Oddworld Forums

Oddworld Forums (http://www.oddworldforums.net/index.php)
-   Forum Suggestions & Help (http://www.oddworldforums.net/forumdisplay.php?f=15)
-   -   Virus Alert (http://www.oddworldforums.net/showthread.php?t=10023)

Codek 05-07-2004 12:27 PM
Virus Alert
 
If you have been having trouble getting on the net lately, it may be because of a new virus. Here are the fixes:

Windows XP fix:

Press Ctrl + Alt + Del.

Go to the processes list.

Look for Avserve.exe or Avserve2.exe

Go to start - search - then type in a search in all files and folders for Avserve.exe or Avserve2.exe - you should turn up the file in the C:\windows directory.

With the processes list still open, end the Avserve.exe or Avserve2.exe process from the processes list by right clicking on it, and selecting "end process". Once this is done, quickly right click on the Avserve.exe or Avserve2.exe search result, and select "delete". Once the application is sent to the recycle bin, you should empty it, to prevent it respawning.

Windows 98 fix:

Do a search for Avserve.exe, if you find nothing, your computer is not infected.

If the search turns up positive results, delete the file. Windows should not tell you that the file is in use by windows, but if it does, press Ctrl + Alt + Del and end task Avserve.exe. If the file does not appear in the task list, you can use the program "enditall" to kill the avserve.exe process. This will remove the application from the memory and processor, and allow you to delete the file without being told that it's in use.

The enditall program is not native to Windows 98, you will have to download it here.

Other running systems:

On all other running systems with the exception of MAC OS, try to do the above - at the end of the day the application can only attempt to make it harder for the user to detect, and will not survive a manual delete.

oddguy 05-07-2004 04:19 PM
Phew, my computer is safe! Thanks Death! ;)

-oddguy

Codek 05-07-2004 04:30 PM
No problem.

This virus is also known as Sasser. Read about it here.

Fez 05-07-2004 10:56 PM
Death, protecting the world, one forum at a time.

oddguy 05-08-2004 07:52 AM
My XP laptop is safe too! Yay! Death, you're the greatest. :stare:

-oddguy

Fez 05-08-2004 09:25 AM
Ha! The Person who made the virus just admitted it, Geek!

Codek 05-08-2004 09:31 AM
:
My XP laptop is safe too! Yay! Death, you're the greatest. :stare:

-oddguy
Yea I know. :D

By the way people:

One quick way to tell if you have the virus, is if the LSASS.exe program terminates unexpectedly, and causes the computer to restart. I beleive this happening is why the virusmaker called it "sasser" but I'm not sure.

The only way you can get this virus is if you don't have a firewall. If you do have a firewall, you may be noticing lots of port scans from other computers - this is the virus trying to find a way in to your computer. But don't worry it can't get in.

This virus does not spread itself via email, it spreads via FTP - so if you do have internet connection monitoring software, keep a close eye on FTP ports for suspicious traffic.

It is possible to start up your computer, and end the avserve.exe program before it terminates LSASS.exe - this will give you enough time to delete it from your computer.

Codek 05-08-2004 09:39 AM
Also, you may want to download McAfee Stinger - a free anti-virus application that will search your computer, detect, and remove viruses, trojans, worms, backdoors, and other nasties.

The program is completely free and updated regularly, so is worth having for when you get outbreaks like this.