مشاهده نسخه کامل
: Vahed
17-08-2007, 14:17
This week I´ve been considering setting up a dating agency for virus programmers; in my opinion if we could get them out of the house and into social circles then they wouldn´t spend their Saturday nights creating viruses such as the Sasser worm which I´ve had to spend this week removing from various computers around the bay. Unfortunately I believe this could be a short lived dating agency as I´d imagine that the majority of virus programmers would be spotty adolescent boys but it´s still something worth thinking about nevertheless.
Anyway, there is no time to be bitter, the Sasser worm is out in the wild and has already infected tens of thousands of machines so what do we do now to protect ourselves or to remove any traces of it if we are already infected? Luckily it only really affects Windows XP so people with an operating system before this don´t really have to worry; just ensure that your virus checker is up to date and do a complete scan of your system. If you do have Windows XP and don´t believe that you´ve been infected then just ensure that you do a Windows Update and installed all the critical updates and turn on the Internet firewall; it´s as simple as that. If you´re not sure how to turn on your firewall then just right click on your Internet connection, click on `properties´ and then on `advanced´ then enable the firewall from there.
If you have been infected then chances are that you´ll definitely know it; your machine will be shutting down intermittently and going a lot slower than it did several days ago and in this case there are a number of steps you need to do to clean up your machine. To start, the biggest problem some people are having is that the computer will shut down automatically when connected to the Internet and this is preventing them from installing the appropriate patches. To get around this restart your computer and ensure that it doesn´t reconnect to the Internet automatically when you log back on then click on `start´ and `run´ and then type in `shutdown -i´ which should caused a dialog box to appear. Now just change the 20 seconds setting to 9999 seconds as this will then give you a good few hours to install all the needed updates before your computer restarts. It would also be a good idea to disable System Restore at this point to ensure that Windows doesn´t make a backup of the worm we are trying to remove.
Next we have to remove any instances of the virus running in memory as if the virus is present in the background then it could hinder our attempts to remove it. To do this press <CTRL>, <ALT> and <DELETE> on your keyboard at the same time then when the task manager box appears click on the `processes´ tab. Now locate any items in the list that have the names `avserve.exe´, `avserve2.exe´ or any process consisting of four or five digits followed by `_up.exe´ so, for example, `5867_up.exe´, click on these processes one at a time and click on `End Process´ until they have all disappeared from the list. These processes are all virus files and as I mentioned above we really need to remove these from memory before attempting to permanently remove them from your hard disk.
Now is time to download a removal tool that Symantec have developed; unfortunately the website address to get it off their site is around 130 characters long so I´ve copied it onto my site for ease of publication - Head to refreshcartridges.co.uk/fixsasser.exe and then choose to open the file. Simply run it and it should go through and remove any instances of Sasser from your computer. You now want to ensure that your firewall is activated as per the instructions I gave above and then you should go to the Windows Update site and choose to install all of the critical update files. Once this process has completed simply restart your machine and you should be free of Sasser although now would be a good time to ensure that your virus checker is fully up to date and perform a complete scan before breaking open the champagne.
That´s it for this week, if any of you happen to know anyone involved with creating viruses or worms then please do us all a favour and invite them down the pub this Saturday night; you may prevent them from having the time on their hands to waste in such an unproductive manner.
Computer Articles 2007, virus Review
Anyway, there is no time to be bitter, the Sasser worm is out in the wild and has already infected tens of thousands of machines so what do we do now to protect ourselves or to remove any traces of it if we are already infected? Luckily it only really affects Windows XP so people with an operating system before this don´t really have to worry; just ensure that your virus checker is up to date and do a complete scan of your system. If you do have Windows XP and don´t believe that you´ve been infected then just ensure that you do a Windows Update and installed all the critical updates and turn on the Internet firewall; it´s as simple as that. If you´re not sure how to turn on your firewall then just right click on your Internet connection, click on `properties´ and then on `advanced´ then enable the firewall from there.
If you have been infected then chances are that you´ll definitely know it; your machine will be shutting down intermittently and going a lot slower than it did several days ago and in this case there are a number of steps you need to do to clean up your machine. To start, the biggest problem some people are having is that the computer will shut down automatically when connected to the Internet and this is preventing them from installing the appropriate patches. To get around this restart your computer and ensure that it doesn´t reconnect to the Internet automatically when you log back on then click on `start´ and `run´ and then type in `shutdown -i´ which should caused a dialog box to appear. Now just change the 20 seconds setting to 9999 seconds as this will then give you a good few hours to install all the needed updates before your computer restarts. It would also be a good idea to disable System Restore at this point to ensure that Windows doesn´t make a backup of the worm we are trying to remove.
Next we have to remove any instances of the virus running in memory as if the virus is present in the background then it could hinder our attempts to remove it. To do this press <CTRL>, <ALT> and <DELETE> on your keyboard at the same time then when the task manager box appears click on the `processes´ tab. Now locate any items in the list that have the names `avserve.exe´, `avserve2.exe´ or any process consisting of four or five digits followed by `_up.exe´ so, for example, `5867_up.exe´, click on these processes one at a time and click on `End Process´ until they have all disappeared from the list. These processes are all virus files and as I mentioned above we really need to remove these from memory before attempting to permanently remove them from your hard disk.
Now is time to download a removal tool that Symantec have developed; unfortunately the website address to get it off their site is around 130 characters long so I´ve copied it onto my site for ease of publication - Head to refreshcartridges.co.uk/fixsasser.exe and then choose to open the file. Simply run it and it should go through and remove any instances of Sasser from your computer. You now want to ensure that your firewall is activated as per the instructions I gave above and then you should go to the Windows Update site and choose to install all of the critical update files. Once this process has completed simply restart your machine and you should be free of Sasser although now would be a good time to ensure that your virus checker is fully up to date and perform a complete scan before breaking open the champagne.
That´s it for this week, if any of you happen to know anyone involved with creating viruses or worms then please do us all a favour and invite them down the pub this Saturday night; you may prevent them from having the time on their hands to waste in such an unproductive manner.
Computer Articles 2007, virus Review