Sasser question

From: Sadie (anonymous_at_discussions.microsoft.com)
Date: 05/16/04 

Date: Sun, 16 May 2004 12:22:46 -0700

Rolando,

I just remembered that one chap here experiencing the
resetting problem stated that he'd performed a "reformat
and recovery" of the drive-to no avail.

He did not post back with any details as to how he
resolved the issue.Even if it meant re-purchasing a new
harddrive.

A recovery would certainly re-instate the malicious
process.I asked if anyone had successfully performed a
reformat and clean re-install of XP? No replies.

So,that leaves us in the dark.It could be a virus that
overwrites sectors,effectively killing the drive.Or an in-
memory resident that maybe wipes the chip CIH-style.

What are your thoughts?All I have to go on are
descriptions.I have not seen one of the affected
computers.Maybe a Texan billionare is prepared to ship
one over!

What is your AV company's take on it?

Sadie
>-----Original Message-----
>Hello,Rolando,
>
>It's been a few days since I was reconfronted by this
>problem.I was desperately trying to resolve the
>resettting issue,and I am not entirely convinced it is
>100% due to Sasser flooding the lsass process.
>
>I spammed these boards for a day or two,trying to probe
>the exact nature of the problem,but,noone indulged
>me..Perhaps we can indulge one another?
>Here's what I wrote,earlier.The thinking being that the
>lsass process being overwhelmed would be recognised as a
>system failure,irrespective of the cause,and prompt an
>automatic reboot:
>
>"This is highly experimental,since I am uncertain what
is
>causing the constant resets being reported by so many
>people.Virus activity is one possibility-but a multitude
>of other things such as soundcard problems can cause
>resets.Bear in mind,this is written purely from a sense
>of enabling a P.C to remain online long enough to
>download critical patches.Let me know if it works or not.
>
>If your computer resets before accessing Windows
XP,refer
>to your BIOS manual to determine how to boot into safe
>mode via the BIOS.(e.g.I tap F5,but your computer may be
>different.)This may prove impossible-report back,so a
>clearer picture of events can be garnered from your
>responses.
>
>To prevent resets interupting the downloading of patches
>Turn off Automatic Reboot, if you haven't already. Of
>course, you can only do this if you can get into Safe
>Mode and logged in as Administrator:
>
>1) Click on "Start", right-click on "My Computer",
>choose "Properties"
>2) Click on the "Advanced" tab.
>3) Under "Startup and Recovery" click on "Settings"
>4) Under "System Failure" uncheck "Automatically
Restart".
>5) Click "Apply" then "Ok" then reboot your system. If
>you get an error message, and your system doesn't
reboot,
>report the precise error message.
>
>FURTHER NOTE:If possible,reboot again into safe mode,run
>an entire system scan with AV.
>
>
>Other,possibly applicable articles:
>
>http://support.microsoft.com/defaul...kb;en-us;310396
>
>http://support.microsoft.com/defaul...&NoWebContent=1
>
>I should also have added that after applying the changes
>whilst in safe mode,you should then attempt to reboot
>into normal mode,otherwise the modem drivers will not
>load,and you won't be able to get online..."
>
>That's as far as I got,because nobody responded to
>indicate whether this would work or not.
>
>Sadie
>
>
>
>>-----Original Message-----
>>Please consider indulging a bystander with a friend
with
>a sasser
>>infestation and shuting down so fast that is imposible
>to do anything else.
>>Are there any files, sasser virus related, that could
be
>deleted or better
>>rename, using the recovery console? (either previously
>installed or with
>>the installation CD). If a system file is deleted or
>renamed, the install CD
>>can also be use to replaced with a simple files repair.
>>This, providing that BIOS is Ok.
>>Cheers
>>
>>
>>--
>>HEARTBURN? WHY? FIX IT!!!
>>HEARTBURN CENTER
>>515-244-9950
>>off_recreaghmd@hotmail.com
>>To respond, edit out the "off_" from the address.
>>Para contestar, quite el "off_" de la direccion.
>>
>>
>>.
>>
>.
>

Relevant Pages

  • Please help - Need to recover hard drive & Windows XP issues
    ... know) and the entire Windows XP HOme edition was replace with Windows ... these files from my hard drive into their respective folders, ... The only data I couldnt copy was the valuable data in MY SAFE, ... I hjave a Product Recovery DVD ROm for Sateliite M100 disk, ...
    (microsoft.public.windowsxp.general)
  • Re: Maxtor disk is in device manager but not my computer
    ... Could I reformat the drive so that it is readable and then use file ... recovery software to recover the files from the reformatted drive? ... manager and also in Disk Management except in there it is labelled as ...
    (microsoft.public.windowsxp.hardware)
  • Re: Maxtor disk is in device manager but not my computer
    ... Could I reformat the drive so that it is readable and then use file recovery ... manager and also in Disk Management except in there it is labelled as ...
    (microsoft.public.windowsxp.hardware)
  • Re: Unsaved worksheet
    ... by NSA there are file recovery programs, ... By the third time you usually get serious about creating and maintaining a backup ... CD in a safe location. ... Microsoft MVP - Excel ...
    (microsoft.public.excel.misc)
  • windows log on and automatic log off
    ... Having identical problem & cannot access in safe ... mode or last known config...XP recovery is only thru ... harddisk, ie I don't have an XP CD ... ...
    (microsoft.public.windowsxp.accessibility)