need help with last step in deleting W32.Sasser.worm,

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I heve tried to do all of the steps that you told me but when i have to use the run:regedit32 it does not work whe i put HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windowcas\CurrentVersi on\Run "avserve.exe" = C:\WINDOWS\avserve.exe
and i still get the message of LSA Shell( export Version
what could be wrong?
any help

(e-mail address removed)
 
well... my computer seems to be working correctly but the worm is still there i want to delete it but the last step don't work
 
HI Alan,

Alan said:
I heve tried to do all of the steps that you told me but when i have to use the run:regedit32 it does not work whe i put HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windowcas\CurrentVersi on\Run "avserve.exe" = C:\WINDOWS\avserve.exe
and i still get the message of LSA Shell( export Version)
what could be wrong??
any help?

(e-mail address removed)
Click to expand...

Try using stinger:
http://vil.nai.com/vil/stinger/
What happens exactly when you use the registry?

Also you must turn on a firewall and download the update:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Sasser worm:
Mitigation Steps for Affected Computers
If your computer is infected with the W32.Sasser.worm,
please do the following:

Enable the Windows XP Internet Connection Firewall or a
third-party firewall on the affected computer.
Disconnect the computer from the Internet.
Restart the computer. If you have problems rebooting,
reboot in safe mode.
Press CTRL+ALT+DEL.
Click the Task Manager.
Click the Processes tab.
Press and hold the CTRL key and then click
C:\WINDOWS\avserve.exe and c:\WINDOWS\system32\*_up.exe.
Click the End Task button.
Click Start.
Click Search and then search for and delete the following
files:
C:\WINDOWS\avserve.exe
C:\WINDOWS\system32\*_up.exe
Click Start again, click Run, and then type: regedit32
Click OK.
In Registry Editor, locate and delete the following
registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run "avserve.exe" = C:\WINDOWS\avserve.exe
Connect the computer to the Internet.
Go to the Windows Update site, and click the Scan for
Updates button.
Download and install the critical updates recommended
after the scan.



http://www.microsoft.com/security/incident/sasser.asp
The stinger tool may also be helpful in detecting and
cleaning the Sasser worm.
http://vil.nai.com/vil/stinger/

Download this update
Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732)
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Enable your firewall.

MORE ON SECURITY:

Three steps you can take to improve your computer's security:
http://www.microsoft.com/security/protect/

321050 Description of a Personal Firewall
http://support.microsoft.com/?id=321050

More info:

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html
http://www.bullguard.com/antivirus/vit_randon_i.aspx
http://www.vsantivirus.com/sasser-a.htm

Good luck
 
Back
Top