I can't logon my toshiba portege m400 - s5032x a error message shows up saying Isass.exe application error the application failed to initialize properly (0xc0000005). Click on ok to terminate the...
Your system is infected by Sasser worm.The Sasser worm infects machines via network connections. It can attack entire networks of computers or one single computer connected to the Internet. The worm exploits a known windows vulnerability that is easily patched, however few systems seem to have this patch installed. It attacks Windows 2000 and Windows XP machines along with Windows NT and Windows Server 2003.
The patch from Microsoft known as the MS04-011 Security Update fixes the following vulnerabilities:
LSASS Vulnerability
LDAP Vulnerability
PCT Vulnerability
Winlogon Vulnerability
Metafile Vulnerability
Help and Support Center Vulnerability
Utility Manager Vulnerability
Windows Management Vulnerability
Local Descriptor Table Vulnerability
H.323 Vulnerability
Virtual DOS Machine Vulnerability
Negotiate SSP Vulnerability
SSL Vulnerability
ASN.1 “Double-Free” Vulnerability
Download the Windows patches for this vulnerability.Here is the link below:
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
How Can I Remove the Sasser worm?
Follow these steps in removing the Sasser worm.
1) Disconnect your computer from the local area network or Internet
2) Terminate the running program
Open the Windows Task Manager by either pressing CTRL+ALT+DEL, selecting the Processes tab or selecting Task Manager and then the process tab on WinNT/2000/XP machines.
Locate one of the following programs (depending on variation), click on it and End Task or End Process
avserve.exe
avserve2.exe
skynetave.exe
any process running with the "_up.exe" suffix
Close Task Manager
3) Activate the Windows XP Firewall (if running Windows XP) or another firewall to prevent the worm from shutting your system down while downloading the patches. To activate the Windows XP firewall, follow these steps.
Click on Start, Control Panel
Double-click on Networking and Internet Connections, then click on Network Connnections
Right-click on the connection you use to access the Internet and choose Properties
Click on the Advanced Tab and check the box
"Protect my computer and network by limiting or preventing access to this computer from the Internet"
Click OK and close out of the Network and Control Panel
4) Remove the Registry entries
Click on Start, Run, Regedit
In the left panel go to
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>Current Version>Run
In the right panel, right-click and delete the following entry
"avserve.exe"="%Windir%\avserve.exe"
"avserve2.exe"="%Windir%\avserve2.exe"
"skynetave.exe"= "%Windows%\skynetave.exe"
Close the Registry Editor
5) Delete the infected files (for Windows ME and XP remember to turn off System Restore before searching for and deleting these files to remove infected backed up files as well)
Click Start, point to Find or Search, and then click Files or Folders.
Make sure that "Look in" is set to (C:\WINDOWS).
In the "Named" or "Search for..." box, type, or copy and paste, the file names:
avserve.exe
avserve2.exe
skynetave.exe
C:\win2.log
Click Find Now or Search Now.
Delete the displayed files.
Empty the Recycle bin
6) Reboot the computer and update your antivirus software, and run a thorough virus scan using your favorite antivirus program.
For Automatic Removal of Sasser, download the Symantec removal tool, you'll still need to download the patches above and install them, however this removal tool will stop the Sasser worm from running, remove the items in the registry, and delete the infected files.
×