cannot remove sasser

J

Julian Hales

Hi

Bit of a story, hope your sitting comfortably.

Boss bought a laptop, a 350mhz Dell sort of ok machine, came with XP pro.

The type of guy who doesnt know, want to know and never listens when you
tell him!

Had no modem so he bought a usb, told him not to connect it until he put
kerio on, anyway i ended up doing that......couldnt install the modem, so i
did that, and then explained how a firewall works.

Hes over my shoulder, im telling him to shut up and let me concentrate, but
whats he do, whinge non stop, so when kerio pops up i hit allow rather then
deny, and your guessed it, infected with sasser!

Brought it home, the pc not the boss, went to MS and came accross a couple
of downloads, so downloaded them, says no sasser at all.

Downloaded and installed AVG, comes up clean

same again with Norton 2005 trail, which i tell people not to use, and it
made the pc crawl along so slow my beard grew faster, again said no virus.
(not sure if sasser stopped av installation)

Online googling showed what to look for in task manager, and still reboots
etc.

Can anyone help? av nothing says its on, i know its on, pc knows its on as
it reboots but the others dont.

I know no av can be made until a virus is out, and i cant see it being such
a new variant nothing picks it up.

thanks.
 
D

David H. Lipman

1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt216.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point
9) Please report back your results

Dave





| Hi
|
| Bit of a story, hope your sitting comfortably.
|
| Boss bought a laptop, a 350mhz Dell sort of ok machine, came with XP pro.
|
| The type of guy who doesnt know, want to know and never listens when you
| tell him!
|
| Had no modem so he bought a usb, told him not to connect it until he put
| kerio on, anyway i ended up doing that......couldnt install the modem, so i
| did that, and then explained how a firewall works.
|
| Hes over my shoulder, im telling him to shut up and let me concentrate, but
| whats he do, whinge non stop, so when kerio pops up i hit allow rather then
| deny, and your guessed it, infected with sasser!
|
| Brought it home, the pc not the boss, went to MS and came accross a couple
| of downloads, so downloaded them, says no sasser at all.
|
| Downloaded and installed AVG, comes up clean
|
| same again with Norton 2005 trail, which i tell people not to use, and it
| made the pc crawl along so slow my beard grew faster, again said no virus.
| (not sure if sasser stopped av installation)
|
| Online googling showed what to look for in task manager, and still reboots
| etc.
|
| Can anyone help? av nothing says its on, i know its on, pc knows its on as
| it reboots but the others dont.
|
| I know no av can be made until a virus is out, and i cant see it being such
| a new variant nothing picks it up.
|
| thanks.
|
|
 
J

Julian Hales

David H. Lipman said:
1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt216.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point
9) Please report back your results

Dave
Click to expand...

tried that first before all others but when running each thing brought up
error -92

not sure how to safe mode in xp...stupid i know
 
D

David H. Lipman

Key "F8" during just after Power On Self Test (POST).

Dave



|
| tried that first before all others but when running each thing brought up
| error -92
|
| not sure how to safe mode in xp...stupid i know
 
J

Julian Hales

David H. Lipman said:
Key "F8" during just after Power On Self Test (POST).

Dave
thanks




|
| tried that first before all others but when running each thing brought up
| error -92
|
| not sure how to safe mode in xp...stupid i know
Click to expand...
 
D

David H. Lipman

Just let us know what happens and provide us with your results.

Dave




|
| | > Key "F8" during just after Power On Self Test (POST).
| >
| > Dave
|
| thanks
|
| >
| >
| >
| > | > |
| > | tried that first before all others but when running each thing brought
| up
| > | error -92
| > |
| > | not sure how to safe mode in xp...stupid i know
| >
| >
| >
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

re cannot remove sasser 7
still cant remove virus/trojan 3
Sasser - there or not?? 3
Question Regarding Sasser 2
Virus in Windows7 22
Anti-Virus interference 9
System Restore Problem 5
Anti-virus wars start up again (Its time to party like its the 1999) 30

Top