Re: Sasser worm
From: Vivek Ahuja (vivekahuja_at_hotmail.com)
Date: 05/04/04
- Next message: rick: "homepage hijacked to "About blank" and search x"
- Previous message: Vivek Ahuja: "Re: Permissions to run Outlook on small net with exchange"
- In reply to: Sartan Dragonbane: "Re: Sasser worm"
- Next in thread: Keith W. McCammon: "Re: Sasser worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 4 May 2004 13:36:49 +0530
Hi,
Well to check if your system is infected, a tool on the microsoft.com site
does the job...
as for symptons from various antivirus vendors are diffent for
all...actually its about 5-7 different variants...so dont go by the
definition of just one antivirus ...
my experience is that CA etrust is much better becuase of a simple fact,
they have 2 engines, use one in online mode and the other on offline /
scheduled scans...
both have independent devlpmnt teams so definitions are also differnt and
more chances of catching worms etc..
but apart from all that..if you have patched your systems on time no
worries...
right?
best option is SUS which can work in a non domain environment and no
licneses required with this i have about 40,000 pc's protected so i am not
worried with sasser...
"Sartan Dragonbane" <NOSPAMHERE@YOUMOMMA.NULL.COM> wrote in message
news:WzElc.12202$LA4.6942@edtnps84...
> Kevin, I have rarely seen Mcaffe Enterprise correctly detect anything in
the
> first place.
> I wouldn't count on an antivirus solution to repair your network anyway.
> A suggestion: Try a trial version of Norton Antivirus on one of your
> desktops and see if it detects it...
>
> As soon as you log in, go to start, run, shutdown -a to give you a little
> bit to do some work on an infected PC.
>
> Log on to your computer, and go to Administrative Tools, Services,
> Remote Procedure Call (RPC).
> Go to the recovery tab, and change all three failures to "Take No Action"
so
> your computer doesn't reboot while you work on removing whatever virus you
> might have.
>
> The bleepin sasser worm is an evil polymorphic virus, i'm still trying to
> think up a way to surefire remove it automagically.
>
> Good luck, Kevin.
> Consider using the XP Firewall on your desktop computers as well, and
> investing in a decent firewall for your servers.
>
> "Kevin" <kevin.bentley@wdc.com> wrote in message
> news:7f2301c43187$62c23fe0$a001280a@phx.gbl...
> > We have some machines in our environment that seem to
> > have been hit by Sasser this afternoon.
> >
> > The problem is that I can not find any of the sasser
> > components present in the systems? Many of the machines
> > scan clear with McAfee Enterprise 7.1.0 and the latest
> > Stinger but still get a 60 sec countdown? The countdown
> > seems to be resolved by re-installing the 011 patch but I
> > am wondering why I cant find any indication of the
> > infection? All Viruscan logs are clear?
> >
> > When I look up the sasser characteristics, I notice that
> > the error is slightly different than posted on Mcafee's
> > website? We dont get the LSA Shell error and the System
> > shutdown error has a status code of 128 instead of
> > 1073741819? Any ideas? The slight veriation in behavior
> > concerns me?
>
>
- Next message: rick: "homepage hijacked to "About blank" and search x"
- Previous message: Vivek Ahuja: "Re: Permissions to run Outlook on small net with exchange"
- In reply to: Sartan Dragonbane: "Re: Sasser worm"
- Next in thread: Keith W. McCammon: "Re: Sasser worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
