How to remove crss.exe

crss.exe

The module crss.exe has been detected as Risk.CoinMiner

crss.exe
Remove crss.exe

File Details

Product Name:

XMRig
Company Name:

www.xmrig.com
MD5: ec301f380a030fc2ca6db0f8b202e9f0
Size: 3 MB
First Published: 2018-10-17 15:10:45 (6 years ago)
Latest Published: 2024-12-07 23:02:14 (6 months ago)
Status: Risk.CoinMiner (on last analysis)
Analysis Date: 2024-12-07 23:02:14 (6 months ago)

Common Places:

%windir%
%windir%\fonts
%profile%\videos
%desktop%
%sysdrive%
%sysdrive%\temp
%commonappdata%
%desktop%\tmp\stagingdir
%temp%
%windir%

File Names:

te.exe
crss.exe
yam2.exe
xmrig.exe
win1ogins.exe
ttte.exe
yam3.exe
xmrig281.exe
rdclip.exe
httpd.exe.quarantined
httpd.exe
aC.exe
Ws.exe
ts.exe
regedit.exe
svchost.exe
svchhost.exe
uC.exe

Geography:

35.6%
21.8%
13.9%
6.9%
5.0%
4.0%
3.0%
2.0%
2.0%
1.0%
1.0%
1.0%
1.0%
1.0%
1.0%

OS Version:

Windows Server 2012 R2 39.6%
Windows Server 2008 R2 27.7%
Windows 7 21.8%
Windows XP 5.9%
Windows 10 2.0%
Windows Server 2012 1.0%
Windows Server 2016 1.0%
Windows 8.1 1.0%

Analysis

Subsystem: Windows CUI
PE Type: pe
OS Bitness: 64
Image Base: 0x0000000000400000
Entry Address: 0x000014f0

PE Sections:

Name Size of data MD5
.text 3006464 e7af96d5635378ad44d496dd4faefaa9
.data 25088 7804f650f8b8684eb2684860089463c8
.rdata 616960 e8dc94cfd3bfea71881ebb3ecfc99062
.pdata 109568 abf74e87f49d32dee29ec9f2484a1e31
.xdata 97792 7b6dd6fa8e61baee3f674b52f7094474
.bss 0 00000000000000000000000000000000
.edata 1536 fa5841b49486f94f744046405835aeed
.idata 15360 9c91ab4a23286377f172765eae7a8c3c
.CRT 512 e11f0cf8d8ef423b4556eacb54279a59
.tls 512 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 23808 0116ff4681e3712eaac40c8c1e571940
.reloc 27136 e13baba1f1a14978c193e7f5ee834b6b

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for crss.exe
copyright for information about crss.exe