re: Do I have a virus/malicious software? phantomows folder running csrss.exe
No sign since the removal of Java.
Mbam 3 found nothing. Also tried another one called Zemana Antimalware - again no hits.
Obviously glad that it's no longer active, but not at rest since the root cause hasn't been found.
If I reinstall Java it may come back - it's lurking somewhere on my machine out of sight of the scanners :(
Re: Do I have a virus/malicious software? phantomows folder running csrss.exe
Quote:
Originally Posted by
doughboy
Thanks DejaVu.
Removed Java as a start.
On a side note I always assumed Malwarebytes Premium 3 was an extra cost as I'd already paid for a legit version of the original. DL'd the trial and it lapped up my reg details - happy days.
No time to do a new scan now but will update when I can. I have that temp folder currently popping up when windows starts as I'm paranoid now.
Originally the MBAM licence were lifetime so looks like they are honouring that :)
Try running ADWCleaner, it was recently acquired by Malwarebytes and I use this in conjunction with MBAM when cleaning machines. Also look in your web browsers for any extensions/add-ons you don't want.