Home > Need Help > Need Help With Sasser-like Virus

Need Help With Sasser-like Virus

Get behind a firewall. julian October 2, 2004 2:27 PM sorry, i forgot to mention im on windows xp Leo October 2, 2004 4:07 PM I'd try another virus checker. You can spend 3000$ on a computer and it doesn't even come with a video card that can run half life 2. If you run a tight ship, you'll be the least likely to get stung. this contact form

It seems that with the proliferation of nasty code writers there will be a rising trend in these events.To those who want to salvage the PC hardware I think learning about Recommendations here: http://ask-leo.com/d-recommend Misty July 14, 2004 12:53 PM I am attempting to download the patch and use the removal tool, however shutdown -a does not stop the shutdown process on Any ideas for this one? This will never stop, because M$ can not make money if they stop bundling.

If I end the process It will display the shutdown in 60seconds window. Check the updated article (http://ask-leo.com/archives/000114.html ) for links to Symantec's site where there is more information and removal instructions. Right now the only thing that comes to mind is to get anti-virus software and updates onto your computer using another computer and a floppy disk or CD-Rom.

Microsoft released a patch that addressed the vulnerability exploited by this worm back on April 13, 2004, but many companies remain behind in patch installation. Bobax http://secunia.com/virus_information/9458/bobax.a/Joe Stewart (LURHQ Corp.) compiled an analysis of this worm:http://www.lurhq.com/bobax.html Installs an HTTP listener on a random port ( 2000-62000). And then continue to scan regularly to avoid future infections. I have run symantecs "W32.Sasser.Worm Fix Tool" and it has not found them.

That's the "shutdown" command, with the "-a" option, which stands for "abort the pending shutdown". I would immediately run a virus scan (making sure to update the virus definitions), a spyware scan (though that seems less likely with these symptoms), and possibley the System File Checker Meanwhile, Finnish bancassurer Sampo said it had temporarily closed all its 130 branch offices as a precaution against Sasser. BTW There was a virus for Linux and Mac recently.

If I go to Yahoo.com and download my email, all goes well. Beau June 7, 2004 8:24 PM Thank you for all the links to anti virus's and all that, it will be helpful. I got hit by sasser... Television 01.16.2017 :: 10:00AM EST Prime Directive: Amazon Daily Deals for Geeks Deals 01.14.2017 :: 9:16AM EST Check Out Viz's Latest Sailor Moon R Movie Trailer Movies 01.13.2017 :: 8:43PM EST

Since this now looks pretty much like a virus issue, moving the thread to Security. ---------------- Tony September 5, 2004 5:37 AM Just wondering what the lasting effects of Sasser are. Thanks Sami Leo July 15, 2004 9:08 AM Are you on a LAN with other machines? Try that Eoghan, i have no idea if it is a fluke, but i guess it is worth a try. The virus stayed on my hd and in my comp even though i reformated :S.

hary June 7, 2004 12:42 PM My Win2k (Prof.) system had a probem of the sort , it removed the dialup networking connection automaticaly and while I tried to add a http://wikisky.net/need-help/need-help-attached-the-hijackthis-log-file-pn-infected-with-virus.html I do have the zone alarm firewall, its that not enough? And don't think I work for Ms or am an Ms zeolot either. I have tries Norton, Mcaffe , Grisoft AVG and Avast antivirus and also spybot none of these software detect my virus.

His primary assignments were patrol and investigations. As this article points out, lsass.exe IS a require system component. I don't know what's going on. navigate here I get a pop up box when my PC is booting that says "Lsass.exe" at the top in the blue bar and then in the box itself it says "Item not

The hd is in "NTFS" format, is there any way I can rename the file back and following the right path to clean the virus? If all it does is reboot your machine it just seems like more of an annoyance than a threat. If there is no training possible (because of money concerns, time constraints, or the size of the organization comes into play), then the gateway/client side AV software will need to be

The steps you take to protect yourself from becoming infected are much less onerous than the potential hassle of recovering from a destructive virus.

Leo September 5, 2004 9:55 PM Once cleaned and patched, there should be no lasting affects. They interviewed the writers of viruses a while back on one of the tech channels. Leo June 30, 2004 3:20 PM Winsecurity.exe is evidently spyware/malware. Ever.

Nintendo Switch review: Hands on with the intuitive modular console and its disappointing games… 1995-2015: How technology has changed the world in 20 years Here's what should be coming to Adobe Lesson Plan Each type of threat, as listed below, provides a unique look at what was (and still is) vulnerable on a network. 2.1 Internet Worms Worms like Sasser are designed Also in Australia Westpac Bank staff were forced to use manual methods to record transactions as the virus made computers unusable. his comment is here Leo May 24, 2004 9:18 AM To me it really sounds like McAfee is interfering with attachments, both coming and going.

This is not just a time to boast how great a job the security department is doing, but also to mention what company initiatives and funding have allowed the network to Although it looks like it could potentially make PC management a bit more difficult, that may be a small price to pay for greater immunity to network-borne attacks … at least And thanks to you guys i have just figured a way to get rid of it. I would apprecciate any help.

The progression isn't usually straight from virus to mass infection, more like:

1. There are Sasser varients running around that exploit the same vulnerability, may have similar symptoms, but won't be removed by Sasser removal tools. I am running Win2K. When Agobot infects a network asset and is then used to scan/infect other hosts, there is an indication that there is a path out of the LAN allowing for commands to

Eric July 2, 2004 2:47 PM emm hi I get no error on my pc but in in the task manager(win xp) theres a lot of processes called 1-lssas.exe 2-lssas.exe 3-lsass.exe...and Thanks Leo July 28, 2004 7:00 PM Almost impossible to say - it could be many things. The virus transmits itself in two parts. Computerworld's award-winning Web site (Computerworld.com), twice-monthly publication, focused conference series and custom research form the hub of the world's largest global IT media network.

Microsoft Security Journal Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 harrywaldron harrywaldron Security Reporter Topic Starter Members 509 posts OFFLINE Gender:Male Location:Roanoke, Because i cant sign into hotmail, i cant continue to dl Norton antivirus. Alex G. Open Windows Explorer on the directory containing the file "hosts" (A quick way to do this is to press the Start button, click on Run, type\windows\system32\drivers\etc, and press OK.) Right Click