We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Worm:Win32/Cissi.A
Detected by Microsoft Defender Antivirus
Aliases: WORM_CISSI.A (Trend Micro) Win32/Cissi.A!Worm (ETrust) (CA) W32/Cissi.worm.gen (McAfee) W32.Cissi.A@mm (Symantec)
Summary
Win32/Cissi.A is a network worm with a backdoor component. The worm can spread through remote shares by trying weak account name and password combinations. The backdoor component connects to an IRC server, allowing it to accept and execute remote queries and commands. Win32/Cissi.A also gathers e-mail addresses from the infected computer, but cannot send a copy of itself to those addresses due to a bug in the worm's code.
It is not advisable to try to remove Win32/Cissi.A manually. Instead, use up-to-date antivirus software to remove this worm and detect other malicious software that may have been installed as a result of the worm infection. To remove this malicious software using antivirus software, follow these steps:
- Disconnect from the Internet.
- Run up-to-date antivirus software.
- Take steps to prevent re-infection.
Disconnect from the Internet
To help ensure that your computer is not actively infecting other computers, disconnect it from the Internet before proceeding by unplugging your network cable or disabling your wireless connection. You can reconnect to the Internet after running antivirus software.
Run up-to-date antivirus software
Run up-to-date antivirus software to remove this malicious software from your computer.
Take steps to prevent re-infection
Do not reconnect your computer to the Internet until the computer is protected from re-infection. See the "How to Prevent Infection" section for more information.
Follow us
