RE: Sasser on Virtual PC for Mac
From: TJ Campana [MSFT] (tcampana_at_online.microsoft.com)
Date: 05/03/04
- Next message: Ghost: "Re: Correction"
- Previous message: TJ Campana [MSFT]: "RE: W.32 blaster virus"
- In reply to: Tmac: "Sasser on Virtual PC for Mac"
- Next in thread: Robert Moir: "Re: Sasser on Virtual PC for Mac"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 03 May 2004 19:22:20 GMT
>My Mac seems to have been infected with Sasser through my
>Virtual PC for Mac running XP. My computer is completely
>locked up. I can't use VPC or my Mac OS. Anyone else have
>this issue? Does anyone know if the patches published work
>on VPC?
>
This MS04-011 patch WILL resolve the issue on the Windows Installation on the Virtual PC. What I recomend is that when you start the MAC OS, edit the
Virtual PC Settings on the PC installation to have no network connection. This will isolate the Virtual PC. Then walk through the following steps to mitigate
the sasser worm's affects on the virtual PC and then patch and clean the system.
--Mitigate the Sasser Worm Threat:
If you are running XP you can use the Internet Connection Firewall to protect your system while you access the Microsoft Site. For more information on
this you can go to the help file on the XP System. To prevent the system from rebooting you will have to unplug it from the network while you enable the
firewall. Once the firewall is up you should be good to go!
If you are running Windows 2000 then you will first have to unplug the system from the network to prevent the system reboots. Next create a read only
copy of the following file dcpromo.log in the >%systemroot%\debug directory. You can do this with the following two commands at the DOS prompt:
echo dcpromo >%systemroot%\debug\dcpromo.log
&
attrib +R %systemroot%\debug\dcpromo.log
This will stop the system from rebooting long enough for you to download the MS04-011 patch and the cleaner tool. Please patch then clean!
--Patch location:
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
--Cleaner Tool Location:
http://www.microsoft.com/security/incident/sasser.asp
Creating the dcpromo.log file should prevent the rebooting of the system in either case, but you will only be protected if you patch the system and then
clean it using the latest cleaner from our site. The current cleaner cleans variants A and B with an updates cleaner expected out later today to deal with C
& D variants.
There may be multiple items at risk on this system. You can use one of the free online scanners to scan this system remotely! Go to
http://housecall.trendmicro.com and run a full scan of this system to be sure that there are not multiple items are work here!
T.J. Campana [MSFT]
Microsoft EPS Security
-- This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm Note: For the benefit of the community-at-large, all responses to this message are best directed to the newsgroup/thread from which they originated.
- Next message: Ghost: "Re: Correction"
- Previous message: TJ Campana [MSFT]: "RE: W.32 blaster virus"
- In reply to: Tmac: "Sasser on Virtual PC for Mac"
- Next in thread: Robert Moir: "Re: Sasser on Virtual PC for Mac"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
