avserve.exe - Dangerous
avserve.exe
Manual removal instructions:
Antivirus Report of avserve.exe:
avserve.exe
Worm.Win32.Sasser.a
Sasser is an Internet worm that exploits the MS Windows LSASS vulnerability described in Microsoft Security Bulletin MS04-011.
Microsoft released a patch for this vulnerability on April 13, 2004, while Sasser.a was first detected on April 30, 2004.
Sasser operates in a very similar manner to Lovesan, except that Lovesan exploited a vulnerability in the PRC DCOM service, not the LSASS service.
Sasser affects computers running Windows 2000, Windows XP, Windows Server 2003.
Sasser functions on all other versions of Windows but is unable to infect them by attacking via the vulnerability.
An error message about the LSASS service failing which usually also causes the system to reboot.
Sasser creates the file 'win.log' in the C drive root directory where the worm records the IP-addresses of all attacked machines.
Copies itself into the Windows root directory under the name avserve.exe
and registers this file in the system registry autorun key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avserve.exe" = "%WINDIR%\avserve.exe"
Use RegRun Startuip Optimizer to remove this worm.
| avserve.exe | Malware |
| avserve.exe | Dangerous |
| avserve.exe | High Risk |
Sasser is an Internet worm that exploits the MS Windows LSASS vulnerability described in Microsoft Security Bulletin MS04-011.
Microsoft released a patch for this vulnerability on April 13, 2004, while Sasser.a was first detected on April 30, 2004.
Sasser operates in a very similar manner to Lovesan, except that Lovesan exploited a vulnerability in the PRC DCOM service, not the LSASS service.
Sasser affects computers running Windows 2000, Windows XP, Windows Server 2003.
Sasser functions on all other versions of Windows but is unable to infect them by attacking via the vulnerability.
An error message about the LSASS service failing which usually also causes the system to reboot.
Sasser creates the file 'win.log' in the C drive root directory where the worm records the IP-addresses of all attacked machines.
Copies itself into the Windows root directory under the name avserve.exe
and registers this file in the system registry autorun key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avserve.exe" = "%WINDIR%\avserve.exe"
Use RegRun Startuip Optimizer to remove this worm.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.