Symptoms in a HijackThis Log:
O4 - HKLM\..\Run: [avserve2.exe] C:\WINDOWS\avserve2.exe
O4 - HKLM\..\Run: [avserve.exe] C:\WINDOWS\avserve.exe
If you are infected with the sasser virus, your computer may shutdown on its own. If this happens, you can do the following to stop the shutdown:
Click on Start then Run and type shutdown /a in the field and press the OK button.
Now that the computer is not longer shutting down, you should go to this website:
This site contains information about the Sasser virus and has a tool that you can use to detect and remove it from your computer. If the Microsoft tool does not work, there are additional links to other removal tools at the bottom of the page.
When the virus has been removed you should now run these two online virus scans to make sure there are no other remnants left behind:
This is a self-help guide. Use at your own risk.
BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our Hijackthis Logs Forums.
If you have any questions about this self-help guide then please post those questions our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you.