Trains.com

Subscriber & Member Login

Login, or register today to interact in our online community, comment on articles, receive our newsletter, manage your account online and more!
Login
Register

Danged Sasser Worm!!

998 views
8 replies
1 rating 2 rating 3 rating 4 rating 5 rating
Roadtrp
  • Member since
    November 2003
  • 760 posts
Danged Sasser Worm!!
Posted by Roadtrp on Thursday, May 20, 2004 2:03 AM
I knew I shouldn't have gone to a new computer. In fact, I was telling you guys about that last week. Well, they sent a new one home from work and wanted the old one back so I had no choice. Sunday I made the switch.

It was ugly. It always is. Half the applications that ran just fine on Windows 95 didn't want to run on XP. So I messed around and finally got most of them running.

Until I tried connecting to the net. The geniuses at work had forgotten to put a modem in my computer. Sure, at work we don't need them. But I sure as heck need one at home. So on Monday I asked them to order me one. It came in today, and I installed it this evening.

Then I reinstalled my MSN software and was ready to connect to the net. It WORKED!!! Oh happy day!! For a little while. Until my computer started crashing like crazy every time I tried connecting to the net. Hmmm...

I looked at my Task Manager, and it seemed that something called avserv2.exe was sucking every last drop of life from my computer. So I killed the process. Oh happy day again. Things are working. Until I start the computer again, and avserv2.exe is back. So this time I don't mess around. I kill the process AND delete the damned file.

Again, I am cruising down the internet superhighway. Until holy crap!!! Avserv2.exe is back again. OK, now I KNOW I have some kind of virus or worm. So I connect to Symantec and download the latest anti-virus definitions.

I run it and sure as heck, good old avserv2.exe is quarantined. It is identified as the Sasser worm. So now the 'puter is fine and dandy again. But it has taken me 4 days of pulling my hair out to get it that way.

My old Windows 95 computer was better. It was so old that viruses didn't affect it. And sadly, going over a dialup connection the new one isn't even any faster than the old one was. So newer is not always better.

By the way. This board is DISEASED. Every time I started crashing tonight was after connecting to this site. Now that I have my virus protection running, I've been notified TWICE while writing this post that the nasty avserv2.exe file has been found and quarantined.

Earth to TRAINS... You guys are killing us. Get some darned patches on your server so you stop passing it on to us. Our server at work ALWAYS has the latest patches, so this stuff doesn’t get passed on.

PLEASE. (Edited to add: It has been pointed out that the worm is probably not coming from Kalmbach, but from google ads that are present. Sorry guys. Just the same, I hope whoever runs your server always keeps up to date on patches.) [:)]
-Jerry
Report Abuse Back to Top
lupo
  • Member since
    November 2003
  • From: the Netherlands
  • 1,883 posts
Posted by lupo on Thursday, May 20, 2004 5:28 AM
Hi Roadtrip,
to keep the sasser worm out you should use a firewall, blocking ports on your computer, that is how sasser gets in, just being connected to internet is enough to let these pests in.
XP has a build in protection you could use or you can try zonealarm:
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=zadb_zadown
if you are allready infected you could try this link to exterminate some digital vermin:
http://vil.nai.com/vil/stinger/

hope it helps,
LUPO
L [censored] O
Report Abuse Back to Top
Big_Boy_4005
  • Member since
    December 2003
  • From: St Paul, MN
  • 6,218 posts
Posted by Big_Boy_4005 on Thursday, May 20, 2004 7:36 AM
Jerry, the problem is most likely not with Kalmbach's system, but rather the Google ads on the side of the page. I had a problem for a couple of days a short while back. It seems I visited a completely different website, and picked something up. It caused me nothing but trouble. I was finally able to isolate it and restore the system, but this thing was nasty!!!! Once it gets a hold of you, it doesn't want to let go.

Have you ever gone to a site and been bombarded by pop ups and links the second you enter? I have a feeling that's how the crap starts. You have no way of knowing until it's too late. I think that ME is immune to sasser, unlike XP. Did you get the patch from Microsoft? Hindsight is 20/20, but that should have been the first stop online. It is a lot harder to load the patch once infected.

It is probably a good idea to download some freeware while things are working. This way when something goes wrong, you don't need the internet connection to try and fix it.

I'm back!

Follow the progress:

http://ogrforum.ogaugerr.com/displayForumTopic/content/12129987972340381/page/1

Report Abuse Back to Top
ndbprr
  • Member since
    September 2002
  • 7,474 posts
Posted by ndbprr on Thursday, May 20, 2004 7:56 AM
You guys need to get Pop up stopper. IT is a free program you install and it stops pop ups about 99% of the time. This is the first I knew there were pop ups here. Also download pest patrol it finds and deletes adware and spyware cookies.
Report Abuse Back to Top
Anonymous
  • Member since
    April 2003
  • 305,205 posts
Posted by Anonymous on Thursday, May 20, 2004 7:58 AM
The guy that created Sasser was acuahgt, he lived in Germany I think..?

Has anyone noticed that the *** who released Sasser A, B and C has been put in Jail, or his computer was seased.. that...

SASSER D, E, F ARE STILL COMMING OUT?
Report Abuse Back to Top
scotttmason
  • Member since
    February 2002
  • From: within earshot of CP
  • 64 posts
Posted by scotttmason on Thursday, May 20, 2004 10:00 AM
Some day the mail hosts will get the idea and nationalize a "do not call" list of these attachments allowing people to report or get listed automatically after the 1000th transfer in a minute. Too many operating system holes too. And spammers relaying from my mailhost... don't get me started.
Got my own basement now; benchwork done but no trains, yet.
Report Abuse Back to Top
Anonymous
  • Member since
    April 2003
  • 305,205 posts
Posted by Anonymous on Thursday, May 20, 2004 2:39 PM
I've had nothing but problems like you guys are complaining about ever since I started frequenting and posting on Kalmbach's Forums-both this one and "Scale Auto"s. I too have XP, have installed SpyBot S&D, MeAfee, Norton firewall, and Google's popup bloker. I have all of the Windows updates for XP installed. I use MSN for email, use Internet Explorer 6, and am hooked up to Adelphia's hi-speed cable modem access.

I esp. have problems w/ a bizarre program that inserts itself surrounding key words, like car, hotel, jobs, gifts, jobs, travel, meds, adware,and so on. It has www.targetwords.com in the body of the insertion, and whenever I need to edit a posting and one of those key words is in the text, the word is highlighted in 'blue' and underlined in a freehand sort of way. Do not click on it if you see that , for it will open up a full screen that promises to search for that particular subject. It can be hard to get rid of it after you open it , and all of the bandaids are not effective at fixing it.

There's a particularly aggressive full screen popup that repeats itself, one on top of the other, for as many as twenty or more 'layers', and it will crash your PC in the process.(it's prescriptions-R-us.biz (located in Hialeh, FL) Also, Spy Detector (located in Atlanta, GA ) is doing the same thing, but has settled down into just an annoying popup. I have filed complaints w. the FTC and emailed those companies, as well as threatened legal action against the med. company when I got them on the phone.

It makes it impossible to work at home sometimes, and since that is my only place to work, it really sucks !

MSN has ignored my emails re: these problems. It's interesting that the same aggressive popups I've described are adverising on MSN's home page. Perhaps that greedy sob Gates knows whar he's doing, for we'll have to once again upgrade to a newer system, because XP is so compromised and has as many holes as a 4x8 sheet of pegboard. Right now there's a "Get a Free $50 Gift" popup that I can not close on the screen.

Kalmbach is possiby a contributor to the problem, for certain quirks only happen on their Forums. I think we need to insist that they address this. it's not good for (their) business.

BILL
Report Abuse Back to Top
scotttmason
  • Member since
    February 2002
  • From: within earshot of CP
  • 64 posts
Posted by scotttmason on Thursday, May 20, 2004 3:54 PM
I'm running Explorer 5 but have a habit of keeping my left hand fingers over command-w keys (close window) when the popups start hitting. Haven't had a worm in about 4 years, or downloaded patches for system security holes or software removal either. Haven't had problems with the forums (SNITZ is common and I use it elsewhere) but add content on side does causes it to load slowly. Running system 9.2 on a MAC and stability is a plus.
Got my own basement now; benchwork done but no trains, yet.
Report Abuse Back to Top
Anonymous
  • Member since
    April 2003
  • 305,205 posts
Posted by Anonymous on Thursday, May 20, 2004 8:05 PM
Hi,

There are a number of things that can be done. And it is necessary to have a combinationof programs to be effective. I run a dual boot XP and WIN98SE on my internet computer.

I have had no problems with MR at all.

My setup:

Zone Alarm
Adaware
ETrust AVG
HiackThis
Spybot

Each one does does something different. Together - they are effective. Another thing you can do is put your self behand a router. With ZA and a router it is very difficult to see your IP. Also check your cookies folder and temp internet folders and get rid of the junk in them. If you don't recognize a cookie dump it.

Report Abuse Back to Top

Subscriber & Member Login

Login, or register today to interact in our online community, comment on articles, receive our newsletter, manage your account online and more!

Users Online

There are no community member online

Search the Community

ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
Model Railroader Newsletter See all
Sign up for our FREE e-newsletter and get model railroad news in your inbox!
Sign up
        See inside the current issue of Model Railroader Magazine

        Renew
        Digital Editions
        Give a Gift
        Customer Service
        Kalmbach Media
        More great sites from Kalmbach Media: