Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Information > Latest Virus Problem

Reply
Thread Tools

Latest Virus Problem

 
 
Fudge
Guest
Posts: n/a
 
      05-02-2004
I have spent the last 2 hours detecting and removing the
W32.Sasser.B.Worm. I went thought the Symantec procedure and found the
offending file. It is called avserve2.exe . It has located itself at
Windows\aveserve2. Win XP will not let me delete the file nor will Norton AV
allow me to quarantine the thing. Any solutions? This thing is everywhere. I
would suppose others will be having the same problem.

Farmer John


 
Reply With Quote
 
 
 
 
Thor
Guest
Posts: n/a
 
      05-02-2004
boot into safe mode, then scan with norton.


...
"Fudge" <(E-Mail Removed)> wrote in message
news:tZ5lc.1253$(E-Mail Removed)...
> I have spent the last 2 hours detecting and removing the
> W32.Sasser.B.Worm. I went thought the Symantec procedure and found the
> offending file. It is called avserve2.exe . It has located itself at
> Windows\aveserve2. Win XP will not let me delete the file nor will Norton

AV
> allow me to quarantine the thing. Any solutions? This thing is everywhere.

I
> would suppose others will be having the same problem.
>
> Farmer John
>
>



 
Reply With Quote
 
 
 
 
Brandy
Guest
Posts: n/a
 
      05-02-2004
turn off system restore first and clean up your restore points so it doesn't
get restored, and don't forget to turn it back on after you've deleted the
offending file

"Thor" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> boot into safe mode, then scan with norton.
>
>
> ..
> "Fudge" <(E-Mail Removed)> wrote in message
> news:tZ5lc.1253$(E-Mail Removed)...
> > I have spent the last 2 hours detecting and removing the
> > W32.Sasser.B.Worm. I went thought the Symantec procedure and found the
> > offending file. It is called avserve2.exe . It has located itself at
> > Windows\aveserve2. Win XP will not let me delete the file nor will

Norton
> AV
> > allow me to quarantine the thing. Any solutions? This thing is

everywhere.
> I
> > would suppose others will be having the same problem.
> >
> > Farmer John
> >
> >

>
>



 
Reply With Quote
 
DeMoN LaG
Guest
Posts: n/a
 
      05-02-2004
"Fudge" <(E-Mail Removed)> wrote in
news:tZ5lc.1253$(E-Mail Removed):

> allow me to quarantine the thing. Any solutions? This thing is
> everywhere. I would suppose others will be having the same problem.


We had 23 users call in today between 9 and 6 that were infected with it.
23 dial up users, not even DSL users with permanent IPs.

My routine:
Start, run, msconfig
Find avserve.exe or avserve2.exe in the startup list. Uncheck it, apply,
close. No restart. Hit the power button on the machine (Sasser will abort
any shutdown attempt).

Restart, delete the file, enable your ICF temporarily, go online, get the
patch from MS then get an update for your AV and do a full scan.

--
website: http://www.demonlag.com
AIM: FrznFoodClerk
 
Reply With Quote
 
Robert Baer
Guest
Posts: n/a
 
      05-03-2004
Thor wrote:
>
> boot into safe mode, then scan with norton.
>
> ..
> "Fudge" <(E-Mail Removed)> wrote in message
> news:tZ5lc.1253$(E-Mail Removed)...
> > I have spent the last 2 hours detecting and removing the
> > W32.Sasser.B.Worm. I went thought the Symantec procedure and found the
> > offending file. It is called avserve2.exe . It has located itself at
> > Windows\aveserve2. Win XP will not let me delete the file nor will Norton

> AV
> > allow me to quarantine the thing. Any solutions? This thing is everywhere.

> I
> > would suppose others will be having the same problem.
> >
> > Farmer John
> >
> >


Are you saying that WinXP has a *useable* "safe mode" ????
Why i ask, is that Win2K does *NOT*; one gets a black screen with the
words "safe mode" in each corner and absolutely *nothing* else.
 
Reply With Quote
 
Jerry G.
Guest
Posts: n/a
 
      05-03-2004
Follow the removal instructions. Turn off the system restore. Boot in the
safe mode, and do the removal. Then re-boot back to normal, and do the virus
check to see that the system is cleaned. If it is okay, turn on the system
restore again. This information should be available on the Symantec site.
http://securityresponse.symantec.com...er.b.worm.html
The manual removal instructions are near to the bottom of this page.

If you can delete all the past restore points do this as well. You want
everything to be cleaned.

Read the system help files if you do not know about how to use and control
the system restore functions. It is all there.

--

Greetings,

Jerry G.
======


"Fudge" <(E-Mail Removed)> wrote in message
news:tZ5lc.1253$(E-Mail Removed)...
I have spent the last 2 hours detecting and removing the
W32.Sasser.B.Worm. I went thought the Symantec procedure and found the
offending file. It is called avserve2.exe . It has located itself at
Windows\aveserve2. Win XP will not let me delete the file nor will Norton AV
allow me to quarantine the thing. Any solutions? This thing is everywhere. I
would suppose others will be having the same problem.

Farmer John



 
Reply With Quote
 
Thor
Guest
Posts: n/a
 
      05-03-2004

> Are you saying that WinXP has a *useable* "safe mode" ????
> Why i ask, is that Win2K does *NOT*; one gets a black screen with the
> words "safe mode" in each corner and absolutely *nothing* else.


It's usable on WinXP *and* Win2k. But perhaps not in your case if something
is screwed up and prevents safe mode from working.


 
Reply With Quote
 
DeMoN LaG
Guest
Posts: n/a
 
      05-03-2004
Robert Baer <(E-Mail Removed)> wrote in news:4095E47C.D508E2A3
@earthlink.net:

> Are you saying that WinXP has a *useable* "safe mode" ????
> Why i ask, is that Win2K does *NOT*; one gets a black screen with the
> words "safe mode" in each corner and absolutely *nothing* else.
>


You aren't using it right Rob. Windows XP and 2000 both have entirely
useable safe mode. You can even launch safe mode but keep networking
support and go online. If you get the black screen with "Safe mode" in
each corner and nothing else, your Windows install is hosed.

--
website: http://www.demonlag.com
AIM: FrznFoodClerk
 
Reply With Quote
 
Robert Baer
Guest
Posts: n/a
 
      05-04-2004
Thor wrote:
>
> > Are you saying that WinXP has a *useable* "safe mode" ????
> > Why i ask, is that Win2K does *NOT*; one gets a black screen with the
> > words "safe mode" in each corner and absolutely *nothing* else.

>
> It's usable on WinXP *and* Win2k. But perhaps not in your case if something
> is screwed up and prevents safe mode from working.


I have done about eight fresh installs on clean hadr drives, from a
genuine Win 2000 OEM CD.
And the so-called "safe mode" always has looked, and failed to be of
any use, like i mentioned.
I also have tried installing "over" a previously installed Win 2000 =
ditto.
Therefore, i naturally assumed that M$ again did their wonderful
programming tricks of "improvements".

Would the "problem" be a result of installing Win2K in a 4th
partition, where two are DOS and one is Win98SE?
 
Reply With Quote
 
Robert Baer
Guest
Posts: n/a
 
      05-04-2004
DeMoN LaG wrote:
>
> Robert Baer <(E-Mail Removed)> wrote in news:4095E47C.D508E2A3
> @earthlink.net:
>
> > Are you saying that WinXP has a *useable* "safe mode" ????
> > Why i ask, is that Win2K does *NOT*; one gets a black screen with the
> > words "safe mode" in each corner and absolutely *nothing* else.
> >

>
> You aren't using it right Rob. Windows XP and 2000 both have entirely
> useable safe mode. You can even launch safe mode but keep networking
> support and go online. If you get the black screen with "Safe mode" in
> each corner and nothing else, your Windows install is hosed.
>
> --
> website: http://www.demonlag.com
> AIM: FrznFoodClerk


Please be so kind and look at my response to Thor..
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft's latest anti-virus / anti-spyware software Mark Rae ASP .Net 0 03-07-2006 12:17 PM
Kaspersky latest virus updates - definitions are "corrupted" no_name Computer Support 4 01-29-2005 05:24 PM
Latest MyDoom Virus May Signal Dreaded 'Zero Day' Attack AeoN Computer Support 0 11-13-2004 09:43 PM
Virus, Virus, Virus..... Phil B Computer Support 2 09-22-2003 05:02 PM



Advertisments