Re: sasser worm
From: Jason Wade (savon1414_050404+gb2.nospam_at_earthlink.net)
Date: 05/26/04
- Previous message: Jan Il: "Re: slow dsl - possible virus?"
- In reply to: anonymous_at_discussions.microsoft.com: "sasser worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 26 May 2004 08:16:05 GMT
On Wed, 26 May 2004 01:31:36 -0500, anonymous wrote:
> [ snippedy do-dah ]
>
> I have looked in the regedit and noticed that there was
> one program that stood out, as it was the only one
> without a pathway, called wuamgrd.exe. I have attempted
> to delete this from the regedit but it continues to
> appear on start up.
>
> [ chomp ]
Hello Ryan
Enable your firewall first:
http://support.microsoft.com/default.aspx?scid=kb;en-us;283673
Then get yet another firewall that will alert you when
malware tries to "call home":
http://www.zonelabs.com/store/content/home.jsp
Then read these documents to find out why sasser got you
so fast:
http://www.sans.org/rr/papers/index.php?id=1298
http://www.cert.org/tech_tips/before_you_plug_in.html
If you find the files wuamgrd.exe and/or wuauclt.exe, submit them
to av companies for analysis. The last I heard, people thought
that these were parts of a new trojan.
Then check out your system with these:
http://www.safer-networking.org/
http://vil.nai.com/vil/stinger/
http://www.lavasoftusa.com/software/adaware/
The symptoms you describe sound very "sasserish." And, unfortunately
for you, sasser is usually accompanied by a backdoor trojan.
If you can still get to av websites, you're one of the lucky
ones.
good luck and safe computing
-- The hard times and short life of a Linux virus: http://librenix.com/?inode=21
- Previous message: Jan Il: "Re: slow dsl - possible virus?"
- In reply to: anonymous_at_discussions.microsoft.com: "sasser worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
