CreedFeed Community - View Single Post - WARNING!! What You Should Know About The Sasser Worm (please read)

Mulletman · 05-11-2004, 10:31 AM

Sasser Worm variants;

1. avserve.exe
2. avserve2.exe
3. hognubn.exe
4. rundll32 cwcprops

IF YOU DONT KNOW WHAT YOU'RE DOING, DONT DO IT! Dumbass.

Open Windows Task Manager.
On Windows 95/98/ME systems, press
CTRL+ALT+DELETE
On Windows NT/2000/XP systems, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the malware file(s) detected earlier.
Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
Do the same for all detected malware files in the list of running processes.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries:
avserve.exe = %Windows%\avserve.exe
Close Registry Editor.
(taken from Ozzu website)

Semantic Sasser removal tools

Sasser info

Sasser B info

05-11-2004, 10:31 AM	#16
Mulletman Forum Diplomat USER INFO » Status: Rising Sun Posts: 4,161 Joined: Sep 2002 Currently: Offline	Sasser Worm variants; 1. avserve.exe 2. avserve2.exe 3. hognubn.exe 4. rundll32 cwcprops IF YOU DONT KNOW WHAT YOU'RE DOING, DONT DO IT! Dumbass. Open Windows Task Manager. On Windows 95/98/ME systems, press CTRL+ALT+DELETE On Windows NT/2000/XP systems, press CTRL+SHIFT+ESC, then click the Processes tab. In the list of running programs, locate the malware file(s) detected earlier. Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system. Do the same for all detected malware files in the list of running processes. To check if the malware process has been terminated, close Task Manager, and then open it again. Close Task Manager. Removing Autostart Entries from the Registry Removing autostart entries from the registry prevents the malware from executing during startup.* Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter. In the left panel, double-click the following: HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>Run In the right panel, locate and delete the entry or entries: avserve.exe = %Windows%\avserve.exe Close Registry Editor. (taken from Ozzu website) Semantic Sasser removal tools Sasser info Sasser B info __________________ Intellectial Giant (Social Outcast) Quote: (Originally Posted by JenRN) Maybe it's time for some Mullet magic! He can do his Hoffa thing again! Quote: (Originally Posted by Harvey) Women must adore you.