K
Kenrick Fu
A new MS-Blast-like worm is spreading across the Internet by exploiting the
LSASS Buffer Overrun Vulnerability, if your system is not yet patched
against this vulnerability, please download and install the critical update
IMMEDIATELY from
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Signs of infection:
You keep receiving the following error messages:
1. "LSA Shell (Export Version) has encountered a problem and needs to close.
We are sorry for the inconvenience."
2. Your system reboots due to the LSASS.exe error ), please use the
following steps to clean the system:
To clean the system, follow these steps:
NOTE:
If your system keeps restarting, you can abort the system shut down by:
Click Start, click Run and type "shutdown -a" (without quotations),
then click OK.
1. Download and install the critical update IMMEDIATELY from
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
2. Press Ctrl + Alt + Delete to bring up the Task Manager and terminate the
"avserve.exe" process, then delete the avserve.exe from C:\Windows and
restart your computer.
More information regarding this worm:
http://www.f-secure.com/v-descs/sasser.shtml
http://www.sarc.com/avcenter/venc/data/w32.sasser.worm.html
LSASS Buffer Overrun Vulnerability, if your system is not yet patched
against this vulnerability, please download and install the critical update
IMMEDIATELY from
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Signs of infection:
You keep receiving the following error messages:
1. "LSA Shell (Export Version) has encountered a problem and needs to close.
We are sorry for the inconvenience."
2. Your system reboots due to the LSASS.exe error ), please use the
following steps to clean the system:
To clean the system, follow these steps:
NOTE:
If your system keeps restarting, you can abort the system shut down by:
Click Start, click Run and type "shutdown -a" (without quotations),
then click OK.
1. Download and install the critical update IMMEDIATELY from
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
2. Press Ctrl + Alt + Delete to bring up the Task Manager and terminate the
"avserve.exe" process, then delete the avserve.exe from C:\Windows and
restart your computer.
More information regarding this worm:
http://www.f-secure.com/v-descs/sasser.shtml
http://www.sarc.com/avcenter/venc/data/w32.sasser.worm.html