csass.exe - Dangerous


Manual removal instructions:

Antivirus Report of csass.exe:
csass.exe Malware
csass.exeHigh Risk
W32/Rbot-DS is a worm which attempts to spread to remote network shares.
It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
W32/Rbot-DS spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

Copies itself to the Windows System32 folder as CSASS.EXE and creates the following entries at these locations in the registry:
LanGuard Auto Updater = csass.exe

May also set the following registry keys:
HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM = N
HKLM\SYSTEM\ControlSet001\Control\Lsa\restrictanonymous = 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous = 1

It will allow a remote user to issue various remote commands such as launching DOS attacks, deleting remote shares and keylogging information.

Remove it with RegRun.

Remove csass.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.


You can read UnHackMe testimonials here.