Search for Free Tech Tips
Browse
Print Email

How to Remove the Sasser Virus

Infected systems should install the Microsoft update to be protected from the exploit used by this worm. See:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

If the system reboots before you are able to download and install the patch, the shutdown utility can abort a shutdown that is in progress (counting down). This utility is part of Windows XP.

  1. Click START, RUN
  2. Type SHUTDOWN -A and hit ENTER

Manual Removal Instructions
To remove this virus "by hand", follow these steps:

  1. Reboot the system into Safe Mode (hit the F8 key as soon as the Starting Windows text is displayed, choose Safe Mode.
  2. Delete the file AVSERVE.EXE from your WINDOWS directory (typically c:windows or c:winnt)
  3. Edit the registry
    • Delete the "avserve" value from
      • HKEY_LOCAL_MACHINESOFTWAREMicrosoft
        WindowsCurrentVersionRun
  4. Reboot the system into Default Mode

 
 
1

Article Information

Creation Date April 15,2008
Article Tags Microsoft Anti-Virus Protection
Advertisement

Can't find what you're looking for?


Submit a question or problem.

Infotree Web Services Website Designed &
Developed By
© 2008 freetechtips.com. All rights reserved.