Sasser question

From: Sadie (anonymous_at_discussions.microsoft.com)
Date: 05/16/04 

Date: Sun, 16 May 2004 13:43:30 -0700

Update:Safe boot with command prompt also fails within
approx 3 seconds.
No time to type in any commands.

Sadie
>-----Original Message-----
>Rolando,
>
>I just remembered that one chap here experiencing the
>resetting problem stated that he'd performed a "reformat
>and recovery" of the drive-to no avail.
>
>He did not post back with any details as to how he
>resolved the issue.Even if it meant re-purchasing a new
>harddrive.
>
>A recovery would certainly re-instate the malicious
>process.I asked if anyone had successfully performed a
>reformat and clean re-install of XP? No replies.
>
>So,that leaves us in the dark.It could be a virus that
>overwrites sectors,effectively killing the drive.Or an
in-
>memory resident that maybe wipes the chip CIH-style.
>
>What are your thoughts?All I have to go on are
>descriptions.I have not seen one of the affected
>computers.Maybe a Texan billionare is prepared to ship
>one over!
>
>What is your AV company's take on it?
>
>Sadie
>>-----Original Message-----
>>Hello,Rolando,
>>
>>It's been a few days since I was reconfronted by this
>>problem.I was desperately trying to resolve the
>>resettting issue,and I am not entirely convinced it is
>>100% due to Sasser flooding the lsass process.
>>
>>I spammed these boards for a day or two,trying to probe
>>the exact nature of the problem,but,noone indulged
>>me..Perhaps we can indulge one another?
>>Here's what I wrote,earlier.The thinking being that the
>>lsass process being overwhelmed would be recognised as
a
>>system failure,irrespective of the cause,and prompt an
>>automatic reboot:
>>
>>"This is highly experimental,since I am uncertain what
>is
>>causing the constant resets being reported by so many
>>people.Virus activity is one possibility-but a
multitude
>>of other things such as soundcard problems can cause
>>resets.Bear in mind,this is written purely from a sense
>>of enabling a P.C to remain online long enough to
>>download critical patches.Let me know if it works or
not.
>>
>>If your computer resets before accessing Windows
>XP,refer
>>to your BIOS manual to determine how to boot into safe
>>mode via the BIOS.(e.g.I tap F5,but your computer may
be
>>different.)This may prove impossible-report back,so a
>>clearer picture of events can be garnered from your
>>responses.
>>
>>To prevent resets interupting the downloading of patches
>>Turn off Automatic Reboot, if you haven't already. Of
>>course, you can only do this if you can get into Safe
>>Mode and logged in as Administrator:
>>
>>1) Click on "Start", right-click on "My Computer",
>>choose "Properties"
>>2) Click on the "Advanced" tab.
>>3) Under "Startup and Recovery" click on "Settings"
>>4) Under "System Failure" uncheck "Automatically
>Restart".
>>5) Click "Apply" then "Ok" then reboot your system. If
>>you get an error message, and your system doesn't
>reboot,
>>report the precise error message.
>>
>>FURTHER NOTE:If possible,reboot again into safe
mode,run
>>an entire system scan with AV.
>>
>>
>>Other,possibly applicable articles:
>>
>>http://support.microsoft.com/defaul...kb;en-us;310396
>>
>>http://support.microsoft.com/defaul...&NoWebContent=1
>>
>>I should also have added that after applying the
changes
>>whilst in safe mode,you should then attempt to reboot
>>into normal mode,otherwise the modem drivers will not
>>load,and you won't be able to get online..."
>>
>>That's as far as I got,because nobody responded to
>>indicate whether this would work or not.
>>
>>Sadie
>>
>>
>>
>>>-----Original Message-----
>>>Please consider indulging a bystander with a friend
>with
>>a sasser
>>>infestation and shuting down so fast that is imposible
>>to do anything else.
>>>Are there any files, sasser virus related, that could
>be
>>deleted or better
>>>rename, using the recovery console? (either
previously
>>installed or with
>>>the installation CD). If a system file is deleted or
>>renamed, the install CD
>>>can also be use to replaced with a simple files repair.
>>>This, providing that BIOS is Ok.
>>>Cheers
>>>
>>>
>>>--
>>>HEARTBURN? WHY? FIX IT!!!
>>>HEARTBURN CENTER
>>>515-244-9950
>>>off_recreaghmd@hotmail.com
>>>To respond, edit out the "off_" from the address.
>>>Para contestar, quite el "off_" de la direccion.
>>>
>>>
>>>.
>>>
>>.
>>
>.
>

Relevant Pages

  • Re: can you do a reg restore from a command prompt?
    ... hmmm,well when i tried to boot to safe w/ command prompt, i still got the ... > restore from safe mode as in Win98 as scanreg in command prompt, ... Start the System Restore Tool from a Command Prompt in Windows XP ...
    (microsoft.public.windowsxp.general)
  • Re: XPP machine reboots when it hits MUP.SYS
    ... >safe, safe with networking, or safe with command prompt. ... If you have a boot disk, you can try starting System Restore from ... "How to Start System Restore Tool From a Command Prompt in Windows XP" ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Stop 0x44
    ... >I cannot boot my HP notebook running Windows XP Home Edition and receive ... > any mode - Safe, Command Prompt, Last Known Good Boot, etc. ...
    (microsoft.public.windowsxp.general)
  • boot problem - virtual memory
    ... I am in a "boot loop". ... Cannot do any kind of boot - normal, safe, safe with ... command prompt - without the following message appearing quite briefly and ... then the machine restarts: ...
    (microsoft.public.windowsxp.general)
  • Re: Loaded SP2 now Im in a boot loop...Things to try.
    ... When it rebooted and I had a choice of safe and all other types of boot ... > Description of the Windows XP Recovery Console ...
    (microsoft.public.windowsxp.general)