Latest Virus Problem

Discussion in 'Computer Information' started by Fudge, May 2, 2004.

  1. Fudge

    Fudge Guest

    I have spent the last 2 hours detecting and removing the
    W32.Sasser.B.Worm. I went thought the Symantec procedure and found the
    offending file. It is called avserve2.exe . It has located itself at
    Windows\aveserve2. Win XP will not let me delete the file nor will Norton AV
    allow me to quarantine the thing. Any solutions? This thing is everywhere. I
    would suppose others will be having the same problem.

    Farmer John
     
    Fudge, May 2, 2004
    #1
    1. Advertising

  2. Fudge

    Thor Guest

    boot into safe mode, then scan with norton.


    ...
    "Fudge" <> wrote in message
    news:tZ5lc.1253$...
    > I have spent the last 2 hours detecting and removing the
    > W32.Sasser.B.Worm. I went thought the Symantec procedure and found the
    > offending file. It is called avserve2.exe . It has located itself at
    > Windows\aveserve2. Win XP will not let me delete the file nor will Norton

    AV
    > allow me to quarantine the thing. Any solutions? This thing is everywhere.

    I
    > would suppose others will be having the same problem.
    >
    > Farmer John
    >
    >
     
    Thor, May 2, 2004
    #2
    1. Advertising

  3. Fudge

    Brandy Guest

    turn off system restore first and clean up your restore points so it doesn't
    get restored, and don't forget to turn it back on after you've deleted the
    offending file

    "Thor" <> wrote in message
    news:...
    > boot into safe mode, then scan with norton.
    >
    >
    > ..
    > "Fudge" <> wrote in message
    > news:tZ5lc.1253$...
    > > I have spent the last 2 hours detecting and removing the
    > > W32.Sasser.B.Worm. I went thought the Symantec procedure and found the
    > > offending file. It is called avserve2.exe . It has located itself at
    > > Windows\aveserve2. Win XP will not let me delete the file nor will

    Norton
    > AV
    > > allow me to quarantine the thing. Any solutions? This thing is

    everywhere.
    > I
    > > would suppose others will be having the same problem.
    > >
    > > Farmer John
    > >
    > >

    >
    >
     
    Brandy, May 2, 2004
    #3
  4. Fudge

    DeMoN LaG Guest

    "Fudge" <> wrote in
    news:tZ5lc.1253$:

    > allow me to quarantine the thing. Any solutions? This thing is
    > everywhere. I would suppose others will be having the same problem.


    We had 23 users call in today between 9 and 6 that were infected with it.
    23 dial up users, not even DSL users with permanent IPs.

    My routine:
    Start, run, msconfig
    Find avserve.exe or avserve2.exe in the startup list. Uncheck it, apply,
    close. No restart. Hit the power button on the machine (Sasser will abort
    any shutdown attempt).

    Restart, delete the file, enable your ICF temporarily, go online, get the
    patch from MS then get an update for your AV and do a full scan.

    --
    website: http://www.demonlag.com
    AIM: FrznFoodClerk
     
    DeMoN LaG, May 3, 2004
    #4
  5. Fudge

    Robert Baer Guest

    Thor wrote:
    >
    > boot into safe mode, then scan with norton.
    >
    > ..
    > "Fudge" <> wrote in message
    > news:tZ5lc.1253$...
    > > I have spent the last 2 hours detecting and removing the
    > > W32.Sasser.B.Worm. I went thought the Symantec procedure and found the
    > > offending file. It is called avserve2.exe . It has located itself at
    > > Windows\aveserve2. Win XP will not let me delete the file nor will Norton

    > AV
    > > allow me to quarantine the thing. Any solutions? This thing is everywhere.

    > I
    > > would suppose others will be having the same problem.
    > >
    > > Farmer John
    > >
    > >


    Are you saying that WinXP has a *useable* "safe mode" ????
    Why i ask, is that Win2K does *NOT*; one gets a black screen with the
    words "safe mode" in each corner and absolutely *nothing* else.
     
    Robert Baer, May 3, 2004
    #5
  6. Fudge

    Jerry G. Guest

    Follow the removal instructions. Turn off the system restore. Boot in the
    safe mode, and do the removal. Then re-boot back to normal, and do the virus
    check to see that the system is cleaned. If it is okay, turn on the system
    restore again. This information should be available on the Symantec site.
    http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html
    The manual removal instructions are near to the bottom of this page.

    If you can delete all the past restore points do this as well. You want
    everything to be cleaned.

    Read the system help files if you do not know about how to use and control
    the system restore functions. It is all there.

    --

    Greetings,

    Jerry G.
    ======


    "Fudge" <> wrote in message
    news:tZ5lc.1253$...
    I have spent the last 2 hours detecting and removing the
    W32.Sasser.B.Worm. I went thought the Symantec procedure and found the
    offending file. It is called avserve2.exe . It has located itself at
    Windows\aveserve2. Win XP will not let me delete the file nor will Norton AV
    allow me to quarantine the thing. Any solutions? This thing is everywhere. I
    would suppose others will be having the same problem.

    Farmer John
     
    Jerry G., May 3, 2004
    #6
  7. Fudge

    Thor Guest


    > Are you saying that WinXP has a *useable* "safe mode" ????
    > Why i ask, is that Win2K does *NOT*; one gets a black screen with the
    > words "safe mode" in each corner and absolutely *nothing* else.


    It's usable on WinXP *and* Win2k. But perhaps not in your case if something
    is screwed up and prevents safe mode from working.
     
    Thor, May 3, 2004
    #7
  8. Fudge

    DeMoN LaG Guest

    Robert Baer <> wrote in news:4095E47C.D508E2A3
    @earthlink.net:

    > Are you saying that WinXP has a *useable* "safe mode" ????
    > Why i ask, is that Win2K does *NOT*; one gets a black screen with the
    > words "safe mode" in each corner and absolutely *nothing* else.
    >


    You aren't using it right Rob. Windows XP and 2000 both have entirely
    useable safe mode. You can even launch safe mode but keep networking
    support and go online. If you get the black screen with "Safe mode" in
    each corner and nothing else, your Windows install is hosed.

    --
    website: http://www.demonlag.com
    AIM: FrznFoodClerk
     
    DeMoN LaG, May 3, 2004
    #8
  9. Fudge

    Robert Baer Guest

    Thor wrote:
    >
    > > Are you saying that WinXP has a *useable* "safe mode" ????
    > > Why i ask, is that Win2K does *NOT*; one gets a black screen with the
    > > words "safe mode" in each corner and absolutely *nothing* else.

    >
    > It's usable on WinXP *and* Win2k. But perhaps not in your case if something
    > is screwed up and prevents safe mode from working.


    I have done about eight fresh installs on clean hadr drives, from a
    genuine Win 2000 OEM CD.
    And the so-called "safe mode" always has looked, and failed to be of
    any use, like i mentioned.
    I also have tried installing "over" a previously installed Win 2000 =
    ditto.
    Therefore, i naturally assumed that M$ again did their wonderful
    programming tricks of "improvements".

    Would the "problem" be a result of installing Win2K in a 4th
    partition, where two are DOS and one is Win98SE?
     
    Robert Baer, May 4, 2004
    #9
  10. Fudge

    Robert Baer Guest

    DeMoN LaG wrote:
    >
    > Robert Baer <> wrote in news:4095E47C.D508E2A3
    > @earthlink.net:
    >
    > > Are you saying that WinXP has a *useable* "safe mode" ????
    > > Why i ask, is that Win2K does *NOT*; one gets a black screen with the
    > > words "safe mode" in each corner and absolutely *nothing* else.
    > >

    >
    > You aren't using it right Rob. Windows XP and 2000 both have entirely
    > useable safe mode. You can even launch safe mode but keep networking
    > support and go online. If you get the black screen with "Safe mode" in
    > each corner and nothing else, your Windows install is hosed.
    >
    > --
    > website: http://www.demonlag.com
    > AIM: FrznFoodClerk


    Please be so kind and look at my response to Thor..
     
    Robert Baer, May 4, 2004
    #10
  11. Fudge

    Goforit Guest

    "Robert Baer" <> wrote in message
    news:...
    > DeMoN LaG wrote:
    > >
    > > Robert Baer <> wrote in news:4095E47C.D508E2A3
    > > @earthlink.net:
    > >
    > > > Are you saying that WinXP has a *useable* "safe mode" ????
    > > > Why i ask, is that Win2K does *NOT*; one gets a black screen with

    the
    > > > words "safe mode" in each corner and absolutely *nothing* else.


    I can't even get my XP safe mode to work. No matter how quickly or how many
    times I pound the key, I can never get it to start in safe mode.
     
    Goforit, May 4, 2004
    #11
  12. Fudge

    derek / nul Guest

    On Tue, 04 May 2004 07:03:56 GMT, Robert Baer <> wrote:

    >Thor wrote:
    >>
    >> > Are you saying that WinXP has a *useable* "safe mode" ????
    >> > Why i ask, is that Win2K does *NOT*; one gets a black screen with the
    >> > words "safe mode" in each corner and absolutely *nothing* else.

    >>
    >> It's usable on WinXP *and* Win2k. But perhaps not in your case if something
    >> is screwed up and prevents safe mode from working.

    >
    > I have done about eight fresh installs on clean hadr drives, from a
    >genuine Win 2000 OEM CD.
    > And the so-called "safe mode" always has looked, and failed to be of
    >any use, like i mentioned.


    W2k safe mode works fine here?

    > I also have tried installing "over" a previously installed Win 2000 =
    >ditto.
    > Therefore, i naturally assumed that M$ again did their wonderful
    >programming tricks of "improvements".
    >
    > Would the "problem" be a result of installing Win2K in a 4th
    >partition, where two are DOS and one is Win98SE?


    Don't know but running from the second here.

    Derek
     
    derek / nul, May 4, 2004
    #12
  13. Fudge

    Thor Guest

    "Robert Baer" <> wrote in message
    news:...
    > Thor wrote:
    > >
    > > > Are you saying that WinXP has a *useable* "safe mode" ????
    > > > Why i ask, is that Win2K does *NOT*; one gets a black screen with

    the
    > > > words "safe mode" in each corner and absolutely *nothing* else.

    > >
    > > It's usable on WinXP *and* Win2k. But perhaps not in your case if

    something
    > > is screwed up and prevents safe mode from working.

    >
    > I have done about eight fresh installs on clean hadr drives, from a
    > genuine Win 2000 OEM CD.
    > And the so-called "safe mode" always has looked, and failed to be of
    > any use, like i mentioned.
    > I also have tried installing "over" a previously installed Win 2000 =
    > ditto.
    > Therefore, i naturally assumed that M$ again did their wonderful
    > programming tricks of "improvements".
    >
    > Would the "problem" be a result of installing Win2K in a 4th
    > partition, where two are DOS and one is Win98SE?


    All I can tell you is that I've never had such a problem with safe mode in
    Win2K, or XP. I don't know if that unusual config would have anything to do
    with it.
     
    Thor, May 4, 2004
    #13
  14. Fudge

    Robert Baer Guest

    Thor wrote:
    >
    > "Robert Baer" <> wrote in message
    > news:...
    > > Thor wrote:
    > > >
    > > > > Are you saying that WinXP has a *useable* "safe mode" ????
    > > > > Why i ask, is that Win2K does *NOT*; one gets a black screen with

    > the
    > > > > words "safe mode" in each corner and absolutely *nothing* else.
    > > >
    > > > It's usable on WinXP *and* Win2k. But perhaps not in your case if

    > something
    > > > is screwed up and prevents safe mode from working.

    > >
    > > I have done about eight fresh installs on clean hadr drives, from a
    > > genuine Win 2000 OEM CD.
    > > And the so-called "safe mode" always has looked, and failed to be of
    > > any use, like i mentioned.
    > > I also have tried installing "over" a previously installed Win 2000 =
    > > ditto.
    > > Therefore, i naturally assumed that M$ again did their wonderful
    > > programming tricks of "improvements".
    > >
    > > Would the "problem" be a result of installing Win2K in a 4th
    > > partition, where two are DOS and one is Win98SE?

    >
    > All I can tell you is that I've never had such a problem with safe mode in
    > Win2K, or XP. I don't know if that unusual config would have anything to do
    > with it.


    Thanks for the feedback, everyone.
     
    Robert Baer, May 5, 2004
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phil B

    Virus, Virus, Virus.....

    Phil B, Sep 22, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    566
    DaveW
    Sep 22, 2003
  2. AeoN
    Replies:
    0
    Views:
    411
  3. no_name
    Replies:
    4
    Views:
    747
    joevan
    Jan 29, 2005
  4. Jim Watt

    latest virus going the rounds

    Jim Watt, Feb 26, 2005, in forum: Computer Security
    Replies:
    6
    Views:
    536
    Jim Watt
    Feb 28, 2005
  5. Fred Dagg

    Latest Linux virus

    Fred Dagg, Dec 29, 2005, in forum: NZ Computing
    Replies:
    38
    Views:
    997
    Enkidu
    Jan 11, 2006
Loading...

Share This Page