I may have a keylogger on my desktop, but am unsure

I recently discovered one of my online accounts had been hacked, nothing major yet, but I'm concerned I may have a keylogger on my Windows 10 desktop. It stirred me into a panic and I immediately ran a full scan with my Kaspersky AV, and also downloaded Malwarebytes Anti-Malware, and scanned my PC with that. Both finished and told me my computer was all clear, but when I checked my task manager I saw a process I've never seen before. I immediately checked my other two Windows 10 desktops and verified that this process was no present on them.

The process is called osrss and it's under Windows processes, of which I have 80 running. When I go to view the file location, it is stored in:

C:\WINDOWS\System32\svchost

Why it generated such alarm for me is because the only thing that was recently downloaded to my desktop is some game called Old School Runescape. I figured that would mean OSRS? But if that is the case, why is it running under windows processes if it is not a virus?

Any and all help providing information to osrss process, and the reliability of two seperate virus scans would greatly appreciated.

TheJarrHead

Posted 2018-02-12T06:34:56.317

Reputation: 41

according to this site, http://runescape.salmoneus.net/forums/topic/206013-does-rs-cause-viruses/ Runescape runs things from the Windows folder in the background to make loading faster, so not an immediate cause for concern if your virus scans say you are clean. Do a root kit scan if you are still concerned

– Sir Adelaide – 2018-02-12T07:25:09.513

Answers

Bleeping Computer recognizes this process: OSRSS.EXE as an undesirable program (PUP).

So, it is recommended that you remove it from your system, but first, to be sure of this, I suggest you to download System Explorer Portable, this is a very good alternative to Windows Task Manager and can provide you with more information about this file before making a decision.

After running the tool, go to Processes tab, search for the suspicious file, then right click and select File Check. This will send the file to VirusTotal where you can have a better idea of it (If it is a malware or not), see the image for a better reference.

Hope it helps, good luck!

galoget

Posted 2018-02-12T06:34:56.317

Reputation: 320

OSRSS files, and the Folder itself, are part of Windows Updating itself, and deal with any 'failed updates', (as when I stopped an "Update" downloading as didn't want/need it). I deleted osrss .dll files, two 'applications', and the Folder in Windows itself, (you CAN after 'taking control' of it), and, possibly not due to this I know, my desktop seems to run a little faster again. You certainly DON'T need to download anything else, (like the program above).

Micheal Flynn

Posted 2018-02-12T06:34:56.317

Reputation: 11

I had a service called "windows 10 update facilitation service" which was started with svchost -c osrss. I was not able stop that service, so with remove osrss.dll in system32 it was removed from the services. – chloesoe – 2018-07-23T12:54:59.587