Sign Up: Free Daily Tech E-letter  
Technology Home
Tech Policy
Government IT
Personal Tech
Special Reports


How to Remove the 'Sasser' Worm


_____On washingtonpost.com_____
'Sasser' Worm Strikes Hundreds of Thousands of PCs (, May 3, 2004)
German Teen Admits Making The 'Sasser' Internet Worm (The Washington Post, May 9, 2004)
'Sasser' Worm Strikes Hundreds of Thousands of PCs (, May 3, 2004)
Congress Takes a Stab at 'Spyware' (, Apr 29, 2004)
More Security News

E-Mail This Article
Print This Article
Permission to Republish
Tuesday, May 11, 2004; 1:52 PM

The "Sasser" worm that emerged on the Internet earlier this month can infect a computer even if no one is using it. Infected computers might display error messages and try to repeatedly reboot themselves. In addition, computers infected with Sasser may also be infected with other malicious programs that are harder to detect.

Below are instructions for removing Sasser plus tips on how to conduct a more comprehensive scan for other worms or viruses that may be on your computer.

1. Disconnect your computer from the Internet.

2. Locate and stop the worm's actions: Press the keys "Ctrl" "Alt" and "Del" at the same time. That should launch Windows Task Manager. Click on the "Processes" tab. Look for a file called "avserve.exe" or "*_up.exe". If one of these files appears, highlight it and click on the "End Process" button. Click "yes" when it asks for confirmation.

3. Find and delete the worm: Click on the "Start" button in the bottom-left corner of your screen, then choose "Search". Search your entire computer (in the field next to the "all files and folders" option) for the following files: "avserve.exe", and "*_up.exe". Delete any matching files.

4. Enable a firewall: Right-click on the Internet connection icon in the bottom-right corner of your screen (or wherever the task bar is located). Click on "open network connections". When a box pops up, right-click on the connection you use to get online, and select "properties". Then, on the "Advanced" tab you should see a box underneath the words "Internet connection firewall". If that box is not checked, check it.

5. Reconnect your computer to the Internet.

6. Visit Microsoft's Windows Update site: go to Let the site scan your computer and apply any "critical" updates.

7. Check to make sure your computer is disinfected: Visit Microsoft's Sasser page on its Web site and click on the button that reads "Check My PC for Infection". Follow the instructions provided.

If your computer continues trying to restart repeatedly:

Click on the "Start" button at the bottom-left corner of your screen, then choose "Run" from the list of options. Type "cmd.exe" (without the quotation marks). When a command prompt pops up, type in "shutdown -a" (again -- without the quotation marks). That should stop the reboot process and give you enough time to carry out steps two through four.

1 2     Next >
Print This Article Home

© 2004 Washingtonpost.Newsweek Interactive

Company Postings: Quick Quotes | Tech Almanac
About | Advertising | Contact | Privacy
My Profile | Rights & Permissions | Subscribe to print edition | Syndication