Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 05-06-2004, 01:38 AM   #1
Beta Member
 
Join Date: May 2004
Posts: 2
Default Do I Have A Virus?

Hey I'm REALLY worried about my home computer, on the day of the Sasser virus I was on the net and suddenly my Internet Explorer quit working (a pop up with one of those 'send error report' or 'don't send' buttons came up - I went further into it and it says something is wrong with 'appcompat.txt'). Anyway, my computer is 'fine' apart from me not being able to get into Internet Explorer and not being able to get into any folder systems because Explorer has the same start up problem as IE! All other programs work fine - eg. I can do word processing by opening the link to Microsoft Word on my desktop and open the file from the program - like I said the folder system in Explorer doesn't work at all and that error message comes up! My computer doesn't restart or anything which is why I'm not sure if its Sasser or not. PLEASE HELP! (this is a uni computer I'm typing from...)

btw I have Windows XP home
__________________

Madeh is offline   Reply With Quote
Old 05-06-2004, 07:41 PM   #2
In Runtime
 
Join Date: Mar 2004
Posts: 191
Default Re: Do I Have A Virus?

Well, Do you have any anti-virus software..?
__________________

At0m1x is offline   Reply With Quote
Old 05-07-2004, 12:34 PM   #3
Guru
 
Lord Kalthorn's Avatar
 
Join Date: Dec 2003
Location: Britain
Posts: 13,293
Send a message via MSN to Lord Kalthorn
Default

Maybe you should try and get WIndows XP SP2 - that has a huge amount of large Security changes which will make the Computer much safer. Just search on the Microsoft site for SP2 and it is the top one. It is 272MB but its worth it; that will probably sort out most of your problems.
__________________
A Knight is sworn to Honour. His heart knows only Virtue. His blade defends the helpless. His might upholds the Weak. His word speaks only truth. His wrath undoes the Wicked.
Lord Kalthorn is offline   Reply With Quote
Old 05-07-2004, 11:44 PM   #4
Beta Member
 
liquid31337's Avatar
 
Join Date: May 2004
Posts: 1
Cool This will help you

W32.Sasser Worm


This is my tutorial on how to detect and remove W32.Sasser Worm this can also be found at www.antionline.com I went to work today from 8:00am to 4:00pm its typically slow on Sundays but it was slammed today call after call seems like every customer was getting infected with this nasty worm. Getting whats known as Log/nosurf (means you can connect but cant display webpages) hence the name log/nosurf. Also getting error messages like 'desktop over quota, RPC, NT AUTHORITY, systems counting down, rebooting, deleting applications etc...

So heres a short tutorial on how to detect it, un-install it, and remove it from your PC. Enjoy.


type: virus, worm
infection length 15,872 bytes
Systems affected - Windows 2000,XP, Windows Server 2003,
Systems not infected - Linux, MAC, Novell Netware, OS2, Unix

W32. Sasser worm is a worm that attempts to exploit ms04-11 vulnerability. It spreads by scanning randomly choosen IP address for vulnerable systems.

Attempts to connect to random generated IP addressess on TCP port 445. If a connection is made to a computer, the worm sends shellcode to that computer which may cause it to run a remote shell on TCP port 9996.

The worm then uses the shell to cause the computer to connect back to the FTP server on port 5554, and retrieve a copy of the worm. This copy will have a name consisiting of 4 or 5 digits followed by _up.exe (example 31337_up.exe)

How to remove it

1. Make sure you connect to the internet with some form of protection like enabling Internet Connection Firewall( ICF).

2. Press control + alt + delete to bring up Windows Task Manager.

3. Click process tab

4. Double click 'image name' to sort the processes.

5. Look through the list and try to find avserve.exe & avserve2.exe or any process with a name consisting of 4 or 5 digits followed by _up.exe

If you find one , click it, and then click end process.

6.Exit the Task manager.

To download the tool instantly and completely remove this nasty worm can be found at http://vil.nai.com/vil/stinger or http://download.nai.com/products/mca...rt/stinger.exe

When done, reboot PC and make sure to visit micrsoft.com for the latest updates, patches Hope this helps, Liquid31337
liquid31337 is offline   Reply With Quote
Old 05-08-2004, 11:11 AM   #5
Guru
 
Lord Kalthorn's Avatar
 
Join Date: Dec 2003
Location: Britain
Posts: 13,293
Send a message via MSN to Lord Kalthorn
Default

Yeah, there's also an easier Microsoft Update on WindowsUpdate.microsoft.com if you can't be bothered to do that.
__________________
A Knight is sworn to Honour. His heart knows only Virtue. His blade defends the helpless. His might upholds the Weak. His word speaks only truth. His wrath undoes the Wicked.
Lord Kalthorn is offline   Reply With Quote
Old 05-15-2004, 03:59 PM   #6
Golden Master
 
135791's Avatar
 
Join Date: May 2004
Location: No
Posts: 5,427
Send a message via MSN to 135791
Default

theres plenty of places tht u can get a patch
__________________

135791 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 02:38 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0