I've been running Bitdefender 9 Standard on XP Pro for a while... I noticed in the past couple weeks that it had stopped on it's own. The icon was missing from the system tray and the little Bitdefender activity monitor had an X on it (meaning it ws disabled). I would restart and it would be fine for several days, but after the 3rd time this happened I grew more concerend about a virus -- since many viruses disable AV. But I ran the Bitdefender full system scan and it came up with nothing. I also ran HijackThis and sent the results to an auto-analyzer and it came back clean.
I then uninstalled Bitdefender and installed Norton v9 from our corporate server and now THAT icon had disappared. I can run the full program and do a full scan (which comes back clean), but the "active" file-system/memory virus detection doesn't work. Now I'm even more freaked out that I have a rootkit-ed trojan or something.
My question is... I've been poking around and I noticed 2 entries for CSRSS.EXE in the task list. I've read that CSRSS is a frequent candidate for viruses/trojans. I checked 6 other XP/2003 systems and all have only 1 copy of CSRSS. Is it normal to have more than 1?
I did a scan of the suspcious system and found only 1 copy of csrss.exe -- in C:\windows\system32. It is 6,144 bytes. There's also a copy in the prefectch directory which is 22,908 bytes. I thought that was odd. Task manager shows one copy of csrss.exe at 3,396k and the other at 1,716K -- they're both under the system account.
Can anyone tell me if this is normal?
I then uninstalled Bitdefender and installed Norton v9 from our corporate server and now THAT icon had disappared. I can run the full program and do a full scan (which comes back clean), but the "active" file-system/memory virus detection doesn't work. Now I'm even more freaked out that I have a rootkit-ed trojan or something.
My question is... I've been poking around and I noticed 2 entries for CSRSS.EXE in the task list. I've read that CSRSS is a frequent candidate for viruses/trojans. I checked 6 other XP/2003 systems and all have only 1 copy of CSRSS. Is it normal to have more than 1?
I did a scan of the suspcious system and found only 1 copy of csrss.exe -- in C:\windows\system32. It is 6,144 bytes. There's also a copy in the prefectch directory which is 22,908 bytes. I thought that was odd. Task manager shows one copy of csrss.exe at 3,396k and the other at 1,716K -- they're both under the system account.
Can anyone tell me if this is normal?
