Virus-related computer question

[Guest jpurdy2003]

Alright, so my secondary PC (Windows XP Professional, Gateway) got owned by Sasser back in late April/Early May. I cleared it up with Panda QuickRemove for each variant of the virus (A, B, C, and D) and ran windows update. All has been well since May 7th, which was the day I disconnected it from the internet. It has not been online since. However, symptoms of infection have reappeared (automatic shutdowns for no reason that refer to the "Remote Procedure Call Service"). I thought that the Panda QuickRemove and Windows Update would have fixed the problem, but apparently I'm wrong.

 

My questions to the board are:

 

1. What's wrong?

 

2. How do I fix it?

[Guest riggs867]

If you go to the registry, you should see:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\

CurrentVersion\Run "skynetave.exe" = %WinDir%\skynetave.exe

 

That will tell if you have the virus or not. You might try downloading a different tool this time (i.e. McAfee or Symantec / Norton). They may do some things the other clean tool didn't. I am pretty sure the removal tools are free from both of the big boyz.

 

Microsoft's security patch for W32.Sasser.worm.* can be found at:

 

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

 

Since this was one badass worm, and it went through a few variants, it wouldn't hurt to run the latest stuff on your machine again.

 

The D variant (I think the last one) used the file skynetave.exe to spread. You may want to do a search for this file and delete it if you find it.

[Guest jpurdy2003]

I'll try these tonight and let y'all know how it works out.

[stealthmonkey]

I have a better remedy for you specifically.

Take 45mm desert eagle & then load.

Point end at Computer case

and pull trigger.

Virus Problem and computer idiot problem fixed.