skynetave.exe - Dangerous
skynetave.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
W32.Sasser.D can only execute on Windows XP systems. The worm can exploit a vulnerable (unpatched) Windows 2000 machine remotely and copy itself to that machine. However, it will exit before running any code. In such cases, this worm will produce the following error:
The procedure entry point IcmpSendEcho could not be located in the dynamic link library iphlpapi.dll.
Block TCP ports 5554, 9995, and 445 at the perimeter firewall and install the appropriate Microsoft patch (MS04-011) to prevent the remote exploitation of the vulnerability.
This threat is written in C++ and is packed with PECompact.
Removal: install the patch, remove from startup by RegRun Startup Optimizer.