Steps to remove the Sasser.worm.
1.Disconnect your computer from the local area network or Internet.
2.Click Start > Run, type:
shutdown -i and press Enter. In the Remote Shutdown Dialog that opens,
change 20 seconds to: 9999 and click OK.
3.Reconnect the network/Internet connection, click Start > Windows
Update to install all necessary patches automatically.
4.Terminate the running process.
Press CTRL+ALT+DEL to open Windows Task Manager, then select the
Processes tab. Scroll down the list and search for the following
processes:
o avserve.exe
o avserve2.exe
o skynetave.exe
o any process with a name consisting of four or five digits, followed
by _up.exe (eg 64354_up.exe). If you find any such process, click it,
and then click End Process. Exit the Task Manager
5.Disable System Restore (Windows XP)
6.Remove the registry entires.
Click Start > Run, type 'regedit' and click Ok.
Navigate to the following key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the following entries:
"avserve.exe"="%Windir%\avserve.exe"
"avserve2.exe"="%Windir%\avserve2.exe"
"skynetave.exe"= "%Windows%\skynetave.exe"
Close the Registry Editor.
7.Search for and delete the following files:
avserve.exe
avserve2.exe
skynetave.exe
8.Update your antivirus tools virus definition and run a thorough scan
on your system.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment