Csrss.exe is a windows product and has been written by Microsoft. Termination of this program is not recommended since it is necessary for secure and stable running of the computer and should therefore run throughout.
Whether csrss.exe is legitimate or a virus depends on factors such as its directory location from where it runs or executes. Running a registry scan, which is free helps to identify any errors that are related to this process. Since this process is essential for the applications to function properly, to be on the safe side the user should run the performance scan to optimize memory, Internet, and CPU settings. The PC drivers could also be causing hardware failures, system crashes and conflicts and therefore need to be updated. This can be done by running a driver scan to identify and note the outdated drivers on the system.
The original file for csrss.exe should be in "C: WindowsSystem32" and if not then it is a spyware, virus, worm or trojan. This can be verified with security task manager, which provides unique security, process description, and process type among other functions. Where the user finds out that csrss.exe is a trojan and has been registered as such, prompt measures need to be taken to prevent breach of security and access from attackers. This trojan is a security risk and many prefer to have it removed from their computers since their passwords, personal data and Internet banking information can be stolen due to access gained into the computer from a remote location.
This hardware related process registers 100% CPU usage when the user's profile has been corrupted. The solution to this problem requires a simple but sensitive process. Before making any further progress the user should back up all the contents in the document folder and any other important data that is stored in the profile like application settings. This is because stored data cannot be recovered once the profile is deleted. To delete the profile the user has to be logged into an account with administrative privileges to open the user's profile list for deleting. The user then logs off and logs back in the normal way and the system creates a new profile automatically. Where the corrupted files are domain administrators, the recovery files are backed up first.
Source by Mark Debattista