Sasser Worm


Status
Not open for further replies.
I found trojan every 1 week in my game box on NT. Even though I dun browse net and the AV on NT cant even detect a thing. I found them when booting from the Linux and scan the partition there. My "server" a broken screen P166 notebook running Mandrake 8.2 and never shutdown for 2 yrs, unpatched never had a problem. Well, still need NT for games and that's why it's still there.
 

Linkster said:
for your Gaobot virus,

Removal using the Removal Tool
Symantec Security Response has developed a removal tool to clean the infections of W32.HLLW.Gaobot.ADX. This is the preferred method in most cases.


Manual Removal
Perform a manual removal if you cannot obtain the tool.

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.


1. Disable System Restore (Windows Me/XP).
2. Restart the computer in Safe mode or VGA mode.
3. Reverse the changes made to the registry.
4. Update the virus definitions.
5. Run a full system scan and delete all the files detected as W32.Gaobot.ADX.
Click to expand...

Ref to point 3 above,
How do i reverse the changes to the registry??
 

jherek said:
Ref to point 3 above,
How do i reverse the changes to the registry??
Click to expand...

From: http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html

To reverse the change made to the registry

--------------------------------------------------------------------------------
WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
--------------------------------------------------------------------------------

a. Click Start, and then click Run. (The Run dialog box appears.)
Type regedit

b. Then click OK. (The Registry Editor opens.)

c. Navigate to the key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

d. In the right pane, delete the value:

"avserve2.exe"="%Windir%\avserve2.exe"

e. Exit the Registry Editor.
 

Status
Not open for further replies.

Similar threads

RSSNewsFeeder
PetaPixel Facebook is Shutting Down its Photo Face Recognition System
Replies
0
Views
145
News from the Net
RSSNewsFeeder
RSSNewsFeeder
RSSNewsFeeder
PetaPixel Great Reads in Photography: December 12, 2021
Replies
0
Views
747
News from the Net
RSSNewsFeeder
RSSNewsFeeder
RSSNewsFeeder
PetaPixel Great Reads in Photography: November 28, 2021
Replies
0
Views
695
News from the Net
RSSNewsFeeder
RSSNewsFeeder
RSSNewsFeeder
PetaPixel Photographers Are Taken Advantage of, and Enough is Enough
Replies
0
Views
582
News from the Net
RSSNewsFeeder
RSSNewsFeeder
RSSNewsFeeder
PetaPixel The Best Laptops for Photographers and Photo Editing in 2021
Replies
0
Views
427
News from the Net
RSSNewsFeeder
RSSNewsFeeder
Top Bottom
Back