Re: Sasser worm
From: Keith W. McCammon (km_at_km.com)
Date: 05/04/04
- Next message: jla: "Log On Workaround"
- Previous message: Keith W. McCammon: "Re: Sasser Worm"
- In reply to: Kevin: "Sasser worm"
- Next in thread: Viper3256: "Re: Sasser worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 4 May 2004 10:30:41 -0400
See this, which links to a checker, the patch, and the cleaning tool...
http://www.microsoft.com/security/incident/sasser.asp
"Kevin" <kevin.bentley@wdc.com> wrote in message
news:7f2301c43187$62c23fe0$a001280a@phx.gbl...
> We have some machines in our environment that seem to
> have been hit by Sasser this afternoon.
>
> The problem is that I can not find any of the sasser
> components present in the systems? Many of the machines
> scan clear with McAfee Enterprise 7.1.0 and the latest
> Stinger but still get a 60 sec countdown? The countdown
> seems to be resolved by re-installing the 011 patch but I
> am wondering why I cant find any indication of the
> infection? All Viruscan logs are clear?
>
> When I look up the sasser characteristics, I notice that
> the error is slightly different than posted on Mcafee's
> website? We dont get the LSA Shell error and the System
> shutdown error has a status code of 128 instead of
> 1073741819? Any ideas? The slight veriation in behavior
> concerns me?
- Next message: jla: "Log On Workaround"
- Previous message: Keith W. McCammon: "Re: Sasser Worm"
- In reply to: Kevin: "Sasser worm"
- Next in thread: Viper3256: "Re: Sasser worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
