csass.exe - Dangerous
csass.exe
Manual removal instructions:
Antivirus Report of csass.exe:
csass.exe
W32/Rbot-DS is a worm which attempts to spread to remote network shares.
It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
W32/Rbot-DS spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.
Copies itself to the Windows System32 folder as CSASS.EXE and creates the following entries at these locations in the registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
LanGuard Auto Updater = csass.exe
May also set the following registry keys:
HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM = N
HKLM\SYSTEM\ControlSet001\Control\Lsa\restrictanonymous = 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous = 1
It will allow a remote user to issue various remote commands such as launching DOS attacks, deleting remote shares and keylogging information.
Remove it with RegRun.
| csass.exe | Malware |
| csass.exe | Dangerous |
| csass.exe | High Risk |
It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
W32/Rbot-DS spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.
Copies itself to the Windows System32 folder as CSASS.EXE and creates the following entries at these locations in the registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
LanGuard Auto Updater = csass.exe
May also set the following registry keys:
HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM = N
HKLM\SYSTEM\ControlSet001\Control\Lsa\restrictanonymous = 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous = 1
It will allow a remote user to issue various remote commands such as launching DOS attacks, deleting remote shares and keylogging information.
Remove it with RegRun.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.