Sasser Virus!

[Cap'n Refsmmat]

Just so you know, my Virus Scan just found a Trojan.

It's not like I'd search through all my computer to see if I have one, then delete it. Any AV program can search a lot faster than you can. So at least you can use one as a back-up. Would you search through every part of a download to make sure it doesn't contain a virus? I don't think so.

[Sayonara]

That sounds like an awful lot of work to me, and I don't believe you can identify an infection and locate the affected files without reference to external documentation.

[admiral_ju00]

That sounds like an awful lot of work to me, and I don't believe you can identify an infection and locate the affected files without reference to external documentation.

 

there's nothing wrong being a bit 'extra' geeky - provided that it doesn't adversely affect one's life quality.

so if someone and not just in fafs case, has a more or less unorthodox methods of doing things, then after a certain point in time it ceases to be a matter of skill, but one of pride and bragging rights

[alext87]

The person who set up and programed the Sasser virus has now been track down. He goes to a school in Germany and is going to face trial in a few months time.

 

Clever kid to have though up a program that has crashed so many computer systems!

[fafalone]

The affected files for the vast majority of what infects peoples computers these days are single executables that are always listed in some startup location. Just gotta find the suspicious looking entries.

[YT2095]

what exactly is C:\windows\avserve.exe anyway?

 

I`m guessing that AV means Audio/Visual?

 

and NOT AntiVirus in this instance.

[fafalone]

Just one of the filenames the sasser worm saves itself as.

[YT2095]

cool, thnx

[Dave]

The affected files for the vast majority of what infects peoples computers these days are single executables that are always listed in some startup location. Just gotta find the suspicious looking entries.

 

It's when you get the ones that like to screw the registry over a bit that you're going to have a problem.

[Sayonara]

It's when you get the ones that like to screw the registry over a bit that you're going to have a problem.

Or, like I mentioned earlier in the thread, a forced-writer.

 

Or a boot sector infection. Good luck with that one.

[fafalone]

Once those programs start running you're really screwed no matter what approach you use...

 

And if you're running programs from an untrusted source you deserve whatever happens...

[Sayonara]

Once those programs start running you're really screwed no matter what approach you use...

Yes, that's precisely why I use Sophos. With the Intercheck client running, they can't do anything.

 

And if you're running programs from an untrusted source you deserve whatever happens...

Agreed.

[fafalone]

You run a program that is always running, using your CPU and memory, and slowing things down?

[Sayonara]

Believe me, it's not a burden on my resources.

[Cap'n Refsmmat]

My computer is fast enough, and even with the virus scan disabled, it isn't noticibly faster. I suppose older computers would be slowed, but my fancy new one certainly isn't.

[aommaster]

yeah. Nowadays, the modern computers should have enough RAM to be able to withstand the load of these software without even showing traces of slowing down.

[NSX]

So for those of us that use A/V, which one do you use?

 

I read all 4 pages, & I've hard Norton tossed around quite a bit.

 

Sayo: you talked about that sophos, I'm intrigued; tell me more From what I've read on the site you gave me, they provide security solutions for business/corporations. How do you use it?

 

How does McAfee rate against Norton?

I always thought [back in the day] that McAfee ruled the market. Now, all my friends use Norton [& apparently alot of SFNers too].

[aommaster]

I use Norton, as for Mc Affee, I think it is rubbish! As for McAffee ruling te market in the olden days, YUP! Now its just rubbish!

[Sayonara]

McAffee is more for network solutions now.

 

Sophos has one installer with a choice of two deployment options: one for central deployment on a network, and one for installing to a single workstation (i.e. - your PC).

 

It runs a thing called "intercheck client" from your system tray, essentially a very resource-light mini scanner, which checks files as they are accessed. You can also launch the full "Sophos Antivirus" application and configure immediate or scheduled jobs.

 

It gives you plenty of options for configuring the thoroughness of scans, type of response to infections etc.

 

When you download Sophos, you also need to download any IDEs released since the client was released, then subscribe to their Virus Notification mailing list. They send you links to IDE files for new virus (typically before they are spotted "in the wild"), which you simply save to the Sophos installation directory. The next time the intercheck client starts it will register and use them.

 

If you have the network installation running, you can deploy new IDEs centrally. Also you can use tools that Sophos provide to auto-update.

 

The only disadvantage with Sophos is that every 4 months the client is upgraded and new IDEs will not work with the last version. That means you need to download it 3 times a year (unless you buy the license of course), but it's worth the minor hassle for a free industry-leading application.

[Law]

OMG i got hit by that sucker....i had to reformat my computer....and YES it stays on there. ooo i wish i dowloaded those windows patches.

[ed84c]

well you could have just typed in RUN: shutdown -a, and it would have prevented system shutdown, then downloaded sasser removal.........

[YT2095]

Ed yeah, that`s what it said to do on the MS website also, the only prob was getting to that part to read it before the puter shutdown LOL, that took me about 3 attempts, but each time was hindered by the fact that I had to get the owner to type in their password each shutdown

 

it was a real PITA!