Re: Shut down in 1 minute
From: Malke (malke_at_nospoonnotreally.com)
Date: 08/16/04
- Next message: Scott L: "hio.dll"
- Previous message: anonymous: "Re: help! don't want roommate to be able to bypass password"
- In reply to: Amelia: "Shut down in 1 minute"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 16 Aug 2004 06:45:16 -0700
Amelia wrote:
> I think that it is the SASSER virus you speak of.
>>-----Original Message-----
>>Hello,
>>Has anyone heard of a virus on Windows 2000 that shuts
>>down your computer in 1 minute? I've been told it's the
>>Fasser Virus, but haven't been able to find any info on
>>it. any ideas?
>>Thanks!
>>.
>>
Sounds like you've gotten caught by the Sasser worm. To stop the
rebooting, go to Start>Run and type "shutdown -a" without the quotes.
For information about the worm, go here:
http://www.sarc.com/avcenter/venc/data/w32.sasser.worm.html
Get the worm off your system and then immediately patch XP:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx -
TechNet bulletin with download links
http://windowsupdate.microsoft.com
Install an antivirus program and keep it updated.* Install a firewall.
XP has a built-in firewall, or there are free alternatives like Zone
Alarm or Sygate. Be aware that cleanup may be complex - we are now
seeing that infected computers usually have more than one variant of
Sasser, as well as one or more instance of a polybot worm from the
Gaobot/Agobot family.
*You probably won't be able to install any antivirus until you get your
machine cleaned up. Here's how to do it:
1) Take the infected machine off the Internet and any lan immediately.
2) From a different, clean machine download Stinger
(http://vil.nai.com/vil/stinger/) and run it in Safe Mode. Stinger is a
limited virus checker, but its advantage is that it is standalone and
doesn't need to be installed.
3) Hope that Stinger cleans up the machine enough to be able to
reinstall your av or install a new, current one. Update its definitions
and do a full scan.
4) Continue the cleaning process by removing any spyware with Spybot
Search & Destroy (http://www.safer-networking.org) and Ad-aware
(http://www.lavasoftusa.com). These programs are free, so run them both
since they complement each other. You may also want to run CWShredder
and HijackThis from http://aumha.org/freeware.htm. Although CWShredder
is no longer being updated, it will still clean older variants of the
CoolWebSearch malware. Be sure to update these programs before running
them. Always read the instructions before running a spyware removal
tool. It is best to run antivirus and spyware removal tools in Safe
Mode.
5) After you've installed your full-featured av, updated its definitions
and run a full system scan.
6) Make sure you are running a firewall.
7) Go to Windows Update and apply all security patches for your
operating system. Do not install drivers from Windows Update.
Malke
-- MS MVP - Windows Shell/User Elephant Boy Computers www.elephantboycomputers.com "Don't Panic!"
- Next message: Scott L: "hio.dll"
- Previous message: anonymous: "Re: help! don't want roommate to be able to bypass password"
- In reply to: Amelia: "Shut down in 1 minute"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
