csass.exe - Dangerous

csass.exe

Jeff's Story:

My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.

I sought a solution on the Internet and discovered your product and tried out the trial.

You quickly found the rootkit and SAVED my PC!

I haven't had any problems since, and I'm extremely grateful.

Fix it immediately:

Free Download

Manual removal instructions:

csass.exe

W32/Rbot-DS is a worm which attempts to spread to remote network shares.
It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
W32/Rbot-DS spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

Copies itself to the Windows System32 folder as CSASS.EXE and creates the following entries at these locations in the registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
LanGuard Auto Updater = csass.exe

May also set the following registry keys:
HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM = N
HKLM\SYSTEM\ControlSet001\Control\Lsa\restrictanonymous = 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous = 1

It will allow a remote user to issue various remote commands such as launching DOS attacks, deleting remote shares and keylogging information.

Remove it with RegRun.

Remove csass.exe now!

csass.exe - Dangerous

csass.exe

Jeff's Story:

Fix it immediately:

Manual removal instructions:

Download for free

Links

Select