Re: virus

From: Malke (malke_at_nospoonnotreally.com)
Date: 09/15/04

• Next message: Malke: "Re: srsetup.exe REMOVE"
• Previous message: Testy: "Re: Caution, When upgrading Avg 6 free to Avg 7 free or pro with xp sp2"
• In reply to: peter: "virus"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 15 Sep 2004 09:12:29 -0700

peter wrote:

> can any one let me know how to get rid of the Lass virus.
> I'm not sure if i got the name right. I is the one that
> shut your computer off when ever you log on to the
> internet.

Sounds like you've gotten caught by the Sasser worm. To stop the
rebooting, go to Start>Run and type "shutdown -a" without the quotes.
For information about the worm, go here:

http://www.sarc.com/avcenter/venc/data/w32.sasser.worm.html

1) Take the infected machine off the Internet and any lan immediately.
2) From a different, clean machine download Stinger
(http://vil.nai.com/vil/stinger/) and run it in Safe Mode. Stinger is a
limited virus checker, but its advantage is that it is standalone and
doesn't need to be installed.
3) Hope that Stinger cleans up the machine enough to be able to
reinstall your av or install a new, current one. Update its definitions
and do a full scan.
4) Continue the cleaning process by removing any spyware with Spybot
Search & Destroy (http://www.safer-networking.org) and Ad-aware
(http://www.lavasoftusa.com). These programs are free, so run them both
since they complement each other. You may also want to run CWShredder
and HijackThis from http://aumha.org/freeware.htm. Although CWShredder
is no longer being updated, it will still clean older variants of the
CoolWebSearch malware. Be sure to update these programs before running
them. Always read the instructions before running a spyware removal
tool. It is best to run antivirus and spyware removal tools in Safe
Mode.
5) Make sure you install a firewall BEFORE YOU RECONNECT THIS MACHINE TO
THE INTERNET.
6) Go to Windows Update and apply all security patches for your
operating system. Do not install drivers from Windows Update.

Malke

-- 
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"

---

• Next message: Malke: "Re: srsetup.exe REMOVE"
• Previous message: Testy: "Re: Caution, When upgrading Avg 6 free to Avg 7 free or pro with xp sp2"
• In reply to: peter: "virus"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: No programs will load ... > to the internet, nor load up any anti virus programs, ... From a different, clean machine download Stinger ... Do not install drivers from Windows Update. ... (microsoft.public.windowsxp.general) Re: Programs close automatically ... Your machine is not clean but is still infected with at least one other ... clean machine download Stinger (http:/ ... reinstall your av or install a new, ... instructions before running a spyware removal tool. ... (microsoft.public.security.virus) Re: Taskmanager ... it opens and then immediately ... From a different, clean machine download Stinger ... Do not install drivers from Windows Update. ... (microsoft.public.windowsxp.general) Re: Help in running Regedit ... clean machine download Stinger (http:/ ... reinstall your av or install a new, ... instructions before running a spyware removal tool. ... Go to Windows Update and apply all critical security patches. ... (microsoft.public.windowsxp.general) Re: Task Manager is gone ... clean machine download Stinger ... >reinstall your av or install a new, ... >instructions before running a spyware removal tool. ... > 7) Go to Windows Update and apply all security patches. ... (microsoft.public.windowsxp.general)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security.virus  > 2004-09