Home > Need Help > Need Help With Sasser-like Virus

Need Help With Sasser-like Virus

I don't know what's going on. I'd rather deal with a few windows viruses & patches, than look at that ugly MAC desktop every day. Thanks Leo June 21, 2004 10:55 PM I'm not talking about sasser specific removal tools - I mean that you should run a full Anti-virus scanner that looks for all viruses In more cases than not, traditional thinking dictates that changes to a central choke point are often more effective and cheaper than touching every workstation, recalling mobile devices, and so on. navigate to this website

I am completely updated but i originally installed nortan 2002. So, for now…I'll seperate chores for each system. - by DudeInUglyHat Friends Aint funny: That's funny (8:52pm EST Mon May 03 2004)[quote]I recently got a virus when I was attempting to Kase 17:59 12 Jul 04 Thank you cuddles, VoG (Tm), zootmo. I'd perform as many of the steps as you can from this article, and also run a system file checker (http://ask-leo.com/archives/000074.html ). https://www.symantec.com/security_response/writeup.jsp?docid=2004-050114-1706-99

PCMag Digital Group Privacy Policy Terms of Use About Contact Archives Glossary Advertise PCMag.com Extreme Tech Computer Shopper IGN Toolbox Accessibility Statement unused Mitt kontoSökMapsYouTubePlayNyheterGmailDriveKalenderGoogle+ÖversättFotonMerDokumentBloggerKontakterHangoutsÄnnu mer från GoogleLogga inDolda fältBöckerbooks.google.se Its like a vetran coder with the intentions of a script kiddy. - by J_B J-B (1:09pm EST Mon May 03 2004)I believe the variants are just to avoid virus scanners. BUT..... Meanwhile, Delta Air Lines spokeswoman Peggy Estes refused to say Monday whether weekend computer troubles that grounded flights to and from Atlanta for about 6.5 hours were related to Sasser Deja

Now more than ever it's important to get your patches installed in under 30 days. This is surprisingly close to the process of providing ROI data to managers. And the viruses didn't get any further than my AV software. The tool is from Symantec and is legitimate: However, your operating system was previously instructed to always trust content from Symantec.

Restart the computer. Please re-enable javascript to access full functionality. Well, i didnt have a virus scaner and that is because i had just recently accured this computer from my mum (Dont laugh) and it was the first time i had http://ask-leo.com/what_are_lsass_lsassexe_and_sasser_and_how_do_i_know_if_im_infected_what_do_i_do_if_i_am.html Either of those will block this vulnerability.

Microsoft - What You Should Know About the Sasser Worm and Its Variants Microsoft - Microsoft Security Bulletin MS04-011 detailing the LSASS and related vulnerabilities. Worse, virus writers are starting to share code amongst themselves, resulting in a plethora of variants appearing in a very short period of time. Maybe it isn't present in W2K. Then try and figure out how to turn on the firewall in my XP.

In fact, if the system isn't up to date on security patches there are quite a few baddies that will eat it alive. https://books.google.se/books?id=cXq8cnsBlrUC&pg=PA75&lpg=PA75&dq=Need+help+with+Sasser-like+virus&source=bl&ots=gyk9scH2U1&sig=fqnXpEHsEgd65B13uvHfQcJwN4w&hl=en&sa=X&ved=0ahUKEwiX4e_ro7zRAhUrGZoKHa4CA7MQ6AEIPjAE That's why you want a AV package that looks for many viruses. That'd be my approach ... Any username / password combination will work.

THANXXXXXXXXXX Leo May 17, 2004 4:32 PM Visit the Microsoft site listed in the article. useful reference no reboot...so it's reformat, reinstall, and everything is back to sqare one again. Do you have a link or something to get me there? For example, my virus scanner is configured to check for updates and run a scan nightly.

The open port may be the result of a specific application that has been deemed necessary, but was never evaluated by a security engineer. sorry." Liar! Pl. my review here in 2003 as a place for answers to common computer and technical questions.

My firewall asks if I want to continue. As this article points out, lsass.exe IS a require system component. I would apprecciate any help.

On my Laptop with xp home edition, I also have lsass.exe and LSASS.EXE in the following locations: [1] c:\I386\LSASS.EXE - (size: 9k type: EX_file) [2] c:\windows\system32\lsass.exe - (size: 12k type: application)

Users hit Early reports suggest that home users will be hit hardest as many broadband users do not have a firewall fitted that would protect them from malicious programs like Sasser. Microsoft and many security firms have released tools that help people find out if they are infected and to help them remove the virus from their system. Pete Leo September 7, 2004 7:50 PM Turns out not all machines have shutdown.exe. What's a firewall and how do I set one up?

I have recommendations here - http://recommend.pugetsoundsoftware.com And if it only happened once, you may not be infected at all. Either of these solutions will likely protect you from Sasser and many other types of non-email-based threats. Leo August 31, 2004 12:19 PM Not found or runs but doesn't shut down? http://osuweb.net/need-help/need-help-removing-fujack-virus.php It is a temporary oasis of safety for the most part because of that."

Sorry.

I ran symatec and microsoft removal tool and found no sasser worm. Look for the section that begins: "Update: Apparently the Sasser worm also modifies a configuration file ..." and follow the instructions there. Install it and update it daily. This vulnerability was one of the first discovered in Windows XP and patches have been available.None of the vulnerabilities used by these two worms is new.

Displays the help message. /NOFIXREG Disables the registry repair (We do not recommend using this switch). /SILENT, /S Enables the silent mode. /LOG=[PATH NAME] Creates a log file where [PATH NAME] Stacia June 7, 2004 4:37 PM Leo, you have brought my sanity back, I bought a new laptop over the weekend, and that day got infected, this thing is rife! Is there anything under setup I can do to stop this from happening so my PC will fully boot? I also updated the KB835732 hotfix but I read on the web that LSASS.EXE and lsass.exe are two different files and the capitalised version is a suspect.