csrss.exe virus detection.

So not sure if this happened because of 1Password or not.

I built a new computer so I been installing drivers and other software packages for my hardware.

But when I was looking around inside 1Password app, I clicked on Show Console under the troubleshooting tab. Put in ? to see the list. Then as I exited the window, My AVG tag csrss.exe.

I let AVG take care of it and it required a reboot. I repeated the steps above to see what would happen.

This time the console window closed out and caused 1Password to close and start up again.

So is this csrss.exe something to do with 1Password or is it something that found it's way onto my system ?

I know the web results for it are pretty scary.


1Password Version: 7.3.657
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Elochai: Yeah that does sound scary. It seems like a scam. csrss.exe isn't part of 1Password; it's part of Windows. I guess it's possible it could be infected if you installed malware, but you can't actually get rid of csrss.exe because it's an essential part of the OS. I'd encourage you to get rid of AVG and use the built-in Microsoft (née Windows) Defender instead. Do a full scan. Even better to use the offline version to boot into a known-safe environment, since there's some question about the integrity of the OS at this point:

    https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline

    That's a good place to start. Let me know what you find.

  • Elochai
    Elochai
    Community Member
    edited March 2019

    AVG is what detected it, I been using AVG along with Malwarebytes for keeping my computer safe for years now. However I was using windows defender for the first few days of installing drivers, and software for my hardware. If it got infected by a bad file or driver from a hardware manufacturer such as ASrock, ASUS, Corsair, SanDisk, etc... then windows defender has failed to do it’s job.

    In the meantime, AVG says it has fix it, I have no doubt that it has removed from the computer; Malwarebytes also gives the system a clean pass. I also do a scan using ESET as well and that also has passed.

    But I was found it when inside of 1Password console screen which is why I was wondering if it had to do with 1Password. Either way, it’s gone now.

  • AGAlumB
    AGAlumB
    1Password Alumni

    No "security" software can stop you from installing malware yourself. You're the one in full control of of your machine -- until you hand that over to someone else. :) Anyway, if you're replying to me on the computer you're talking about, that hasn't been removed; you wouldn't have a good time if they deleted files the OS needs. ;) I'm glad to hear that things are working, but I do think you might want to at least try my suggestion above, just to be on the safe side. Either way, have a great weekend! :)

  • Elochai
    Elochai
    Community Member
    edited March 2019

    @Brenty no I’m using my phone as I been working and not home.

    I have only install drivers and software from the manufacturer of my computer parts. The only programs I have installed has been 1Password, Firefox, Steam, and antivirus protection.

    I’ll give what you posted a try to be on the safe side, but considering Windows defender never found it to begin with, I don’t have any fate in it. Windows defender isn’t as good of a virus program as AVG and Malwarebytes. I’m going to also be sending off each file I installed to virus total website as system manufacturers drivers and programs shouldn’t contain viruses and see what the results are.

  • Elochai
    Elochai
    Community Member

    I’m not even going to mess around with it, that just taking up my time time.

    The computer only got a few days of use since I built it and has nothing on it. I’ll just reinstall Windows; and then each driver and software I have for my Asrock Z390 motherboard and RTX 2080 Ti GPU I’ll send through virus total 1st

  • AGAlumB
    AGAlumB
    1Password Alumni

    Totally. Sounds good. :) :+1:

  • Elochai
    Elochai
    Community Member

    @brenty

    I ran all drivers and software through Virus Total website to be scanned. The Bluetooth driver package from my Motherboard manufacture came back as being infected. So I believe this could of been the cause of the issue. Needless to say, I got the drivers for my onboard Bluetooth on the motherboard directly from Intel instead of the recommend one from ASrock.

    I now got 1Password installed again and tomorrow after work, I'm going to use it to change all passwords on my accounts :)

  • Greg
    Greg
    1Password Alumni

    Hi @Elochai,

    I am glad to hear you've figured it out. :)

    Please let us know if you bump into any other difficulties while changing your passwords. We are always here for you.

    Cheers,
    Greg

This discussion has been closed.