Re: w32 sasser worm

From: Shenan Stanley (news_helper_at_hushmail.com)
Date: 05/02/04 

Date: Sun, 2 May 2004 08:56:36 -0500

salley wrote:
> Got an email fromYou can help protect your computer by
> downloading and installing
> Microsoft Security Update MS04-011. You can find more
> informationon this update at:
> http://go.microsoft.com/?LinkID=466770
> I have windows XP but now sure which version as noted
> below:
> . Microsoft Windows XP and Microsoft Windows XP Service
> Pack 1 - Download the update
> . Microsoft Windows XP 64-Bit Edition Service Pack 1 -
> Download the update
> . Microsoft Windows XP 64-Bit Edition Version 2003 -
> Download the update
> DO I NEED TO DOWNLOAD THIS PATCH & HOW DO I DETERMINE
> WHICH VERSION NOTED ABOVE
> thanks pls email at address above
> walton

You are 32bit.
You need the MS04-011 patch.
Go here:
http://www.microsoft.com/security/incident/sasser.asp

Good luck and follow this advice - some periodically:

Please Notice that if you use AOL, you should at least upgrade to 9.0 or
greater before doing any of the fixes. I know you can get AOL 9.0 at almost
any convenience store, gas station, super market or other retail outlet in
the world, so this should not be a problem.

Turn on that firewall...
http://www.microsoft.com/WindowsXP/home/using/howto/homenet/icf.asp
(It has been reported that it now works with AOL 9.0+)

Make sure you have all the updates (critical) installed from:
http://windowsupdate.microsoft.com/
(Scan for updates, Review and Install)

Get rid of the spy/ad/mal-ware..
(Yes - using MORE than one of these..
I recommend at least the first three. Also..
UPDATE the definitions for them before using.)

 Spybot Search and Destroy
 http://www.safer-networking.net/

 Lavasoft AdAware
 http://www.lavasoft.de

 CWSShredder
 http://www.spywareinfo.com/~merijn/downloads.html

 Hijack This!
 http://mjc1.com/mirror/hjt/

 I also like "The Cleaner" and "SpywareBlaster" and "SpywareGuard".
  - http://www.moosoft.com/
  - http://www.javacoolsoftware.com/

The first is a PAY product, but useable for 30 days - it has found and
eliminated problems in the past the others did not. The latter two are
prevention mechanisms. I like SpywareGuard for those with enough processor
to have something running like antivirus software - and it prevents browser
hijacking quite well. SpywareBlaster is a FANTASTIC free product, I suggest
getting this after you cleanup and keeping it updated as well....

 And Assortment of Others:
 http://spywareinfo.com/

After you cleanup your PC somewhat of spy/ad/mal-ware, verify your antivirus
software is updated and run a full scan of your computer. If you have no
antivirus software - get one NOW! Grisoft AntiVirus:
http://www.grisoft.com/us/us_dwnl_free.php

Empty your Temporary Internet Files and shrink the size it stores to about
80 to 120MB (seems to be an optimal size for the normal user)

 - Open ONE copy of Internet Explorer.
 - Select TOOLS -> Internet Options.
 - Under the General tab in the "Temporary Internet Files" section,
   do the following:
  - Click on "Delete Cookies" (click OK)
  - Click on "Settings" and change the
    "Amount of disk space to use:" to something between 80MB
    and 120MB. (Betting it is MUCH larger right now.)
  - Click OK.
  - Click on "Delete Files" and select to
    "Delete all offline contents" (the checkbox) and click
    OK. (If you had a LOT, this could take 2-10 minutes or
    more.)
- Once it is done, click OK, close Internet Explorer
- Re-open Internet Explorer.

Uninstall any software you do not use often/ever. (If you have something
installed but never use it, uninstall it.) If you go through Control
Panel -> Add/Remove Programs and see things you seldom if ever use, it is to
your advantage to remove it.

Also, if you are tired of Web Page Pop-Ups/Unders.. You could try the
Google Toolbar.
http://toolbar.google.com/

Stop loading applications at logon.. run MSCONFIG and look under the startup
tab for things you DON'T want to startup! Search the Internet with Google
to discover what things are safe to remove and what things may even be
malware infecting your computer.

Better control your email and lessen the amount of time you spend dealing
with SPAM:
 SpamBayes
 http://sourceforge.net/projects/spambayes/
or
 Spamihilator.
 http://www.spamihilator.com 

-- 
<- Shenan ->
--

Relevant Pages

  • Re: Spyware
    ... > Internet trying to load games, ... Microsoft has these suggestions for Protecting your computer from the ... keep it clean,secure and running at its top performance mark. ... and some you can only download if you are registered - but it is best ...
    (microsoft.public.windowsxp.general)
  • Re: Downloads and Spyware
    ... >> Microsoft, either from a CD or the internet ... >> it better to download these to my desktop in order to ... >> spyware applications before the actual install on my ... >> them are identified as Temp Internet files which I am ...
    (microsoft.public.windowsxp.general)
  • Re: Downloads and Spyware
    ... >>> Microsoft, either from a CD or the internet ... >>> 1) Should I disable my anti-virus and spyware ... >>> it better to download these to my desktop in order to ... >>> them are identified as Temp Internet files which I am ...
    (microsoft.public.windowsxp.general)
  • Re: Downloads and Spyware
    ... > it better to download these to my desktop in order to ... > spyware applications before the actual install on my stem? ... > them are identified as Temp Internet files which I am ... of the Microsoft Powertoys - TweakUI in particular: ...
    (microsoft.public.windowsxp.basics)
  • Re: dialer pops up..help!!
    ... > know how to surf the net, send emails and use microsoft word...and ... If you don't wish to follow all of the advice immediately, ... You should also empty your Internet Explorer Temporary Internet ... are pay - some you can only download if you are registered - but it is best ...
    (microsoft.public.windowsxp.perform_maintain)