RE: perfectnav
From: TJ Campana [MSFT] (tcampana_at_online.microsoft.com)
Date: 05/03/04
- Next message: TJ Campana [MSFT]: "RE: W.32 blaster virus"
- Previous message: Joan NYC: "Re: XP Firewall Enough?"
- In reply to: perfectnav: "perfectnav"
- Next in thread: TJ Campana [MSFT]: "RE: perfectnav"
- Reply: TJ Campana [MSFT]: "RE: perfectnav"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 03 May 2004 19:12:59 GMT
>Does the sasser worm have anything to do with the fact
>that www.perfectnave.com displays and shuts down my
>internet?
>
I have not seen this as of yet and we have been seeing a lot today. It could be that the sasser worm infects the systems and the perfectnav Trojan is the
payload. Are you concerned that you are infected? If so I have include several items below to help mitigate the affects of sasser while you patch and
clean you system(s):
Mitigate the Sasser Worm Threat:
If you are running XP you can use the Internet Connection Firewall to protect your system while you access the Microsoft Site. For more information on
this you can go to the help file on the XP System. To prevent the system from rebooting you will have to unplug it from the network while you enable the
firewall. Once the firewall is up you should be good to go!
If you are running Windows 2000 then you will first have to unplug the system from the network to prevent the system reboots. Next create a read only
copy of the following file dcpromo.log in the >%systemroot%\debug directory. You can do this with the following two commands at the DOS prompt:
echo dcpromo >%systemroot%\debug\dcpromo.log
&
attrib +R %systemroot%\debug\dcpromo.log
This will stop the system from rebooting long enough for you to download the MS04-011 patch and the cleaner tool. Please patch then clean!
Cleaner Tool Location:
http://www.microsoft.com/security/incident/sasser.asp
Patch location:
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
Creating the dcpromo.log file should prevent the rebooting of the system in either case, but you will only be protected if you patch the system and then
clean it using the latest cleaner from our site. The current cleaner cleans variants A and B with an updates cleaner expected out later today to deal with C
& D variants.
In any event i would definitely patch and clean the system first and then try to scan this system with an online scanner like the one at
http://housecall.trendmicro.com.
T.J. Campana [MSFT]
Microsoft EPS Security
-- This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.
- Next message: TJ Campana [MSFT]: "RE: W.32 blaster virus"
- Previous message: Joan NYC: "Re: XP Firewall Enough?"
- In reply to: perfectnav: "perfectnav"
- Next in thread: TJ Campana [MSFT]: "RE: perfectnav"
- Reply: TJ Campana [MSFT]: "RE: perfectnav"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
