Jump to content

Build Theme!
  • Infected?


Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92142 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


New Sasser Worm?

  • Please log in to reply
1 reply to this topic

#1 fogeyman


    New Member

  • New Member
  • Pip
  • 1 posts

Posted 06 August 2004 - 10:21 PM

I think my friend's computer has received a new version of the sasser worm. The service pack 2 has not been able to remove it, nor has the sasser remover supplied by www.symantec.com. All updates have been installed, however the virus remains. A shutdown message pops up saying it will shutdown in 1 minute. The file that screws up is lsass.exe located in the system32 folder. We had the MSBlast patch installed before being infected, I'm sure of that. I have noticed a few new things that happen when this worm appears. First, if I go to the start menu and click "Turn Off Computer," the log off menu pops up instead of the shut down menu. Also, I cannot update the computer from www.windowsupdate.com. The symantec sasser fixer can't detect it, nor can any other anti-anything. However, running the command prompt and typing in shutdown -a cancels the shutdown. But the rest of the problems remain. Also, we (my friend and I) couldn't install Microsoft Office Pro 2003 after being infected, but we could install it before being infected. Has anyone else experienced this? Is there anything we can do?


Register to Remove

#2 spywarekiller


    New Member

  • Authentic Member
  • Pip
  • 3 posts

Posted 05 September 2004 - 10:44 AM

Hi fogeyman,

Removing Sasser from your computer.

Sasser is a worm that spreads itself via the Internet. An unprotected Windows XP machine will get Sasser within just a few minutes of being put on the ‘net. To protect your system run Windows Update regularly and use a firewall (a broadband router will do fine).

To remove the Sasser infection follow these steps:

1. Disconnect from the Internet.
2. Disable Sasser to keep your system from rebooting. Click Start, select Run… and enter shutdown -a then press OK. That will stop the worm.
3. Turn on your Windows XP firewall. Open Network Connections, right-click your network connection icon and select Properties. Click the Advanced tab and turn on the firewall. This will prevent reinfection.
4. Reconnect to the Internet
5. Update your anti-virus and disinfect your computer, or download the free Sasser removal tool from SARC.
6. Run Windows Update and install all critical updates. You should do this regularly.
* Viruses Tags Along eWeek March 29, 2004. You can get infected with a virus just by reading an email message.
* Why Are Virus Attacks Getting Worse? By John C. Dvorak in PC Magazine March 8, 2004
* Set Antivirus Software for Maximum Protection Activate crucial settings to ensure that your system is completely protected. From the January 2003 issue of PC World.
Sincerely, Brandon

Related Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users