Re: What steps to prevent Sasser infection while downloading the fix?

From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 05/05/04

Next message: Bill Sanderson: "Re: What steps to prevent Sasser infection while downloading the fix?"
Previous message: Lars M. Hansen: "Re: Would a firewall prevent Sasser worm?"
In reply to: Bill Sanderson: "Re: What steps to prevent Sasser infection while downloading the fix?"
Next in thread: Bill Sanderson: "Re: What steps to prevent Sasser infection while downloading the fix?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 05 May 2004 01:41:22 +0200

Bill Sanderson wrote:

> "Spacen Jasset" wrote:
>
>> Block all incomming ports while you download the patch.
>>
>> Also if you PC keeps rebooting while you download then you could
>> try this batch file
>>
>> ns.bat
>>
>> :loop
>> shutdown -a
>> goto loop
>
> The batch file you suggest will not stop the reboot
> if it comes from Sasser.
Hi

Microsoft states that “shutdown.exe -a” can be used on WinXP
for the reboot caused by the LSASS.EXE crash, from
http://www.microsoft.com/technet/Security/alerts/sasser.mspx

<quote>
If your computer is vulnerable to the worm, the worm may cause
LSASS.EXE to crash which will force the operating system to
shutdown after 60 seconds. This shutdown can be aborted on
Windows XP systems by using the built-in “shutdown.exe -a” command.
</quote>

-- 
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/default.mspx

Next message: Bill Sanderson: "Re: What steps to prevent Sasser infection while downloading the fix?"
Previous message: Lars M. Hansen: "Re: Would a firewall prevent Sasser worm?"
In reply to: Bill Sanderson: "Re: What steps to prevent Sasser infection while downloading the fix?"
Next in thread: Bill Sanderson: "Re: What steps to prevent Sasser infection while downloading the fix?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: auto shutdown
... script will do a reboot of the remote computer. ... If you want a forced shutdown, ... You can find peer-to-peer support for Scripting technologies in the Windows Server Scripting newsgroup. ...
(microsoft.public.windowsxp.basics)
Re: Scheduled Auto reboot
... I am not an expert in scripting, but I can lead you to one... ... If you run it without any input arguments, it will reboot ... If you want a forced shutdown, ... AKA: Windows Server Scripting ...
(microsoft.public.windowsxp.perform_maintain)
Re: Current security settings put your computer at risk ...
... They want me to disable or at least prompt "Download Active X ... ... Reboot and ... ... Download, install, run, update and perform a full scan with the ... Download/Install the latest Windows Installer: ...
(microsoft.public.windowsxp.security_admin)
Re: Homepage has been hijacked & registry has been changed
... This may be a newer variant of about: ... THEN REBOOT AND RUN THEM AGAIN TO BE SURE ALL FILES ... Download Registrar Lite 2.0, ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: 9 out of 11 upgdates fail Code 0x8007foda
... Shut PC down, went to work, came back tried updates web site again and it ... So reboot (for each of these steps, it is just best to reboot right ... Download, install, run, update and perform a full scan with the following ... Reboot and logon as administrative user. ...
(microsoft.public.windowsupdate)