avserve.exe - Dangerous
avserve.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
Sasser is an Internet worm that exploits the MS Windows LSASS vulnerability described in Microsoft Security Bulletin MS04-011.
Microsoft released a patch for this vulnerability on April 13, 2004, while Sasser.a was first detected on April 30, 2004.
Sasser operates in a very similar manner to Lovesan, except that Lovesan exploited a vulnerability in the PRC DCOM service, not the LSASS service.
Sasser affects computers running Windows 2000, Windows XP, Windows Server 2003.
Sasser functions on all other versions of Windows but is unable to infect them by attacking via the vulnerability.
An error message about the LSASS service failing which usually also causes the system to reboot.
Sasser creates the file 'win.log' in the C drive root directory where the worm records the IP-addresses of all attacked machines.
Copies itself into the Windows root directory under the name avserve.exe
and registers this file in the system registry autorun key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avserve.exe" = "%WINDIR%\avserve.exe"
Use RegRun Startuip Optimizer to remove this worm.