Oddworld Forums > Zulag Two > Forum Suggestions & Help


 
Thread Tools
 
  #1  
05-07-2004, 01:27 PM
Codek's Avatar
Codek
Outlaw Sniper
 
: Jul 2003
: 127.0.0.1
: 1,670
Rep Power: 0
Codek  (10)
Virus Alert

If you have been having trouble getting on the net lately, it may be because of a new virus. Here are the fixes:

Windows XP fix:

Press Ctrl + Alt + Del.

Go to the processes list.

Look for Avserve.exe or Avserve2.exe

Go to start - search - then type in a search in all files and folders for Avserve.exe or Avserve2.exe - you should turn up the file in the C:\windows directory.

With the processes list still open, end the Avserve.exe or Avserve2.exe process from the processes list by right clicking on it, and selecting "end process". Once this is done, quickly right click on the Avserve.exe or Avserve2.exe search result, and select "delete". Once the application is sent to the recycle bin, you should empty it, to prevent it respawning.

Windows 98 fix:

Do a search for Avserve.exe, if you find nothing, your computer is not infected.

If the search turns up positive results, delete the file. Windows should not tell you that the file is in use by windows, but if it does, press Ctrl + Alt + Del and end task Avserve.exe. If the file does not appear in the task list, you can use the program "enditall" to kill the avserve.exe process. This will remove the application from the memory and processor, and allow you to delete the file without being told that it's in use.

The enditall program is not native to Windows 98, you will have to download it here.

Other running systems:

On all other running systems with the exception of MAC OS, try to do the above - at the end of the day the application can only attempt to make it harder for the user to detect, and will not survive a manual delete.
Reply With Quote
  #2  
05-07-2004, 05:19 PM
oddguy's Avatar
oddguy
OWF MVP
 
: Jun 2003
: Montana
: 4,086
Rep Power: 24
oddguy  (10)

Phew, my computer is safe! Thanks Death!

-oddguy
__________________

Reply With Quote
  #3  
05-07-2004, 05:30 PM
Codek's Avatar
Codek
Outlaw Sniper
 
: Jul 2003
: 127.0.0.1
: 1,670
Rep Power: 0
Codek  (10)

No problem.

This virus is also known as Sasser. Read about it here.
Reply With Quote
  #4  
05-07-2004, 11:56 PM
Fez's Avatar
Fez
Outlaw Hunter
 
: Aug 2002
: UK
: 2,924
Rep Power: 24
Fez  (22)

Death, protecting the world, one forum at a time.
__________________
OBNOXIOUS LINK

Reply With Quote
  #5  
05-08-2004, 08:52 AM
oddguy's Avatar
oddguy
OWF MVP
 
: Jun 2003
: Montana
: 4,086
Rep Power: 24
oddguy  (10)

My XP laptop is safe too! Yay! Death, you're the greatest.

-oddguy
__________________

Reply With Quote
  #6  
05-08-2004, 10:25 AM
Fez's Avatar
Fez
Outlaw Hunter
 
: Aug 2002
: UK
: 2,924
Rep Power: 24
Fez  (22)

Ha! The Person who made the virus just admitted it, Geek!
__________________
OBNOXIOUS LINK

Reply With Quote
  #7  
05-08-2004, 10:31 AM
Codek's Avatar
Codek
Outlaw Sniper
 
: Jul 2003
: 127.0.0.1
: 1,670
Rep Power: 0
Codek  (10)

:
My XP laptop is safe too! Yay! Death, you're the greatest.

-oddguy
Yea I know.

By the way people:

One quick way to tell if you have the virus, is if the LSASS.exe program terminates unexpectedly, and causes the computer to restart. I beleive this happening is why the virusmaker called it "sasser" but I'm not sure.

The only way you can get this virus is if you don't have a firewall. If you do have a firewall, you may be noticing lots of port scans from other computers - this is the virus trying to find a way in to your computer. But don't worry it can't get in.

This virus does not spread itself via email, it spreads via FTP - so if you do have internet connection monitoring software, keep a close eye on FTP ports for suspicious traffic.

It is possible to start up your computer, and end the avserve.exe program before it terminates LSASS.exe - this will give you enough time to delete it from your computer.
Reply With Quote
  #8  
05-08-2004, 10:39 AM
Codek's Avatar
Codek
Outlaw Sniper
 
: Jul 2003
: 127.0.0.1
: 1,670
Rep Power: 0
Codek  (10)

Also, you may want to download McAfee Stinger - a free anti-virus application that will search your computer, detect, and remove viruses, trojans, worms, backdoors, and other nasties.

The program is completely free and updated regularly, so is worth having for when you get outbreaks like this.
Reply With Quote


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 








 
 
- Oddworld Forums - -