weird avserve.exe file !!!

az0000000 · #1 05-01-2004, 08:03 AM

a weird file was somehow created in windows folder and at startup it starts and takes 60% of my RAM
i checked creation day and it looked like it was created at the same hour I noticed the problem, i guess through some internet site navigation
first, i stopped that service manually by task manager, than i deleted it from windows folder, and now i am up to clean up the registry from that file completely, but i am not sure if it is a needed file and what is it.
did it happen to any of you ever? did anyone hear of such file? i browsed the internet and did not find even such file name.
i want to delete any reference to that file in the registry/run section, but not sure is is good to do that

Weird!!!
I decided to restart computer without cleaning the registry from this strange file and again!!!
Even I’ve deleted the file and cleaned the recycle bin it was created again in C:\WINDOWS folder!!! And it stilled 60-70% of my RAM again!!! Now I delete it again, and will definitely clean the registry/run section from it!!! May be that will help…

can anyone tell me what ig going on?
tanx a lot in advance!

Azn_tweaker · #2 05-01-2004, 08:54 AM

do u have Spybot and ad-aware 6.0 installed? if not download and install them. Remember to update both references.
this is for ad-aware do an "Full Scan" and post ur ad-aware log.

heres how to do an "full scan"
http://www.lavahelp.com/howto/fullscan/index.html

braindead · #3 05-01-2004, 12:25 PM

I looked around and found that avsev.exe is a file associated with NT 4.0 in a file name avwsntfr.exe. It is a IBM token ring. Do you have a IBM computer or NT 4.o on your computer?

az0000000 · #4 05-01-2004, 01:45 PM

tanx a lot everyone!

i found the reason
it is all about W32/Sasser.worm!!!
anyone that got infected with it consider visiting this links and follow instructions:

http://securityresponse.symantec.com...sser.worm.html

and

http://vil.nai.com/vil/content/v_125007.htm

as instructions are provided by strongest antivirus soft providers

good luck!

Azn_tweaker · #5 05-01-2004, 02:14 PM

did u get it removed?

az0000000 · #6 05-02-2004, 03:39 AM

Yes I did.
Actually most important part is installing that Microsoft patch that will simply stop virus from influencing your computer in any way.
Also now I know very clear where virus files are and can quarantine them with my antiviral prog even manually.

Azn_tweaker · #7 05-02-2004, 09:19 AM

ok Good.

ESALADUANE · #8 05-02-2004, 09:52 AM

For others with the same problem, Symantec has added a removal tool for Sasser to its Security Response page. See here:
http://securityresponse.symantec.com...oval.tool.html

The patch from Microsoft is one of the Security Updates for April (MS04-011).
http://www.microsoft.com/technet/sec.../MS04-011.mspx

Vincent9V · #9 05-02-2004, 11:42 AM

I had the same problem here, http://www.softwaretipsandtricks.com...threadid=10799.

Here is another way to delete
http://uk.trendmicro-europe.com/ente...=WORM_SASSER.A

az0000000 · #10 05-03-2004, 06:18 AM

tanx for this link http://securityresponse.symantec.co...moval.tool.html
since i use Norton Antivirus