Home>Tips & Articles>Remove
Worms & Virus>
Remove Worm.Sasser
About Sasser.Worm
Remove this worm using Panda Antivirus
Sasser is a worm virus that spread itself by exploiting the LSASS
vulnerability described in Microsoft Security Bulletin MS04-011.
Sasser.A restarts Windows XP/2000 computers when it attempts to affect
this computer by exploiting the LSASS vulnerability. When this action
is carried out, Sasser.A displays the following message on screen:
How to Remove Sasser.Worm?
Follow these steps to remove the Sasser.worm.
- Disconnect your computer from the local area network or Internet.
- Click Start > Run, type:
shutdown -i
and press Enter.
In the Remote Shutdown Dialog that opens, change 20 seconds to:
9999
and click OK.
- Reconnect the network/Internet connection, click Start > Windows
Update to install all necessary patches automatically.
- Terminate the running process.
Press CTRL+ALT+DEL to open Windows Task Manager, then select the
Processes tab. Scroll down the list and search for the following
processes:
- avserve.exe
- avserve2.exe
- skynetave.exe
- any process with a name consisting of four or five digits, followed
by _up.exe (eg 64354_up.exe).
If you find any such process, click it, and then click End Process.
Exit the Task Manager
- Disable System Restore (Windows
XP)
- Remove the registry entires.
Click Start > Run, type 'regedit' and click Ok.
Navigate to the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the following entries:
"avserve.exe"="%Windir%\avserve.exe"
"avserve2.exe"="%Windir%\avserve2.exe"
"skynetave.exe"= "%Windows%\skynetave.exe"
Close the Registry Editor.
- Search for and delete the following files:
avserve.exe
avserve2.exe
skynetave.exe
- Update your antivirus tools virus definition and run a thorough
scan on your system.
Remove
this worm using Panda Antivirus
Remove other worms & virus:
