I've been told I have the Sasser worm, but none of the removal methods work

[Guest]

My computer's symptoms are the following: When using the internet, I get a message saying that my computer is being shutdown, and that it was initiated by NT Authority System. lsass.exe terminated unexpectedly with access code 1073741819. A second system is the occasional loss of administrative privelages (which is fixed with a reboot), and also Microsoft Update is unable to scan my computer.
I have scanned my computer with Stinger, but it found nothing and didn't scan everything, for some reason. I have scanned with the Sasser Worm removal tool from http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html, but it didn't find the worm. If this isn't the Sasser worm, what is it?? Or is it the Sasser Worm but it is somehow able to block my methods? Despretely in need of help.

 

[Guest]

Came across this in another post

http://www.sasser-worm.co

Dave

 

[Bruce Chambers]

Greetings --

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Guest]

Hi
I followed all the instructions on this site, and was finally able to have Microsoft Update scan my computer, so I thought the problem was fixed. However, when I logged on this morning, I got more messages saying that an error had occurred with LSA (Export Version). But they were dated for the past few days, so now I'm not sure as to whether I really got rid of the worm.

 

[Marc Liron MVP]

Hi,

With newer Sasser Worm varients appearing I also
recommend you use a Trojan Scanning
tool to make sure nothing elase has been placed on your
PC.

Why?

The Sasser Worm did not have this as part of its code,
HOWEVER the newer varients could
be written to do more than the original worm!

A FREE online Trojan scanner is here:

http://www.trojanscan.com

More on the Sasser worm at:

http://www.sasser-worm.com

Kind Regards

Marc Liron
Microsoft MVP
http://www.updatexp.com

 

[Ron Martell]

Hi,
I followed all the instructions on this site, and was finally able to have Microsoft Update scan my computer, so I thought the problem was fixed. However, when I logged on this morning, I got more messages saying that an error had occurred with LSA (Export Version). But they were dated for the past few days, so now I'm not sure as to whether I really got rid of the worm.

Get the latest version of Stinger (2.2.5 dated May 4 file size =
769,031 bytes and save it to the hard drive of the infected computer.

Boot the computer into Safe Mode and then run Stinger.

To boot Windows XP into Safe Mode turn the computer on and start
tapping the F8 key rapidly just as soon as the first information of
any kind shows on the screen (the Windows XP opening screen is too
late). Keep tapping until the Windows XP Startup Menu comes up and
then choose Safe Mode from the menu.

When the computer has finished booting into Safe Mode launch Stinger
and do a complete scan.

Good luck


Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

"The reason computer chips are so small is computers don't eat much."