Help Identify Virus or Worm


S

SAG

I have a friend that has a computer (with winXP home) with the following
symptoms. Since last Friday, the computer has become more and more sluggish,
with less ability do do anything on the computer. In addition, when the
computer is started now, it sometimes shows the "this computer is in use and
has been locked" dialog. Support people suggested to them that they have
been infected by sasser. Anyone recognize the symptoms as a particular worm
or virus? This particular computer was being used without an antivirus, and
had not been patched with security updates. I am trying to help them recover
from whatever the infection is.

And is there any way I can get around the "this computer is in use" dialog.

TIA
 
Ad

Advertisements

T

The Prophecy

SAG said:
I have a friend that has a computer (with winXP home) with the
following symptoms. Since last Friday, the computer has become more
and more sluggish, with less ability do do anything on the computer.
In addition, when the computer is started now, it sometimes shows the
"this computer is in use and has been locked" dialog. Support people
suggested to them that they have been infected by sasser. Anyone
recognize the symptoms as a particular worm or virus? This
particular computer was being used without an antivirus, and had not
been patched with security updates. I am trying to help them recover
from whatever the infection is.

And is there any way I can get around the "this computer is in use"
dialog.

TIA
First of all, go to Windows Update and get all the update patches. Then load
on an Antivirus program such as Norton, update it, do a full system scan and
remove all infected files.
 
T

Tom R

SAG said:
I have a friend that has a computer (with winXP home) with the following
symptoms. Since last Friday, the computer has become more and more sluggish,
with less ability do do anything on the computer. In addition, when the
computer is started now, it sometimes shows the "this computer is in use and
has been locked" dialog. Support people suggested to them that they have
been infected by sasser. Anyone recognize the symptoms as a particular worm
or virus? This particular computer was being used without an antivirus, and
had not been patched with security updates. I am trying to help them recover
from whatever the infection is.

And is there any way I can get around the "this computer is in use" dialog.

TIA
If you can get connected to the internet,
You might want to run a "free" online virus scan,
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Another free online virus scanner I use is
"BitDefender"
http://www.bitdefender.com/scan/license.php

If you can't get on the internet, download the "Stinger"
http://vil.nai.com/vil/stinger/

to a floppy on another computer and run it on the
infected computer.
Then try to get online and run Panda or BitDefender.

Good Luck,
Tom
 
T

Tech Zero

The voice of "SAG" drifted in on the cyber-winds,
from the sea of virtual chaos...
I have a friend that has a computer (with winXP home) with the
following symptoms. Since last Friday, the computer has become
more and more sluggish, with less ability do do anything on the
computer. In addition, when the computer is started now, it
sometimes shows the "this computer is in use and has been locked"
dialog. Support people suggested to them that they have been
infected by sasser. Anyone recognize the symptoms as a particular
worm or virus? This particular computer was being used without an
antivirus, and had not been patched with security updates. I am
trying to help them recover from whatever the infection is.

And is there any way I can get around the "this computer is in
use" dialog.

In addittion...
Turn on XP's built-in firewall before you go online to grab the patch.

This worm uses is a Vulnerability in the Local Security Authority
Subsystem Service in Microsoft 2000 & XP, so all Win98 & WinME systems
are immune to this one...


"Official" removal instructions:
https://www.microsoft.com/security/incident/sasser.asp

More on the "Sassar" variants:
http://www.grisoft.com/virbase/virbase.php?lng=us&type=web&action=view&qvirus=086fdab66b76a000
http://www.sophos.com/search/?virus_search=1&terms=Sasser

About the exploit (that's been patched since April):
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
 
F

FromTheRafters

Tech Zero said:
This worm uses is a Vulnerability in the Local Security Authority
Subsystem Service in Microsoft 2000 & XP, so all Win98 & WinME systems
are immune to this one...
In a manner similar to the blaster worm, the exploit of the vulnerability,
which is the vector the worm uses to propagate, is specific to certain
OSs. However, that does not make other OSs immune to the worm
executable if it perchance arrives via another vector. Two issues, the
exploit - and the worm.
 
Ad

Advertisements

T

Tech Zero

The voice of "FromTheRafters" drifted in on the cyber-winds,
from the sea of virtual chaos...
In a manner similar to the blaster worm, the exploit of the
vulnerability, which is the vector the worm uses to propagate, is
specific to certain OSs. However, that does not make other OSs
immune to the worm executable if it perchance arrives via another
vector. Two issues, the exploit - and the worm.

Too true...
It's too early to tell if we'll see a "spamage" or "P2P" variant, but
in it's current state there's no way for a Win98 to become infected,
since it lacks the exploit.
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top