Unable to end/remove a process I think is a keylogger
Others have asked the same question of Microsoft found at this link below
Quote from the above webpage: "OS Remediation System Service is a legit service from Microsoft included in KB4056254 update. We are still looking for additional documentation that shows the full description of the service. In the meantime, you can check this link about the update where osrss is included."
Link on OSRSS https://support.microsoft.com/en-us/help/4056254/windows-10-update-facilitation-service
Related videos on Youtube
TheJarrHead
Updated on September 18, 2022Comments
-
TheJarrHead over 1 year
I have a suspicion that the process "OSRSS", shown below, is some sort of virus, although I believe it is more specifically a keylogger.
When I check its file location, it directs me to "C:\WINDOWS\System32\svchost" which, as far as I can tell, is a legitimate file in it's proper location. When I go to end the task via task manager however, I am denied access as the image below shows.I have scanned it both with Kaspersky and Malwarebytes, and both tell me the file "svchost" in the location stated is virus-free. However I feel that they are incorrect, as I checked several other Windows 10 computers and none of them have a process called "OSRSS"
I believe that this issue occurred when I video game called "Old School Runescape", along with various related-programs I'm told, were downloaded to the computer. I've since-then uninstalled anything downloaded in the past several days that I could easily find. It is my belief, and perhaps a paranoid one, that this "OSRSS" loosely ties into this video game "Old School Runescape", or "OSRS".
My question effectively breaks down into three parts:
- Would both Malwarebytes and Kaspersky guarantee my computer is fine, and I'm just being paranoid?
- How would I remove this process from my computer entirely, assuming it is a virus?
- In a worst-case scenario, would resetting my computer to factory default solve this solution, or is this keylogger embedded in the files needed to run Windows, preventing this from being a solution?
-
Jeff Zeitlin over 6 yearsWhat research have you done toward this? I quickly found bleepingcomputer.com/startups/ctfnom.exe-12370.html which suggests where to look for it, and that in turn should suggest ways to get rid of it - perhaps booting up in safe mode and then logging in as the computer administrator will allow you to clear it out.
-
Daniel B over 6 yearsWhat you’re looking at is a service host. The actual process is in the “Details” tab. Because it runs as a service, you cannot stop it without Task Manager running elevated. If you don’t stop the service, it will most likely also restart automatically.
-
Henke over 3 yearsAbout osrss.exe: This is an undesirable program.. You can also remove KB4023057 and KB4056254 (Publisher - Microsoft Corporation) if you have any of those installed. They are unnecessary. And worse: likely to cause problems, such as eating up your CPU.
-
Henke over 3 years
svchost.exe
is absolutely necessary for your Windows OS. Don't try to remove it! -
Henke over 3 yearsAbout osrss.exe: This is an undesirable program. You can also remove KB4023057 and KB4056254 (Publisher - Microsoft Corporation) if you have any of those installed. They are unnecessary. And worse: likely to cause problems, such as eating up your CPU. An easy way to remove KB4023057 is to open
cmd.exe
as admin and run:wusa /uninstall /kb:4023057
. You will have to restart your computer. -
Henke over 3 yearsRecommended reading: askwoody.com/tag/kb-4023057.
-
DrMoishe Pippik over 6 yearsYou can also use Sysinternals' (now part of MS) Autoruns to disable the service. Run Autoruns as Administrator.