Using keylogging, all the keypresses made on a keyboard can be efficiently recorded. This can include passwords, usernames, secret pins, confidential data etc. Keylogging can be used to detect trespassing as well. In this article, a windows framework known as Powershell is used to create a simple keylogger. It consists of a command-line shell and associated scripting language.
I have a suspicion that the process 'OSRSS', shown below, is some sort of virus, although I believe it is more specifically a keylogger.
When I check its file location, it directs me to 'C:WINDOWSSystem32svchost' which, as far as I can tell, is a legitimate file in it's proper location. When I go to end the task via task manager however, I am denied access as the image below shows.
I have scanned it both with Kaspersky and Malwarebytes, and both tell me the file 'svchost' in the location stated is virus-free. However I feel that they are incorrect, as I checked several other Windows 10 computers and none of them have a process called 'OSRSS'
I believe that this issue occurred when I video game called 'Old School Runescape', along with various related-programs I'm told, were downloaded to the computer. I've since-then uninstalled anything downloaded in the past several days that I could easily find. It is my belief, and perhaps a paranoid one, that this 'OSRSS' loosely ties into this video game 'Old School Runescape', or 'OSRS'.
My question effectively breaks down into three parts:
- Would both Malwarebytes and Kaspersky guarantee my computer is fine, and I'm just being paranoid?
- How would I remove this process from my computer entirely, assuming it is a virus?
- In a worst-case scenario, would resetting my computer to factory default solve this solution, or is this keylogger embedded in the files needed to run Windows, preventing this from being a solution?
TheJarrHeadTheJarrHead
4 Answers
Others have asked the same question of Microsoft found at this link below
Quote from the above webpage: 'OS Remediation System Service is a legit service from Microsoft included in KB4056254 update. We are still looking for additional documentation that shows the full description of the service. In the meantime, you can check this link about the update where osrss is included.'
Link on OSRSS https://support.microsoft.com/en-us/help/4056254/windows-10-update-facilitation-service
MEZMEZ
Your safest bet is to use Safe Mode, change the service to disabled or if need be then remove it from the registry HKLMSYSTEMCurrentControlSetServices (you'll have to check for the service with the appropriate name within this Key).
Alternatively, without booting into safe mode I have found success in first changing a service from AUTO -> MANUAL (aka On Demand), stopping the service, and then disabling it. You can actually achieve this using a few commands:
DailenDailen
![Usb Keylogger Pcb File Usb Keylogger Pcb File](https://cdn.sparkfun.com//assets/parts/1/1/2/0/2/13712-01a.jpg)
![File File](http://www.keelog.com/images/wireless_keylogger_assembly_top_big.jpg)
I got a similar problem not a lot of time ago. Locate the file with the task manager (right clic button, go to file location). It'll probably open a file explorer and throw the same permission error, but try to get at leas the folder. Then, get a linux bootable usb, boot from it and delete the file/folder where the suspicious program is.
Also, two notes:
First, be sure it's not a system process. Check the other answers or search through microsoft support page.
And two, at least in my case, the f*****g thing created a redundant yet excluding group of admins, which even with my user I couldn't manage, and I don't know if microsoft has found a solution to this (probably not), so keep in mind you might need to restore/reinstall the system.
Good luck.
dCarMaldCarMal
You should have a look at Hiren's Boot. I've been using this for about 4 years now and it's very easy to use for all sort of computer problems.
You can simply follow the guide on how to use Hiren's Boot from a CD.
Once you've made a bootable USB or CD (depends on what you prefer) you can boot up a mini Windows XP version. From there you have acces to all kinds of software like virus and malware scanners. There are also some tools that will make it available for you to delete things from your pc which you weren't able to before.
You can simply follow the guide on how to use Hiren's Boot from a CD.
Once you've made a bootable USB or CD (depends on what you prefer) you can boot up a mini Windows XP version. From there you have acces to all kinds of software like virus and malware scanners. There are also some tools that will make it available for you to delete things from your pc which you weren't able to before.
But be carefull because a lot of those tools are powerfull.
Thimo DemeyThimo Demey