Do I have a virus/malicious software? phantomows folder running csrss.exe

Thread: Do I have a virus/malicious software? phantomows folder running csrss.exe

  1. doughboy's Avatar

    doughboy said:

    Help Do I have a virus/malicious software? phantomows folder running csrss.exe

    Hey guys,

    Recently been have malwarebytes pop up warning me that it has blocked a process accessing websites - many different ones.

    The process in question is named csrss.exe and described as "Microsoft Security Client User Interface".

    The thing is, it's running from the /Users/<me>/Appdata/Local/Temp/phantomows folder.

    Sometimes the file phantomows.zip appears here too after I've deleted the phantomows folder.

    Ran scans with Nod32/MS Security Essentials/Malwarebytes AntiMalware and nothing was reported.

    Should I be worried?
     
  2. DejaVu's Avatar

    DejaVu said:

    Default Re: Do I have a virus/malicious software? phantomows folder running csrss.exe

    It's a relatively new case and I think should have been dealt with by Malwarebytes by now.
    You are right though, it is malicious -

    [Only registered and activated users can see links. ]

    Apparently removing Java solves it, but that is probably just because the program runs if Java. It's a work around.

     
  3. doughboy's Avatar

    doughboy said:

    Default Re: Do I have a virus/malicious software? phantomows folder running csrss.exe

    Thanks DejaVu.

    Removed Java as a start.

    On a side note I always assumed Malwarebytes Premium 3 was an extra cost as I'd already paid for a legit version of the original. DL'd the trial and it lapped up my reg details - happy days.

    No time to do a new scan now but will update when I can. I have that temp folder currently popping up when windows starts as I'm paranoid now.
     
  4. doughboy's Avatar

    doughboy said:

    Default Re: Do I have a virus/malicious software? phantomows folder running csrss.exe

    No sign since the removal of Java.

    Mbam 3 found nothing. Also tried another one called Zemana Antimalware - again no hits.

    Obviously glad that it's no longer active, but not at rest since the root cause hasn't been found.

    If I reinstall Java it may come back - it's lurking somewhere on my machine out of sight of the scanners
     
  5. evilsatan's Avatar

    evilsatan said:

    Default Re: Do I have a virus/malicious software? phantomows folder running csrss.exe

    Quote Originally Posted by doughboy View Post
    Thanks DejaVu.

    Removed Java as a start.

    On a side note I always assumed Malwarebytes Premium 3 was an extra cost as I'd already paid for a legit version of the original. DL'd the trial and it lapped up my reg details - happy days.

    No time to do a new scan now but will update when I can. I have that temp folder currently popping up when windows starts as I'm paranoid now.
    Originally the MBAM licence were lifetime so looks like they are honouring that

    Try running ADWCleaner, it was recently acquired by Malwarebytes and I use this in conjunction with MBAM when cleaning machines. Also look in your web browsers for any extensions/add-ons you don't want.