New Virus??

Johnny_the_fox · 01-05-2004 2:58am #1

Warning.. (new virus???)

Just letting you know...

Ok, I turn on my computer - it is looking to connect to the internet ("182.27.75.128")
Then I used Hijackthis to remove the computer looking to connect to the internet at startup...

but when i connect to the internet - the connect is ok, but when trying to open a page I get the error Message "Internet Explorer could not open the search page"..

the file name which is causing me problem is called "avserve.exe" (located in C:\Windows)

To deleted the file (Crtl+Alt+Del and end process.. and manuallly deleted it) and used hijackthis again (to make sure).

I have tried running - AVG version 6 (which I updated only yesterday), Ad-aware 6.0 and symantec on-line virus and trojan check - but these found nothing...

hopefully that kill the fecker..

Be Warned :dunno:

Monty - the one and only · 01-05-2004 11:07am

yea, we have ahd the same problem this morning in the Netcafe.

After we killed it in the processes and delted the .exe we just ran the Live updater. All seems ok.

Johnny_the_fox · 01-05-2004 4:39pm

still havin troubles...

my machine is looking to dial a connect after restart - these address it wants to connect are random :dunno:

krattapopov · 01-05-2004 4:44pm

i had that problem today as well

i deleted that file when i saw it and i also re-installed my modem and set up a new connection

Johnny_the_fox · 01-05-2004 4:45pm

just checked the symantec web site its called - W32.Sasser.Worm

here is the fecker

Winters · 04-05-2004 1:10am

The W32.Sasser.Worm and its variants are starting to make themselves known now. Its quite sneeky in the way that it randomly scans computers for the exploit then installs itself on it. You dont need to open a file or anything, it does it all automaticly.

Although the problem was fixed a month ago by Microsoft just as usual not everybody got the patch. Since 11 o'clock Ive had about 10 port scans on some of the particular ports that it runs on...all of which I have blocked at the moment. Hopefully offices will update themselves in the morning or soon enough to stop it spreading.

AVG Info on Sasser

richardo · 05-05-2004 10:28am

Both RTE and BBC gave reports on this worm last night. Apparently it is doing a lot of damage!

There are patches available for both 2000 and XP at Microsoft. They are the only OSs that are really affected

Fr0g · 05-05-2004 4:24pm

Any idea how prevalent this is in Ireland at the moment? I expected it to be similar to the blaster virus in terms of damage and ability to spread.

richardo · 05-05-2004 4:39pm

Sasser knows no frontiers.....

Apparently it is doing a lot of damage world-wide URL=http://news.bbc.co.uk/2/hi/technology/3687583.stm]Check out this[/URL, and a few people I know have been badly hit.

One of the nasty things about Sasser is that it constantly reboots the PC, so you probably can't get on-line long enough to download the patches or virus removers.

I was lucky - had my AVG and ZoneAlarm up to date, but only because I was caught too many times in the past.

Fr0g · 05-05-2004 5:05pm

I subscribe to Avertlabs Avert advisory email which is quite good as a first line of defence. The first mention of Sasser was on 1st May so I installed the patch straight away. Also my AVG and Zonealarm was up to date.

mickeyboymel · 05-05-2004 10:43pm

Word of warning to anyone using the Email alerts from Symantec to warn about new virus,I only got the Sasser notification on Tuesday Night at 11:30, whereas the live update patches were available since Sunday/Monday.

The emails from Symantec, I find, are usually 24 hours too late, but as I check in to Live Update daily I never had a problem so far.

New Virus??

Comments