Re: sasser variant??
From: Bill Sanderson (Bill_Sanderson_at_msn.com.plugh.org)
Date: 05/05/04
- Next message: Tmac: "Re: Sasser on Virtual PC for Mac"
- Previous message: Bruce Chambers: "Re: Will wipeing the hard drive kill the sasser virus?"
- In reply to: shotofstrait: "Re: sasser variant??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 4 May 2004 21:51:26 -0400
There are a number of recent viruses which attempt to block access to both
popular antivirus applications and the web sites of the vendors of those
products. I don't have a clear enough picture of what is associated with
Sasser to give you a reference to look at about what the effects might
be--This quote from a handlers diary at isc.sans.org is what I am
remembering:
----------------------------------------------------------------
Automatic cleanup tools
Microsoft and most of the anti-virus vendors are providing tools for the
automatic removal of some of the Sasser variants (see yesterday's diary).
While we don't want to discourage people from using these tools, we also
don't want the public to get too complacent and think that once they use one
of these tools everything is fine. We are seeing a great deal of evidence of
multiple infections on machines with Sasser. That is, machines infected with
Sasser are often also infected with something else, frequently one of the
recent agobot/gaobot/phatbot variants that also target the MS04-011
vulnerabilities. Our standard advice remains, if you get infected, your best
course of action is a complete rebuild of the system. If you reinstall a
system, or configure a new system, you will have to enable a firewall before
connecting the system to a network. Internal LANs may be infected as well.
Windows XP users may follow our guide: Windows XP, Surviving the First Day
http://www.sans.org/rr/papers/index.php?id=1298
---------------------------------------------------
It mentions agobot/gaobot/phatbot - so you might look at cleaners for that
series.
"shotofstrait" <anonymous@discussions.microsoft.com> wrote in message
news:FB5A18C4-52D8-4070-A0EC-022E68199946@microsoft.com...
> I'm actually running stinger now. I do have a subscription to Norton AV &
> Mcafee Spam Killer. I'll see if Stinger works, but I think it's odd that
> it won't let me access any fixes.
>
> ----- Bill Sanderson wrote: -----
>
> Sasser can bring in other infections.
>
> What cleaning tools have you run? You might get Stinger which can be
> brought in by diskette.
>
> http://vil.nai.com/vil/stinger/
>
> Do you have a firewall in place?
>
> You might try downloading the security update (which one?) as a
> discrete
> file--rather than via Windows Update, and attempting an install in
> safe
> mode.
>
>
> "shotofstrait" <anonymous@discussions.microsoft.com> wrote in message
> news:F46D9102-4759-4FED-9E4C-86905334398A@microsoft.com...
> >I had sasser...removed it...however certain things still are not
> working. I
> >cannot even get my Norton to boot up (double clicking does nothing).
> I
> >cannot access any of the major anti-virus websites (Norton/McAfee)
> and when
> >I attempt to install the security update from Microsoft, it runs thru
> the
> >whole process and upon completion, it tells me that it wasn't
> successful.
> >Any ideas?
>
>
>
- Next message: Tmac: "Re: Sasser on Virtual PC for Mac"
- Previous message: Bruce Chambers: "Re: Will wipeing the hard drive kill the sasser virus?"
- In reply to: shotofstrait: "Re: sasser variant??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
