Re: Not Sasser?!

From: BG250 (anon_at_anon.com)
Date: 08/25/04 

Date: Wed, 25 Aug 2004 09:35:06 -0400

There is a new worm going around. Most scanners would not detect up until
yesterday. Look for msnmsg.exe in system32 folder and throughout the
registry. If found, boot into safe mode, delete the file and delete all
registry entries that reference this file. I know it looks like a valid
Windows file name, but it not. I've found the virus doesn't even have to be
on the machine for the LSASS shutdown to occur. It just has to try to invade
it from the network connection.

Be sure you have a functioning firewall, uptodate virus scanner and a
spyware scanner is not a bad idea. Also patch Windows.
BG

"Jessica" <anonymous@discussions.microsoft.com> wrote in message
news:cb6801c48a4f$9edf99c0$a401280a@phx.gbl...
> I have a virus on my computer that shuts me down and
> restarts my PC after I get on the internet. I get the
> same message as the previous posted message by jcb iowa:
> C:\windows\system
> 32/lsass.exe and the system shuts down and restarts.
> I tried to fix it with the downloads from the windows
> update website---the first one i tried to install said
> there was no infection; the second one i tried to install
> wouldn't even open and said "this application wasn't
> applicable with win32 applications" or something like that.
> so then i went to the symantec web site and installed
> their sasser removal tool, and it scanned my system and
> said that i did not have sasser on my computer. And i'm
> not rich and can't be paying 50 bucks to speak to a
> symantec virus support person. So now what??????
> P.S. I have not had updated virus protection on my pc for
> over a year now, hence the virus. But I can't get online
> long enough to get buy and download protection!!!!
>
> Thanks,
> Jessica

Relevant Pages

  • Re: scanning windows based targets with a unix based scanner
    ... if a scanner is a UNIX based program then how could ... > it possibly read the windows registry? ... > windows vulnerabilities) is to send the actual http exploit. ...
    (comp.security.misc)
  • Re: Corrupt registry - can it be fixed?
    ... If the registry were hosed, ... Explanation of error codes generated by Device Manager in Microsoft Windows ... Also Scan for malwares and Run this command: ... If the above links didn't help try to uninstall the Scanner and get the ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Link to site with virus in Atomic Rocket
    ... It manifested it's self as a virus scan, ... I feel I haven't got to the bottom yet of something that happened ... Or maybe it's just Windows being Windows. ... bootable CD scanner. ...
    (rec.arts.sf.written)
  • RE: Automatic Updates service keeps getting deleted
    ... and the executable it points to, are the Trojan. ... picked up variants of this family and what scanner was being used. ... the registry, but if you are comfortable with editing the registry the ... My computer got infected with the sasser.E virus and others ...
    (microsoft.public.windowsupdate)
  • Re: N-TV mit Kommentar zu "Online Durchsuchungen"
    ... | Cyber-Terrorist) weiß aber auch (offenbar ganz im Gegensatz zur ... Viren, je nach verwendete Scanner, gering. ... Hersteller A bei Virus 1 einen Treffer, ...
    (de.comp.security.misc)