Manual Removal of the Sasser Virus
Enter.Net is not responsible for any damage that you may cause to your computer by following these instructions.
If you are not confident in your ability to follow these instructions, please close this window now, or refer to our information regarding
Enter.Net's Repair Department at the bottom of this page.
The Sasser Virus is only known to affect Windows 2000, Windows XP, and Windows 2003 Server. If you are running a
different version of Windows (such as Windows 98) or a Macintosh then this does not apply to you. If you believe you are infected with a different
virus (ie: Not Sasser), please visit http://housecall.antivirus.com to run a scan for other viruses.
Steps:
- End the malicious process
- Enabled Internet Connection Firewall (Windows XP ONLY)
- Run a full system scan and delete all files detected as infected with Sasser
- Reboot
- Run an Online Virus Scan to make sure the machine is virus free
Please read all of the following instructions before starting the removal process. Enter.Net is not responsible
for any damage you may cause to your computer by following these instructions and will not be able to offer technical support for
following these instructions or recovering from any damage you may cause by following these instructions
End the malicious process
To end the malicious process:
- Press CTRL+ALT+DELETE once.
- Click Task Manager
- Click the Processes tab
- Double-click the Image Name column header to alphabetically sort the processes
- Scroll through the list and look for the following:
- avserve.exe
(Note: avgserve.exe is not the Sasser virus. It is an anti-virus program written by AVG)
- avserve2.exe
- skynetave.exe
- lsasss.exe
- napatch.exe
- any process with a name consisting of 4 or 5 digits, followed by _up.exe (eg 74354_up.exe)
- any process with a name consisting of 4 or 5 digits, followed by _upload.exe (eg 74354_upload.exe)
- If you find any such process, click it and then click End Process
- Exit the Task Manager
Enable Internet Connection Firewall (Windows XP ONLY)
To enable the Internet Connection Firewall:
- Click your "Start" button.
- Scroll up or over to "Connect To" on the start menu.
- Find your dial-up icon and click on it. (Should be named Enter.Net or something similar).
- Click the "Properties" button.
- Click the "Advanced tab" at the top of the window that appears.
- Check the box at the top under the heading "Internet Connection Firewall" and click "OK"
Run a full system scan and delete all files detected as infected with Sasser
To remove Sasser infected files from your machine:
- Download Symantec's removal tool by clicking here: http://www2.enter.net/support/sasser/fxsasser.exe
- You will be asked if you want to save or open the file. Choose "Open" or "Run from Current Location"
- Click Start to begin the process, and then allow the tool to run. This will take some time.
Reboot
To restart the computer:
- Click Start
- Click "Shut Down" or "Turn off Computer"
- Choose "Restart"
- Windows XP will just reboot, if you have Windows 2000 you will have to click "OK"
Run an Online Virus Scan (Optional, but Recommended)
Note: Due to the large number of people attempting to remove this virus, the Housecall website may
by experiecing a heavy load. If you experience problems running a virus scan, you may want to wait a few
days and then try again.
- Go to http://www.housecall.antivirus.com
- Click on Scan Now.
- Press "Yes" to any security boxes that pop up.
- You will then see the Active Update windows where it is downloading an updated engine and pattern file. This may take a few minutes.
- Once this is done, put a checkmark next to your C: drive and a check mark next to Auto Clean.
- Click Scan.
- This will scan your computer for viruses and automatically clean any that it can. It will also give you the option to delete the infected files that it was not able to clean.
Remember: If you do not feel confident in your ability to accurately follow these instructions, please do not
attempt to remove the virus on your own. Enter.Net is not responsible for any damage you may cause by following these instructions. If you need assistance removing this virus, please read the following about Enter.Net's Repair Service.
Enter.Net's Repair Service
Due to the sensitive nature of this and other viruses, we cannot offer phone or e-mail support for virus removals.
If you need assistance removing this virus, please bring your computer to Enter.Net's repair center.
Please contact our repair department either by phone or in person for an estimated removal cost for the Sasser virus, as this
may vary depending on how much damage has been done to your computer by the virus.
Our repair facilities are located in our Operations Center at 815 North
12th Street in Allentown. All repairs are done on a first come, first
serve drop-off basis, with a current expected turn around time of four
business days. You do not need to schedule an appointment to drop off your
computer; you're welcome to drop it off any time during normal business
hours. One of our friendly and knowledgable repair technicians will
discuss your computer's particular problems with you while filling out a
work order to get a better understanding of the problem. And, if you bring
your computer to our office, we'll be happy to carry it from your car for
you - just come inside and let us know you're here.
Contacting Enter.Net's Repair Department: Call (610) 437-2221 and select option 2 when prompted.
Related Articles- Scanning Your Computer for Viruses
- Enter.Net's E-mail Virus Filtering
- Using SpyBot to Remove Spyware from Your PC
- Virus Alert! W32.Beagle.AG & W32.Beagle.AH
- How Do I Know If I'm Still Connected?
|
