my first virus/worm
Posted: Sun May 23, 2004 11:14 am
W32/Sasser-A worm
instructions to get rid of it
Reboot the system into Safe Mode (hit the F8 key as soon as the Starting Windows text is displayed, choose Safe Mode.
Delete the file AVSERVE2.EXE from your WINDOWS directory (typically c:\windows or c:\winnt)
Edit the registry
Delete the "avserve2" value from
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Reboot the system into Default Mode
Or you could bring up task manager (ctrl+alt+del) and kill the avserve2.exe process then del the registry key and get rid of the files in windows folder (avserve2.exe and it's produce all named *_up.exe or *_upload.exe - *is a number)
then there is
W32/Sasser-E
Stop the process as before (this one is called lsasss.exe )
del registry key
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\LSASS SVR = lsasss.exe
and del file in windows lsasss.exe
if you have avserve.exe then del those as well.
instructions to get rid of it
Reboot the system into Safe Mode (hit the F8 key as soon as the Starting Windows text is displayed, choose Safe Mode.
Delete the file AVSERVE2.EXE from your WINDOWS directory (typically c:\windows or c:\winnt)
Edit the registry
Delete the "avserve2" value from
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Reboot the system into Default Mode
Or you could bring up task manager (ctrl+alt+del) and kill the avserve2.exe process then del the registry key and get rid of the files in windows folder (avserve2.exe and it's produce all named *_up.exe or *_upload.exe - *is a number)
then there is
W32/Sasser-E
Stop the process as before (this one is called lsasss.exe )
del registry key
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\LSASS SVR = lsasss.exe
and del file in windows lsasss.exe
if you have avserve.exe then del those as well.