PDA

Visualizza versione completa : cassl.exe


frederik001
07-03-2005, 10.30.39
buongiorno,da un paio di giorni ho notato che quando sono connesso ad internet il pc invia dati in continuazione,cioe' anche con ie chiuso ma connessione attiva continua ad inviare dati,anche 20 30 mb in un oretta tutto senza utilizzare ie......utilizzando il task menager ho riscontrato che terminando il processo cassl.exe tutto va a posto e cioe' non ivia piu dati in continuazione.....ora io non so cosa sia quel processo e come comportarmi....inoltre in contemporanea a tutto questo,alla prima apertura di ie del giorno mi si apre sempre una pagina internet che io non ho mai visitato io la chiudo ma e' fastidioso....utilizzo win xp sp1 e adsl.grazie e ciao.

Bertans
07-03-2005, 10.40.24
Liberamente tratto da Google (http://www.google.com/search?q=cassl.exe)...
Description:
This memory-resident worm propagates by dropping copies of itself to certain network shares. It may use a list of user names and passwords to gain access to target machines:

It also takes advantage of the capabilities of certain malware variants, as well as the following Windows vulnerabilities to propagate across networks:

Buffer Overflow in SQL Server 2000 vulnerability
IIS/WebDAV vulnerability
RPC/DCOM vulnerability
LSASS vulnerability
More information about these vulnerabilities can be found on the following Microsoft pages:

Microsoft Security Bulletin MS02-061
Microsoft Security Bulletin MS03-007
Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS04-011
This worm also has backdoor capabilities, and may execute commands coming from a remote malicious user. It also steals the Windows Product ID, as well as the CD keys of certain applications.



Solution:
Terminating the Malware Program

This procedure terminates the running malware process.

Open Windows Task Manager.
On Windows 95, 98, and ME, press
CTRL+ALT+DELETE
On Windows NT, 2000, and XP, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the process:
cassl.exe
Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
*NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.
Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing at startup.

Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
winservit = "cassl.exe"
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices
In the right panel, locate and delete the entry:
winservit = "cassl.exe"
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
winservit = "cassl.exe"
Close Registry Editor.
NOTE: If you were not able to terminate the malware process as described in the previous procedure, restart your system.
Enabling Show All Files

This procedure allows you to access hidden malware files using Windows Explorer.

On Windows 95, 98, and NT

Open Windows Explorer. Right-click Start then click Explore.
On the View menu, click Options or Folders Options.
Click the View tab.
Select Show all files, then click OK.

On Windows ME, 2000, and XP

Open Windows Explorer. Right-click Start then click Explore.
On the Tools menu, click Folder Options.
Click the View tab.
Select Show hidden files and folders, then click OK.

Additional Windows ME/XP Cleaning Instructions

Users running Windows ME and XP must disable System Restore to allow full scanning of infected systems.

Users running other Windows versions can proceed with the succeeding procedure set(s).

Il Bertans (che ha fatto del celebre motore di ricerca il suo personalissimo oracolo)