Sasser virus
in [Windows Viruses]
|
From: len Knee len on 11 Jan 2007 21:05 My saga began with a pop up shut down NY authority system time shut down staus code 1073741819 google seach shows this is typical of the effect of the sasser worm. Ran McAfee scan, PC pitstop scan, and windows malicious software remaoval tool all report that there is no Sasser worm Fire wall has been on all the time, all windows updates have been and are in place had shut down pop ups for Fssm.exe and another software today which on error report launched a microsft web page sasser worm with links to malicious soft ware removal tool which i ran again. Both full and quick same result. No infection. Running XP pro; V 2002 SP2 RAM 256 MB; 1.59 GHz CPU Intel pentium M 1.69Hz Dell Inspiron 510M Do I go out and buy a Macbook or is this fixable?? I am grateful for any help that may be provided.
From: David H. Lipman on 11 Jan 2007 21:36 From: "len Knee" <len Knee(a)discussions.microsoft.com> | My saga began with a pop up shut down | NY authority system time shut down staus code 1073741819 google seach shows | this is typical of the effect of the sasser worm. | Ran McAfee scan, PC pitstop scan, and windows malicious software remaoval | tool all report that there is no Sasser worm | | Fire wall has been on all the time, all windows updates have been and are in | place | had shut down pop ups for Fssm.exe and another software today which on error | report launched a microsft web page sasser worm with links to malicious soft | ware removal tool which i ran again. Both full and quick same result. No | infection. | | Running XP pro; V 2002 SP2 | RAM 256 MB; 1.59 GHz | CPU Intel pentium M 1.69Hz | Dell Inspiron 510M | | Do I go out and buy a Macbook or is this fixable?? | | I am grateful for any help that may be provided. | The sasser virus is long since gone. However it has been replaced by other Internet worms that exploit that LSASS module via TCP port 445. Therefore, a Sasser related removal tool is useles if you were infected with a SDBot or other internet worm. You can stiop the ... NT AUTHORITY\SYSTEM 'c:\windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819 Go to; Start --> Run enter; shutdown -a Microsoft's LSASS vulnerability patch. WinXP KB835732 http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en Please read the following URL: http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx You need a FireWall. If you don't patch the PC and not use a FireWall then you will just be re-infected. I also suggest the installation of ALL MS Critical Updates ASAP. If it is WinXP -- Install WinXP SP2 ASAP ! If your PC is behind a FireWall, has the patch installed and you have WinXP SP2 installed and you get this message (and it is possible) then it is NOT becuase of an Internet worm). Scan with the McAfee module in the below Multi AV Scanning Tool.... Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor's web site. The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. http://www.ik-cs.com/multi-av.htm Additional Instructions: http://pcdid.com/Multi_AV.htm * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
From: Vincenzo on 4 Feb 2007 04:33 From: "len Knee" <len Knee(a)discussions.microsoft.com> | My saga began with a pop up shut down | NY authority system time shut down staus code 1073741819 google seach shows | this is typical of the effect of the sasser worm. | Ran McAfee scan, PC pitstop scan, and windows malicious software remaoval | tool all report that there is no Sasser worm | | Fire wall has been on all the time, all windows updates have been and are in | place | had shut down pop ups for Fssm.exe and another software today which on error | report launched a microsft web page sasser worm with links to malicious soft | ware removal tool which i ran again. Both full and quick same result. No | infection. | | Running XP pro; V 2002 SP2 | RAM 256 MB; 1.59 GHz | CPU Intel pentium M 1.69Hz | Dell Inspiron 510M | | Do I go out and buy a Macbook or is this fixable?? | | I am grateful for any help that may be provided. | The sasser virus is long since gone. However it has been replaced by other Internet worms that exploit that LSASS module via TCP port 445. Therefore, a Sasser related removal tool is useles if you were infected with a SDBot or other internet worm. You can stiop the ... NT AUTHORITY\SYSTEM 'c:\windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819 Go to; Start --> Run enter; shutdown -a Microsoft's LSASS vulnerability patch. WinXP KB835732 http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en Please read the following URL: http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx You need a FireWall. If you don't patch the PC and not use a FireWall then you will just be re-infected. I also suggest the installation of ALL MS Critical Updates ASAP. If it is WinXP -- Install WinXP SP2 ASAP ! If your PC is behind a FireWall, has the patch installed and you have WinXP SP2 installed and you get this message (and it is possible) then it is NOT becuase of an Internet worm). Scan with the McAfee module in the below Multi AV Scanning Tool.... Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor's web site. The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. http://www.ik-cs.com/multi-av.htm Additional Instructions: http://pcdid.com/Multi_AV.htm * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
From: Vincenzo on 4 Feb 2007 04:49 ----- Original Message ----- From: "David H. Lipman" <DLipman~nospam~@Verizon.Net> Newsgroups: microsoft.public.security.virus Sent: Friday, January 12, 2007 3:36 AM Subject: Re: Sasser virus > From: "len Knee" <len Knee(a)discussions.microsoft.com> > > | My saga began with a pop up shut down > | NY authority system time shut down staus code 1073741819 google seach > shows > | this is typical of the effect of the sasser worm. > | Ran McAfee scan, PC pitstop scan, and windows malicious software > remaoval > | tool all report that there is no Sasser worm > | > | Fire wall has been on all the time, all windows updates have been and > are in > | place > | had shut down pop ups for Fssm.exe and another software today which on > error > | report launched a microsft web page sasser worm with links to malicious > soft > | ware removal tool which i ran again. Both full and quick same result. No > | infection. > | > | Running XP pro; V 2002 SP2 > | RAM 256 MB; 1.59 GHz > | CPU Intel pentium M 1.69Hz > | Dell Inspiron 510M > | > | Do I go out and buy a Macbook or is this fixable?? > | > | I am grateful for any help that may be provided. > | > > The sasser virus is long since gone. However it has been replaced by > other Internet worms > that exploit that LSASS module via TCP port 445. > > Therefore, a Sasser related removal tool is useles if you were infected > with a SDBot or > other internet worm. > > You can stiop the ... > NT AUTHORITY\SYSTEM > 'c:\windows\system32\lsass.exe' terminated unexpectedly with status > code -1073741819 > > Go to; Start --> Run > enter; shutdown -a > > Microsoft's LSASS vulnerability patch. > WinXP KB835732 > http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en > > > Please read the following URL: > http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx > > You need a FireWall. > If you don't patch the PC and not use a FireWall then you will just be > re-infected. > > I also suggest the installation of ALL MS Critical Updates ASAP. > > If it is WinXP -- Install WinXP SP2 ASAP ! > > If your PC is behind a FireWall, has the patch installed and you have > WinXP SP2 installed > and you get this message (and it is possible) then it is NOT becuase of an > Internet worm). > > > Scan with the McAfee module in the below Multi AV Scanning Tool.... > > > Download MULTI_AV.EXE from the URL -- > http://www.ik-cs.com/programs/virtools/Multi_AV.exe > > To use this utility, perform the following... > Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } > Choose; Unzip > Choose; Close > > Execute; C:\AV-CLS\StartMenu.BAT > { or Double-click on 'Start Menu' in C:\AV-CLS } > > NOTE: You may have to disable your software FireWall or allow WGET.EXE to > go through your > FireWall to allow it to download the needed AV vendor related files. > > C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} > This will bring up the initial menu of choices and should be executed in > Normal Mode. > This way all the components can be downloaded from each AV vendor's web > site. > The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and > Reboot the PC. > > You can choose to go to each menu item and just download the needed files > or you can > download the files and perform a scan in Normal Mode. Once you have > downloaded the files > needed for each scanner you want to use, you should reboot the PC into > Safe Mode [F8 key > during boot] and re-run the menu again and choose which scanner you want > to run in Safe > Mode. It is suggested to run the scanners in both Safe Mode and Normal > Mode. > > When the menu is displayed hitting 'H' or 'h' will bring up a more > comprehensive PDF help > file. http://www.ik-cs.com/multi-av.htm > > Additional Instructions: > http://pcdid.com/Multi_AV.htm > > > * * * Please report back your results * * * > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > http://www.ik-cs.com/got-a-virus.htm > > I've got the same problem since 3 weeks ago (even if my message error is related to Windows/system32/services.exe, and not to lsass.exe). I'v got all my O.S., Firewall and antivirus up-to-date; Pc scanned with Multi-AV, in normal and safe mode, with Sophos and Mac Afee, as written above, but no sign of infecion. May be it could be the file "services.exe"? No sign of infection when I scan this file. Mr Lipman, you wrote: "If your PC is behind a FireWall, has the patch installed and you have WinXP SP2 installed (like mine) > and you get this message (and it is possible) then it is NOT becuase of an > Internet worm)." SO WHAT IS IT????????????????????? I don't really want to format my pc (I'm not sure that can solve the problem....too). May be............."I shall go out and buy a Macbook"....! Thanks for any help.... Vincenzo PS: sorry I wrang to send the previous message! This is my message!
From: David H. Lipman on 4 Feb 2007 07:44 From: "Vincenzo" <vinvizzi(a)tele2.it> | I've got the same problem since 3 weeks ago (even if my message error is | related to Windows/system32/services.exe, and not to lsass.exe). | I'v got all my O.S., Firewall and antivirus up-to-date; | Pc scanned with Multi-AV, in normal and safe mode, with Sophos and Mac Afee, | as written above, but no sign of infecion. | May be it could be the file "services.exe"? No sign of infection when I scan | this file. | Mr Lipman, you wrote: "If your PC is behind a FireWall, has the patch | installed and you have WinXP SP2 installed (like mine) >> and you get this message (and it is possible) then it is NOT becuase of an >> Internet worm)." | SO WHAT IS IT????????????????????? | I don't really want to format my pc (I'm not sure that can solve the | problem....too). | May be............."I shall go out and buy a Macbook"....! | Thanks for any help.... | Vincenzo | | PS: sorry I wrang to send the previous message! This is my message! | I have yet to discern what can cause the error if it is deemed NOT to bve Internet worm activity nor how to cure it. Sorry :-( -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
Pages: 1 Prev: Exceeded Internet Timeout Virus? Next: ntoskml.exe Problem |