How to remove consrv. I’ve recently fixed a mean virus called ZAccess, which places a consrv. Windows\System. 64 sub- directory. Simply renaming or deleting this file, will cause a Windows 7 machine to fail to restart, because. В evidently. В this virus has built a ‘Tripwire’ into the system, so that it’s harder to remove. A couple of things I tried before finding the solution: Malwarebytes wasn’t able to detect the virus, but Microsoft Security Essentials did.
However, repairing the virus with MSE ‘tripped the wire’ and the whole computer exploded. AVG and Avira both also discovered the. В consrv. dll file, but not the tripwire. I tried a couple more things, such as booting into safe- mode and renaming the file, using regedit to fix the entry it created: HKEY_LOCAL_MACHINE\SYSTEM\Control. Set. 00. 1\Control\Session Manager\Sub Systems. A clean copy of the key looks like this: %System.
Root%\system. 32\csrss. Object. Directory=\Windows Shared. Section=1. 02. 4,2. Windows=On Sub. System. Type=Windows Server. Dll=basesrv,1 Server. Dll=winsrv: User.
Server. Dll. Initialization,3 Server. Dll=winsrv: Con. Server. Dll. Initialization,2 Server. Dll=sxssrv,4 Profile. Control=Off Max. Request. Threads=1. 6An infected key looks like this: %System. Root%\system. 32\csrss.
![Csrss Exe Objectdirectory Windows Sharedsection Csrss Exe Objectdirectory Windows Sharedsection](http://3.bp.blogspot.com/-d9COEJZFi7s/T75txMCfzaI/AAAAAAAAAYo/vnROsZWjwiA/s1600/hkey.bmp)
Csrss.exe Rev. Windows / System. %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3.
Object. Directory=\Windows Shared. Section=1. 02. 4,2. Windows=On Sub. System.
%SystemRoot%\system32\csrss.exe ObjectDirectory=\ Windows SharedSection=1024,3072,512 Windows=On. %SystemRoot%\system32\csrss.exe ObjectDirectory=\ Windows SharedSection =1024,20480,768 Windows=On SubSystemType. %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows. %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On. %SystemRoot%\system32\csrss.exe ObjectDirectory \Windows = SharedSection 1024 = 3072 Windows On SubSystemType = Windows ServerDll. %SystemRoot%\system32\csrss.exe ObjectDirectory \Windows = SharedSection 1024 =, 3072. 3 Csrss.exe processes running at once TR. treaboyd. %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv. I have two questions about the process 'csrss.exe' running under Vista. \Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv. HDESK WINAPI CreateDesktopEx. %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv.
Windows Phone; Mobile devices; Xbox; Skype; MSN; Bing; Microsoft Store; Downloads; Download Center; Windows downloads; Office downloads; Support; Support home; Knowledge base; Microsoft community; About; The MMPC; MMPC Privacy. . >> >> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows >> SharedSection=1024,20480,768 >> Windows=On. its %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows.
Type=Windows Server. Dll=basesrv,1 Server. Dll=winsrv: User. Server. Dll. Initialization,3 Server.
'Out of Memory' error message appears when you have a large. and Windows Server 2003: SharedSection uses the following. %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512.
Dll=consrv: Con. Server. Dll. Initialization,2 Server. Dll=sxssrv,4 Profile.
Control=Off Max. Request. Threads=1. 6But because I didn’t first remove the tripwire, the issue remained. How to fix it: So the solution came through Kapersky’s Free Removal Tool. В which knew enough about this virus to remove the tripwire as well as the consrv.
A quick scan with this tool followed by a reboot, and the consrv. The other files that it deleted are: C: \Windows\Assembly\GAC_6. Desktop. ini. C: \Windows\Assembly\GAC_3. Desktop. ini. Now you can reinstall your favorite Anti- Virus app, and scan your computer once more to make sure all other viruses that this trojan may have invited are gone.