Unsolved
This post is more than 5 years old
1 Message
0
1219
Sasser virus
I have been infected by the worm virus and although I appear to have cleared my PC of all trace of it via various Virus programmes, I have a problem with an application called SKYNETAVE starting up each time I re-start my computer and driving my CPU to 100%. Are they linked in anyway?...I have deleted it and it is sitting in my recycle bin for now not causing a problem...anyone know what it is?
Karma Krakshot
59 Posts
0
May 3rd, 2004 17:00
ChrisRLG
3.9K Posts
0
May 3rd, 2004 20:00
=================
Use these to remove Malware (Virus, Spyware and Adware).
1) SpyBot Search and Destroy
After installing SpyBot Search & Destroy, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all the items it marks in red.
2) Get Ad-Aware
After installing Ad-Aware, and before running the program, first press “check for updates now".
Click "Connect" and install all updated components available. Click 'Finish'.
Press "Scan Now", then 'next', and let Ad-Aware scan your drives.
It will find a number of "bad" files and registry keys. Click 'Next' again.
Check all found items, and click 'next' once more.
It will ask you whether you'd like to remove all checked items. Click OK.
Always reboot the computer between each program - both of these may find things that they need to have a reboot of the machine to clear - please reboot and let them finish .
Failing those solving your problems a post of a hijackthis log for the experts to advise.
HijackThis From Here
or one of these other links:-
http://www.merijn.org/files/hijackthis.zip
http://www.aluriasoftware.com/tools/hijackthis.zip
http://mjc1.com/mirror/hjt/
Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary. Then run, scan, save log, then in notepad copy the FULL log by copy and paste as a reply to this post and an expert with HijackThis Knowldge, will have a go at giving advice. Please note the list of experts names below, very few forum regulars here have had this training.
DO NOT FIX ANYTHING WITH HIJACKTHIS WITHOUT EXPERT ADVICE, most of what it finds you need for normal MS Windows tasks.
Known Spyware HijackThis fighters in DellTalk - If you are, and are not on the list please PM Me.
TomCoyote (of http://tomcoyote.org/forums/index.php fame)
YoKenny (Accredited Expert at TomCoyotes)
baskar1234 (Teaching Assistant at TomCoyotes, Trusted Advisor Spywareinfo)
ChrisRLG (Classroom Coordinator at TomCoyotes, Trusted Advisor Spywareinfo)
Tuxedo Jack (Teaching Assistant at TomCoyotes, Trusted Advisor Spywareinfo)
Yellowhammer (Trusted Advisor at Net-Integration, First Responder at Computer Cops)
tashi (Helper at Spywareinfo, in training at TomCoyotes)
therock247uk (In Training at TomCoyotes and Spywareinfo)
irelynmisses (In Training at TomCoyotes and Spywareinfo)
Texruss (In Training at TomCoyotes and Spywareinfo)
PGPhantom (In Training at Spywareinfo)
You could also go to one of the more specalist forums where more experts will be able to help.
http://tomcoyote.com/forums/index.php
http://forums.spywareinfo.com/index.php
http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi (Home of Spybot S&D)
http://boards.cexx.org/index.php
http://www.wilderssecurity.com/index.php
Do read the sites FAQ before posting, and advise your problem and what steps you have already done to try to cure your problem.
I, and the other hijack experts mentioned above, are in all those sites (and more) with the same login names. You might get one of us at those sites also to anwser your log, but other experts will also be available.
Karma Krakshot
59 Posts
0
May 3rd, 2004 21:00
ChrisRLG
3.9K Posts
0
May 3rd, 2004 21:00
No it does not mean that someone is not trying to hack you, it should mean that they have not succeeded.
Please post back in your logs thread to bring it back to our attention, not in someone else's thread please.
Karma Krakshot
59 Posts
0
May 5th, 2004 13:00
Midnight Star
4.8K Posts
0
May 7th, 2004 01:00
Have you seen this before or is it something that just started? I'm not sure what SKYNETAVE is, but to rule out a wireless card's driver, do you have a wireless card in your computer? Are you actually using a wireless connection? If yes to both, press CTRL ALT DEL (windows xp) to bring up the Windows Task Manager. Look for the program running in either the Application or Processes tab. You can sort them by clicking on the column description just above all the names. Click on the entry SKYNETAVE and click on End Task. When the process ends, if you can still use your wireless connection successfully this is probably something other than a wireless card's driver. The AVE part of the file's name seems supicious since AVE is also part of the SASSER worm's file name.
Mike.
Midnight Star
4.8K Posts
0
May 7th, 2004 01:00
Here, I just did a google search on the filename SKYNETAVE.EXE. And McAfee reports it as the SASSER worm. You need to run windows update to patch your operating system, otherwise you'll get it again. It gets on your system without opening an e-mail attachment. In fact, it can get on your system merely by connecting to the internet. There's a flaw in windows xp that allows this to happen. Your computer can respond to internet traffic without reading e-mail or browsing the internet. While connected, different layers of your operating system might be listening to certain ports open to the internet. That's how the SASSER comes in.
Here's the McAfee link: http://hq.mcafeeasap.com/dispVirus.asp?virus_k=125012
And here's the Microsoft link about the SASSER worm: http://www.microsoft.com/security/incident/sasser.asp
I hope that helps.
Mike.
ChrisRLG
3.9K Posts
0
May 7th, 2004 13:00
Please post your hijackthis logs in NEW MESSAGES and we will get round to answering. We are struggling to keep up, and so are all the other anti-malware forums (so who have even asked for our help for them).
So please post your logs and we will get to them.
Karma Krakshot
59 Posts
0
May 7th, 2004 13:00
Midnight Star
4.8K Posts
0
May 7th, 2004 20:00
Karma,
I guess that would depend on if someone would prefer owning a worm farm as opposed to spraying for rampant tilde '~' files strewn all over your harddrive.
Wait! There's another one on my desktop! Does that mean that just now, someone tried to hack my system, and it was expertly foiled by a windows patch? Wow! That's better than a warning bell. Is there a preferences setting to turn it off?
Just wondering...
Mike.
Karma Krakshot
59 Posts
0
May 7th, 2004 21:00
Midnight Star
4.8K Posts
0
May 7th, 2004 22:00
Sorry if I did. What I was actually addressing was a potential sasser worm file - I'm no expert by far. The choice I was eluding too would be to allow the worm to continue to install itself (operating a computer based worm farm), or installing a patch that would plug the hole, but possibly creating another. Like the patch that caused Outlook Express to create backup files on my address book all over my harddrive under the '~' (tilde) file name.
Mike.