lsass, sasser, avserve...!!!

[Guest]

this is quite the problem....been working on it for 6 hours now...
Running Windows 2000 server
thought the sasser worm fixtool had done it for me, but problem is still there...
computer will not stay up for more than 60 seconds unless I am in safe mode
As soon as I try to go to Safe mode with Networking, or boot normally....I get the screen that wants to shut me down in 60 seconds...
So it's pretty hard to go to windows update to make sure I have all the latest patches...
(which I am pretty sure I do already
About to try Stinger...and see how it works..
If anyone has any other ideas....I'd love to hear them..............thanx in advance.........big dee

 

[Yuri Meng]

http://www.microsoft.com/security/incident/sasser.asp

--
Sincerely,
Yuri Meng

this is quite the problem....been working on it for 6 hours now....
Running Windows 2000 server.
thought the sasser worm fixtool had done it for me, but problem is still there....
computer will not stay up for more than 60 seconds unless I am in safe mode.
As soon as I try to go to Safe mode with Networking, or boot normally....I

get the screen that wants to shut me down in 60 seconds....

So it's pretty hard to go to windows update to make sure I have all the latest patches....
(which I am pretty sure I do already)
About to try Stinger...and see how it works...
If anyone has any other ideas....I'd love to hear them..............thanx

in advance.........big dee

 

[Lanwench [MVP - Exchange]]

If you don't protect your computer, it will get reinfected again ASAP.
If you're on a network, get a hardware firewall appliance to help protect
your entire network from the Internet - run Windows Update regularly (make
sure you have the April 13th patch installed - should show up in add/remove
programs as Windows XP Hotfix KB835732)

If you can't stop your computer from restarting:

As soon as your computer reboots and Windows loads, click Start, then Run.
In the box, type the following:

shutdown -a (then click OK)

Then see http://www.microsoft.com/security/incident/sasser.asp and
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

McAfee's Stinger tool claims to remove Sasser:
http://vil.nai.com/vil/stinger/

Enable your XP firewall (or get a third party one if not on XP or even if
so - www.zonealarm.com has a free one) and run Windows Update regularly to
keep your OS patched to the gills. You also need good antivirus software and
need to keep it updated regularly. As mentioned, the patch for this exploit
was released April 13th...but there are plenty you do need. Perhaps want to
enable the autoupdate feature of Windows Update and subscribe to the
security bulletin announcements at www.microsoft.com/security.

 

[Bruce Chambers]

Greetings --

You've apparently contracted the latest worm, W32.Sasser.Worm,
specifically designed to attack people who do not update their
computers promptly and who do not practice "safe hex." In other
words, like Blaster, this worm was developed and distributed _after_ a
patch for the vulnerability was announced and made publicly available.
Further, and also like Blaster, this worm could not affect any
computer whose user had taken the basic precaution of using a properly
configured firewall.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH