The world is plagued with a number of recurring viruses and if you are unfortunate enough to get one of the monsters below, then you can use a free tool from McAfee to not only remove it from your computer, but also help repair any damage that might have been done in the attack.

Take a look at the list below and if your PC is infected with one of these, then McAfee can help:

• Sasser (virus name) – McAfee Avert Stinger (removal tool);
• Bagle – McAfee Avert Stinger;
• Zafi – McAfee Avert Stinger;
• Mydoom – McAfee Avert Stinger;
• Lovsan/Blaster – McAfee Avert Stinger;
• Klez – Klez Removal Tool;
• Bugbear – Bugbear Removal Tool.

Let’s take a look at one of the best known of the suspects above: Sasser. This can be removed using the McAfee Avert Stinger tool. With the Sasser, the indication that you have been infected comes with the prescence of the file avserve3.exe and registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "avserve3.exe" = C:\WINDOWS\avserve3.exe.

The Sasser, which is known in the trade as a worm, spreads by exploiting a Microsoft software vulnerability and it spreads from machine to machine with no user intervention needed.

It employs a propagation mechanism which has been used many times before. Basically, Sasser spends its time scanning random IP addresses in the hope that it will spot an exploitable system. When it comes across such a system, the worm exploits it by overflowing a buffer in LSASS.EXE. And it creates a remote shell on TCP, port 9996.

Once that’s been achieved, it creates an FTP script which is named cmd.ftp on the remote host and executes it. Then the FTP.EXE application, via the FTP script, is used to retrieve the worm back to the remote host, from the infected machine. After that particular process, the worm is then executed. What happens then is that the FTP script instructs the victim computer to download and execute the worm from the infected host.

Sasser come sunder many guises, including Sasser.G, W32. Sasser and Worm.Win32Sasser.g. (this often depends on which anti-virus programme has labelled a particular virus).

The McAfee Avert Stinger is a stand-alone tool which is used when a particular virus needs to be detected and then removed. McAfee make it clear that it is not to be used instead of anti-virus protection software, but as a specific tool when dealing with a particular type of virus attack.

Guest Article by Neil Camp

Coinciding with the release of Microsoft’s new operating system, McAfee has announced that its computer security products fully support Windows 7, the next stage on from Windows Vista.

McAfee highlighted the fact that its security products for consumers and businesses provide the necessary protection for Windows 7 users to cope against viruses such as spyware, Trojan horses, hacker intrusions and malicious Web sites. Furthermore, the encryption and data loss prevention solutions for enterprises from McAfee, will also support Windows 7.

Dave DeWalt, McAfee president and chief executive officer, said:
“McAfee technology ensures computer users around the globe have security protection available for their use of Windows 7. People upgrading their operating system should also upgrade their computer security. We continue to see an elevated cybersecurity threat landscape with unprecedented levels of malicious software seen this year by McAfee Labs. Windows 7 is just as prone to attack as previous versions of Microsoft’s operating systems.”

McAfee goes on to say that Microsoft has already had to take action against critical security flaws in its new operating system. It recently issued its biggest software patch yet to fix a range of security issues in its software programs, including Windows 7.

One of the main security flaws centred on the potential ability of a remote attacker to commandeer a vulnerable Windows system after the user simply views a rigged Web site.

McAfee say they were quick to react to the threat, providing protection against exploitation of most of these security threats on the day of Microsoft’s patch release.

All McAfee’s Enterprise products, which are designed to protect computers used by companies, businesses, governments and other organisations, support Microsoft Windows 7. This includes McAfee’s flagship products, McAfee Total Protection for Endpoint and the McAfee Total Protection Service.

On the consumer front, all McAfee’s products support Microsoft Windows 7. As regards existing customers, they have already begun receiving the latest version of McAfee-based products that support the new operating system. Other McAfee users can install the Windows 7 compatible version from the McAfee.com Web site.

McAfee offers its customers wide-ranging protection measures against vulnerabilities and threats that user’s systems, data and family are exposed to with the new Microsoft operating system and other third party applications.

Guest Article by Neil Camp