Do I Have A Virus?

[Madeh]

Hey I'm REALLY worried about my home computer, on the day of the Sasser virus I was on the net and suddenly my Internet Explorer quit working (a pop up with one of those 'send error report' or 'don't send' buttons came up - I went further into it and it says something is wrong with 'appcompat.txt'). Anyway, my computer is 'fine' apart from me not being able to get into Internet Explorer and not being able to get into any folder systems because Explorer has the same start up problem as IE! All other programs work fine - eg. I can do word processing by opening the link to Microsoft Word on my desktop and open the file from the program - like I said the folder system in Explorer doesn't work at all and that error message comes up! My computer doesn't restart or anything which is why I'm not sure if its Sasser or not. PLEASE HELP! (this is a uni computer I'm typing from...)

btw I have Windows XP home

 

[At0m1x]

Well, Do you have any anti-virus software..?

 

[Lord Kalthorn]

Maybe you should try and get WIndows XP SP2 - that has a huge amount of large Security changes which will make the Computer much safer. Just search on the Microsoft site for SP2 and it is the top one. It is 272MB but its worth it; that will probably sort out most of your problems.

 

[liquid31337]

This will help you

W32.Sasser Worm


This is my tutorial on how to detect and remove W32.Sasser Worm this can also be found at www.antionline.com I went to work today from 8:00am to 4:00pm its typically slow on Sundays but it was slammed today call after call seems like every customer was getting infected with this nasty worm. Getting whats known as Log/nosurf (means you can connect but cant display webpages) hence the name log/nosurf. Also getting error messages like 'desktop over quota, RPC, NT AUTHORITY, systems counting down, rebooting, deleting applications etc...

So heres a short tutorial on how to detect it, un-install it, and remove it from your PC. Enjoy.


type: virus, worm
infection length 15,872 bytes
Systems affected - Windows 2000,XP, Windows Server 2003,
Systems not infected - Linux, MAC, Novell Netware, OS2, Unix

W32. Sasser worm is a worm that attempts to exploit ms04-11 vulnerability. It spreads by scanning randomly choosen IP address for vulnerable systems.

Attempts to connect to random generated IP addressess on TCP port 445. If a connection is made to a computer, the worm sends shellcode to that computer which may cause it to run a remote shell on TCP port 9996.

The worm then uses the shell to cause the computer to connect back to the FTP server on port 5554, and retrieve a copy of the worm. This copy will have a name consisiting of 4 or 5 digits followed by _up.exe (example 31337_up.exe)

How to remove it

1. Make sure you connect to the internet with some form of protection like enabling Internet Connection Firewall( ICF).

2. Press control + alt + delete to bring up Windows Task Manager.

3. Click process tab

4. Double click 'image name' to sort the processes.

5. Look through the list and try to find avserve.exe & avserve2.exe or any process with a name consisting of 4 or 5 digits followed by _up.exe

If you find one , click it, and then click end process.

6.Exit the Task manager.

To download the tool instantly and completely remove this nasty worm can be found at http://vil.nai.com/vil/stinger or http://download.nai.com/products/mcafee-avert/stinger.exe

When done, reboot PC and make sure to visit micrsoft.com for the latest updates, patches Hope this helps, Liquid31337

 

[Lord Kalthorn]

Yeah, there's also an easier Microsoft Update on WindowsUpdate.microsoft.com if you can't be bothered to do that.

 

[135791]

theres plenty of places tht u can get a patch