If you stop downloading spyware for free on your computer, this user guide will help you fix it.
What To Do Now
Use the following free Microsoft software to detect and remove this threat:
- Windows defender for Windows 10 and Windows 8.1 or Microsoft Security Essentials for Windows 7 and Windows Vista
You should also do a full scan. A full scan can find other hidden malware.
Disable automatic execution
This threat attempts to use the Windows AutoPlay feature to propagate through removable storage devices such as USB drives. You can disable autorun to prevent worms from spreading:
- Disable Windows Autostart
Scan removable disk
Be sure to scan any removable or portable drives. If you have Microsoft security software installed, see this section on our software help page:
- How to scan a removable disk, such as a B. flash drive?
Get More Help
You can also find add-onsSee our advanced troubleshooting page for more help.
If you’re using Windows XP, see our Windows XP end of support page.
W32 / Sasser-G is a network worm that spreads using the Microsoft LSASS vulnerability.
W32 / Sasser-G also creates and runs SKYNET.CPL in the Windows folder, which Sophos recognizes as W32 / NetSky-AC.W32 / Sasser-G is a network worm that spreads using the Microsoft LSASS vulnerability.
The worm copies itself as AVSERVE3.EXE to the Windows folder and sets the following registry entry to start automatically when the user logs on:
HKLM Software Microsoft Windows CurrentVersion Run
avserve3 = avserve3.exe
W32 / Sasser-G tries to connect to random IP addresses on TCP / 445 and TCP / 9996 ports and then exploits LSASS vulnerability. If successful, the FTP script will be downloaded and run on the remote computer, which will connect to port 5554 to download a copy of the worm via FTP.
W32 / Sasser-G may cause the LSASS.EXE program to terminate, usually prompting Windows to shut down and restart. However, W32 / Sasser-G tries to prevent the system from shutting down.
W32 / Sasser-G also creates and runs SKYNET.CPL in the Windows folder, which Sophos recognizes as W32 / NetSky-AC.