Main Page 
PC Review
Forums
Newsgroups
Windows XP
Windows XP Security
To some MVP: SASSER question
Forums
Newsgroups
Windows XP
Windows XP Security
To some MVP: SASSER question
 |
To some MVP: SASSER question |
|
|
Thread Tools | Rate Thread |
06-05-2004, 06:12 PM
|
#1 |
|
Guest
Posts: n/a
|
To some MVP: SASSER question
I dont have any problem whit this virus, but i want to know for a discussion whit some friends, about a system after a infection that was cleaned and patched, if is necesary to format an reinstall the OS. Thx in advance |
|
|
06-05-2004, 06:41 PM
|
#2 |
|
Guest
Posts: n/a
|
Re: To some MVP: SASSER question
Maat wrote:
> I dont have any problem whit this virus, but i want to > know for a discussion whit some friends, about a system > after a infection that was cleaned and patched, if is > necesary to format an reinstall the OS. Hi No, that is not necessary... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/co...er/default.mspx |
|
|
|
06-05-2004, 07:51 PM
|
#3 |
|
Guest
Posts: n/a
|
Re: To some MVP: SASSER question
THAKS! >-----Original Message----- >Maat wrote: > >> I dont have any problem whit this virus, but i want to >> know for a discussion whit some friends, about a system >> after a infection that was cleaned and patched, if is >> necesary to format an reinstall the OS. >Hi > >No, that is not necessary... > > >-- >torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway >Administration scripting examples and an ONLINE version of >the 1328 page Scripting Guide: >http://www.microsoft.com/technet/co...scriptcenter/de fault.mspx >. > |
|
|
|
06-05-2004, 11:33 PM
|
#4 |
|
Guest
Posts: n/a
|
To some MVP: SASSER question
I'm in no danger of becoming an MVP,but here's SANS
Internet Strom Center take on this question,published this morning: A reader asked why we recommend a complete rebuild of systems infected with 'sasser', given that 'sasser' is rather benign and easy to clean. The problem with 'sasser' is that it is an indicator exploit. The fact that you are infected with 'sasser' indicates that you were vulnerable to the LSASS exploit. Before sasser, a large number of bot variants exploited this same vulnerability. We find that many systems infected with 'sasser' are infected with one or more bots in addition to 'sasser'. Each day, we receive several distinct 'bot' samples. Antivirus signatures are typically not able to keep up with all versions, and many 'bots' include specific code to plant backdoors, disable firewalls and antivirus products, or to add additional system accounts. Antivirus software is not able to reliably detect and clean all of these bots. As a result, it is impossible to tell if any of these bots are left on your system. Only a thorough (and costly) forensics analysis by a trained specialist will provide some assurance. As a result, if you are infected by 'sasser', try to rebuild your system from scratch. For detailed instructions on setting up a new system safely, see http://www.sans.org/rr/papers/index.php?id=1298 (Windows XP: Surviving the first day). If you acquire a new system, assume it is not yet patched and use extreme care the first time you connect it to the network. >-----Original Message----- > >I dont have any problem whit this virus, but i want to >know for a discussion whit some friends, about a system >after a infection that was cleaned and patched, if is >necesary to format an reinstall the OS. > >Thx in advance > > >. > |
|
|
|
07-05-2004, 04:37 AM
|
#5 |
|
Guest
Posts: n/a
|
Re: To some MVP: SASSER question
Greetings --
No, of course, a format of the hard drive is _not_ necessary after removing a virus. Can't even imagine why anyone would ever think it would be. Bruce Chambers -- Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html You can have peace. Or you can have freedom. Don't ever count on having both at once. -- RAH "Maat" <anonymous@discussions.microsoft.com> wrote in message news:96e901c4338d$5458af40$a301280a@phx.gbl... > > I dont have any problem whit this virus, but i want to > know for a discussion whit some friends, about a system > after a infection that was cleaned and patched, if is > necesary to format an reinstall the OS. > > Thx in advance > > |
|
|
|
07-05-2004, 04:38 AM
|
#6 |
|
Guest
Posts: n/a
|
Re: To some MVP: SASSER question
Greetings --
If you like using an axe to trim your fingernails, follow that advice. Bruce Chambers -- Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html You can have peace. Or you can have freedom. Don't ever count on having both at once. -- RAH "Sadie" <anonymous@discussions.microsoft.com> wrote in message news:988f01c433ba$35c3bb10$a601280a@phx.gbl... > I'm in no danger of becoming an MVP,but here's SANS > Internet Strom Center take on this question,published > this morning: > |
|
|
|
22-11-2004, 05:04 PM
|
#7 |
|
Guest
Posts: n/a
|
Re: To some MVP: SASSER question
Hello i am new in this forum and i am in need for ur hellp i dont know how but my computer keeps shuting down i downloaded some win updats for sasser and it stoped but when i search for sasser there was no where to be found ..... after that computer works fine but somthing is not leting my firewall and antivirus to work , i try do uninstal and install but it would not let me install them .........plz hellp i am desprate hellp me Thx  -- D3v!L |
|
|
|
23-11-2004, 02:24 AM
|
#8 |
|
Guest
Posts: n/a
|
Re: To some MVP: SASSER question
1) Download the following four items...
McAfee Stinger http://vil.nai.com/vil/stinger/ Trend Sysclean Package http://www.trendmicro.com/download/dcs.asp Latest Trend Pattern File. http://www.trendmicro.com/download/pattern.asp Adaware SE (free personal version v1.05) http://www.lavasoftusa.com/ Create a directory. On drive "C:\" (e.g., "c:\New Folder") or the desktop (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder") Download Sysclean.com and place it in that directory. Download the Trend Pattern File by obtaining the ZIP file. For example; lpt259.zip Extract the contents of the ZIP file and place the contents in the same directory as sysclean.com. 2) Update Adaware with the latest definitions. 3) Disable System Restore http://vil.nai.com/vil/SystemHelpDo...eSysRestore.htm 4) Reboot your PC into Safe Mode 5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your platform and clean/delete any infectors/parasites found. (a few cycles may be needed) 6) Restart your PC and perform a "final" Full Scan of your platform using the three utilities; Trend Sysclean, Stinger and Adaware 7) Re-enable System Restore and re-apply any System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB), 8) Reboot your PC. 9) Create a new Restore point * * * Please report your results ! * * * Dave "D3v!L" <D3vL.1g5dh1@pcbanter.net> wrote in message news  3vL.1g5dh1@pcbanter.net...| | Hello i am new in this forum and i am in need for ur hellp | | i dont know how but my computer keeps shuting down i downloaded some | win updats for sasser and it stoped but when i search for sasser there | was no where to be found ..... after that computer works fine but | somthing is not leting my firewall and antivirus to work , i try do | uninstal and install but it would not let me install them .........plz | hellp i am desprate hellp me | | Thx | | | -- | D3v!L |
|
|
|
|
| Thread Tools | |
| Rate This Thread | |
|
|
