Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!


How to remove the sasser worm from any computer

Save your company's valuable data with Proxy Sentinel™ from Internet Security. Click here for all the details.

May 4, 2004

The Sasser worm has infected millions of computers world wide and may still be rising sharply. Reports were spread yesterday that high profile Sasser infections have included the UK Maritime and CoastGuard, the Westpac Bank in Australia, and the French Stock Exchange and the France Presse news agency.

The Sasser worm targets a security hole in Microsoft Windows and spreads by scanning for random IP addresses and exploiting a buffer overrun vulnerability recently reported by Microsoft for the Windows operating system.

Anyone connected to the Internet, including corporate networks and broadband subscribers, may be at risk from this family of worms. While Sasser is not the first worm to take advantage of the Microsoft vulnerability, it uses a method of propagation to spread broadly and at an exponential rate.

If your computer has been infected with Sasser, here are some simple instructions for removing the Internet virus.

Step 1) Disconnect your computer from the Internet.

Step 2) Locate and stop the worm’s actions: Press the keys “Ctrl” “Alt” and “Del” at the same time. That should launch Windows Task Manager. Click on the “Processes” tab. Look for a file called “aserve.exe” or “*_up.exe”. If one of these files appears, highlight it and click on the “End Process” button. Click “yes” when it asks for confirmation.

Step 3) Find and delete the worm: Click on the “Start” button in the bottom left corner of your screen, then choose “Search.” Search your entire computer (in the field next to the “all files and folders” option) for the following files: “avserve.exe” and “*_up.exe.” Delete any matching files.

Step 4) Enable a firewall: Right-click on the Internet connection icon in the bottom-right corner of your screen (or wherever the task bar is located). Click on “open network connections.” When a box pops up, right-click on the connection you use to get online, and select “properties.” Then, on the “Advanced” tab you should see a box underneath the words “Internet connection firewall.” If that box is not checked, check it.

Step 5) Reconnect your computer to the Internet.

Step 6) Go to Microsoft’s Windows Update (windowsupdate.microsoft.com). Let the site scan your computer and apply any “critical” updates.

Step 7) Check to make sure your computer is disinfected: Visit Microsoft’s Sasser page on its Web site and click on the button that reads “Check My PC for Infection.” Follow the instructions provided.

If your computer continues to try to restart:

Click on the “Start” button at the bottom-left corner of your screen, then choose “Run” from the list of options. Type “cmd.exe” (without the quotation marks). When a command prompt pops up, type in “shutdown -a” (again, without the quotation marks). That should stop the reboot process and give you enough time to carry out steps 2 through 4.

Source: Search Engine Journal


Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.


Back to the top of the page.         

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.

Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca 2003    Terms of use    Privacy agreement    Legal disclaimer