ccapp32.exe - Dangerous
ccapp32.exe
Manual removal instructions:
Antivirus Report of ccapp32.exe:
ccapp32.exe
W32.HLLW.Gaobot.gen is a family of worms that infects computers through various exploits.
It also opens backdoors to infected computers through IRC.
The worm does the following:
Copies itself to the %System% folder.
The file names vary, and are often chosen to resemble the names of legitimate Windows system files.
Some examples include Csrrs.exe, Scvhost.exe, and System.exe.
Adds a value in the form
"" = ""
for example:
"Configuration Loader" = "Service.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
May create a registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
and add a value in the form:
= "%System%\" -service
For example:
"Configuration Loader" = "%System%\Service.exe" -service
Connects to an IRC server, using its own IRC client, and then listens for commands to do any of the following:
Download and execute files
Steal system information
Send the worm to other IRC users
Add new accounts
Perform Denial of Service (DoS) attacks
Terminates antivirus and firewall software, as well as the process names associated with other worms.
Remove it with RegRun Startup Optimizer.
| ccapp32.exe | Malware |
| ccapp32.exe | Dangerous |
| ccapp32.exe | High Risk |
It also opens backdoors to infected computers through IRC.
The worm does the following:
Copies itself to the %System% folder.
The file names vary, and are often chosen to resemble the names of legitimate Windows system files.
Some examples include Csrrs.exe, Scvhost.exe, and System.exe.
Adds a value in the form
"
for example:
"Configuration Loader" = "Service.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
May create a registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
and add a value in the form:
For example:
"Configuration Loader" = "%System%\Service.exe" -service
Connects to an IRC server, using its own IRC client, and then listens for commands to do any of the following:
Download and execute files
Steal system information
Send the worm to other IRC users
Add new accounts
Perform Denial of Service (DoS) attacks
Terminates antivirus and firewall software, as well as the process names associated with other worms.
Remove it with RegRun Startup Optimizer.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.