Re: Sasser virus
- From: "Vincenzo" <vinvizzi@xxxxxxxx>
- Date: Sun, 4 Feb 2007 10:33:36 +0100
From: "len Knee" <len Knee@xxxxxxxxxxxxxxxxxxxxxxxxx>
| My saga began with a pop up shut down
| NY authority system time shut down staus code 1073741819 google seach
shows
| this is typical of the effect of the sasser worm.
| Ran McAfee scan, PC pitstop scan, and windows malicious software remaoval
| tool all report that there is no Sasser worm
|
| Fire wall has been on all the time, all windows updates have been and are
in
| place
| had shut down pop ups for Fssm.exe and another software today which on
error
| report launched a microsft web page sasser worm with links to malicious
soft
| ware removal tool which i ran again. Both full and quick same result. No
| infection.
|
| Running XP pro; V 2002 SP2
| RAM 256 MB; 1.59 GHz
| CPU Intel pentium M 1.69Hz
| Dell Inspiron 510M
|
| Do I go out and buy a Macbook or is this fixable??
|
| I am grateful for any help that may be provided.
|
The sasser virus is long since gone. However it has been replaced by other
Internet worms
that exploit that LSASS module via TCP port 445.
Therefore, a Sasser related removal tool is useles if you were infected with
a SDBot or
other internet worm.
You can stiop the ...
NT AUTHORITY\SYSTEM
'c:\windows\system32\lsass.exe' terminated unexpectedly with status
code -1073741819
Go to; Start --> Run
enter; shutdown -a
Microsoft's LSASS vulnerability patch.
WinXP KB835732
http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en
Please read the following URL:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
You need a FireWall.
If you don't patch the PC and not use a FireWall then you will just be
re-infected.
I also suggest the installation of ALL MS Critical Updates ASAP.
If it is WinXP -- Install WinXP SP2 ASAP !
If your PC is behind a FireWall, has the patch installed and you have WinXP
SP2 installed
and you get this message (and it is possible) then it is NOT becuase of an
Internet worm).
Scan with the McAfee module in the below Multi AV Scanning Tool....
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode.
This way all the components can be downloaded from each AV vendor's web
site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot
the PC.
You can choose to go to each menu item and just download the needed files or
you can
download the files and perform a scan in Normal Mode. Once you have
downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe
Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to
run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
.
- Follow-Ups:
- Re: Sasser virus
- From: Vincenzo
- Re: Sasser virus
- Prev by Date: Re: ntoskml.exe Problem
- Next by Date: Re: Sasser virus
- Previous by thread: Windows Defender Shutting Down
- Next by thread: Re: Sasser virus
- Index(es):
Relevant Pages
|
