Shut down my server

  • Thread starter Thread starter Juan Cabrales
  • Start date Start date
J

Juan Cabrales

Hello

I have a problem with a server . the server windows 2000
is shut down 2 times on the day . I thing is a virus
sass.exe. I delete the virus but the server shut down
still.
Can you help me whit any solution or somthing
 
You may also have other virus infections if your network or system was
vulnerable enough to get one already. Often it is not possible to "fix" an
infected system to the point of making it reliable without a format and
reinstall of the operating system. You need to at least do a full system
scan with the latest virus definitions from your vendor and get a second
opinion for something like the free Stinger download from McAfee as in the
link below.

http://vil.nai.com/vil/stinger/

However I would not attempt any of that until you have a firewall in place
to protect your network and are using an antivirus to scan all emails also.
Installing critical updates is also important, ideally doing a full system
backup before installing any in case of a problem. The links below may be
helpful. --- Steve

http://www.microsoft.com/security/protect/
http://securityadmin.info/faq.asp#virustoc --- tips from the FAQ on virus
infections
 
Hi Juan,

You need to install a patch to prevent Sasser from attacking your system
again. The patch can be installed and the worm can be removed using the 4
steps below:

1. Stop the "Server" service temporarily on the machine to prevent the
malicious packets from reaching the vulnerable software.

a) Click Start and then click run and type ‘cmd.exe’ and press enter.
b) In the new command prompt type "net stop server /y" and press enter.

2. If you are experiencing problems with the computer, like slow response,
terminate (click on the Process, then click End Process) the following
processes in Task Manager (Task Manager can be brought up by right-clicking
the Task Bar or typing "taskmgr" under Start --> Run).

a) any process ending with _up.exe
b) any process starting with avserv
c) hkey.exe
d) msiwin84.exe
e) wmiprvsw.exe

Note: There is a legitimate system process called ‘wmiprvse.exe’ that does
NOT need to be terminated.

3. Download and install the MS04-011 patch:

Download and install the MS04-011 patch from the MS04-011 download link for
the affected machines operating system before cleaning the system. If the
system is cleaned before the patch is installed it is possible that the
system could get re-infected prior to installing the patch.

The URL for the bulletin which contains the links to the download location
for the patch:
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Select the appropriate Operating System (In your case, it is Microsoft
Windows XP and Microsoft Windows XP Service Pack 1) from the list and click
on "Download the update". Click on Open and it will download and install
the patch.

Allow the Computer to restart after installing the patch.

4. Run the Sasser cleaner tool from the following URL:

http://www.microsoft.com/downloads. You need to click on Sasser (A-F) Worm
Removal Tool (KB841720) from under the Most Popular Downloads section.

You would then need to click on the download button towards the right of
the screen.

Click on Open when it opens up the dialog box. When it pops up a license
agreement screen, select I Agree. Click next on all the following screens.

If you are experiencing problems with the computer, like slow response
while downloading, follow the steps in option 2 above.

The Sasser cleaner will remove the Sasser worm from your Computer.

After running the Sasser cleaner tool, do full system scan of the Computer.

If you do NOT have an anti-virus product installed, you can visit HouseCall
from TrendMicro to perform a free scan using the following URL:
http://housecall.trendmicro.com/.

Hope this helps.

Ashok
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top