Oh and tonight she finally got her task manager to come up...... in muliples(150 times)but every time she tries to end task on skynetave.exe(there are others to rid of aswell) it says the program you are about to eliminate(spelling)is part of the system(whatever) This Sasser thing is trying to block what-ever is being thrown at it...........this is starting to really piss me off and it's not even my computer.......but, I feel I should try and help sis get out of this HUGE mess

OK...your Sister has Norton on hers. After a little research with the Cmd prompt disappearing and what not, it would appear she has much more then the Sasser virus and in all likely hood has done irreparable damage to the system files. Having said that, she has one chance before she does a full re-format. Go to the good computer and in Norton it has an option to create a DOS boot that will scan and kill the virus and attempt to fix the system files and Registry. Create the floppy and re-boot the infected machine with the disk in the drive. If for any reason it doesn't work, then she's done. If there is info on the HD that she can't afford to lose, she needs to take it to a computer shop and they can extract the files from it. In either case the drive will have to be re-formatted and the OS system re-loaded ...with the updates.

Good Luck......

I think I have to agree with Gary on this

Damn, the bloody bug won. >

Thanks Gary.....I'll let her know Thats what I feared(I had to do that a few years ago) As they say, "live and learn......the hard way Well, at least they caught the thug(in Germany) I hope they make some kind of example of the little s..t. Well, thanks for all your help(both you and Annie) and I hope this will never happen again Take care

The virus copies itself to the Windows directory as avserve2.exe and creates a registry run key to load itself at startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run "avserve2.exe" = C:\WINDOWS\avserve2.exe
As the worm scans random ip addresses it listens on successive TCP ports starting at 1068. It also acts as an FTP server on TCP port 5554, and creates a remote shell on TCP port 9996.

A file named win2.log is created on the root of the C: drive. This file contains an IP address.

Copies of the worm are created in the Windows System directory as #_up.exe.

Examples

c:\WINDOWS\system32\11583_up.exe
c:\WINDOWS\system32\16913_up.exe
c:\WINDOWS\system32\29739_up.exe
-

Manual Removal Instructions To remove this virus "by hand", follow these steps:

Reboot the system into Safe Mode

(hit the F8 key as soon as the Starting Windows text is displayed, choose Safe Mode.


Delete the file AVSERVE2.EXE from your WINDOWS directory
(typically c:\windows or c:\winnt)

Edit the registry

Delete the "avserve2" value from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Reboot the system into Default Mode

Registry Removal Editing:

Windows98/ME/NT/2000/XP


1. Click the START button, then RUN
2. Type REGEDIT and hit ENTER

http://vil.nai.com/vil/SystemHelpDocs/images/Regedit1.gif

3. Click the + signs next to the desired folder to expand the folder tree branch

http://vil.nai.com/vil/SystemHelpDocs/images/Regedit4.gif

4. Once the desired folder path is visible, double-click on the value name on the right side of the screen (Default in this case)

http://vil.nai.com/vil/SystemHelpDocs/images/Regedit5.gif

5. Enter the desired value and click OK
6. Exit the Registry Editor by clicking on the X in the upper right corner of the Window

7. reboot into normal user mode



Don't format...

Remove it, update Windows and her AV application DAT files...

then scan that sucker...

and do it again...

Yeah..ok, I''m jumping ships.....Listen to John

any ray of hope, is worth trying



[Message Edited]

Unfortunately, John...the sasser bug doesn't appear to be the only thing she has. Besides that, the floppy I told her to create will do the same thing.....although I personally think it will be to no avail...

BTW: you been in the bathroom all this time??

Great....huge ass jumps ship........

Like your ass is any better!

na, just kind of off in never never land. Boomer jumped on me from behind tonight while out front and I took some pain killers. kinda prone now and not doing any graphics for a change.

If she's all messed up on the drive, she should probably go ahead and dink the sasser. then burn a cd of her data files she does not want to lose. She can scan those files if she decides to put them back on the drive after format, reinstall of XP, then AV "Carolelee, she wants that AV installed and functioning before even connecting to the net" then doing the XP updates.

Boomer jumped on me from behind

...seems to be a lot of 'ass' problems going around tonight...

yeah if it was my ass, he'd be the one laid up

wrenched my neck and lower back, never should have taught him to jump over my arm held at shoulder height while I am standing up. Frisbee though, tis key to a happy pup and a good time on the beach