Sasser Related issue

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have 3 machines that are doing the same thing

1. They do not exhibit any signs of Sasser when disconnected from ISP
2. They exhibit all signs but no symptoms (no processes/reg entries) when connected to internet

I have
installed all patche
ran (updated) virus scan and comes back clean
disabled all ipsec services i could find

Any ideas?
 
--------------------
From: "=?Utf-8?B?UlQ=?=" <[email protected]>
Subject: Sasser Related issue
Date: Wed, 5 May 2004 09:11:06 -0700

I have 3 machines that are doing the same thing:

1. They do not exhibit any signs of Sasser when disconnected from ISP.
2. They exhibit all signs but no symptoms (no processes/reg entries) when
connected to internet.

I have:
installed all patches
ran (updated) virus scan and comes back clean.
disabled all ipsec services i could find.

Any ideas?
Sasser removal tool:
====================
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.t
ool.html

Manual Sasser removal:
=====================
Use the Task manager to kill the following processes:
*_up.exe
avserv*.exe
hkey.exe
msiwin84.exe
wmiprvsw.exe
Use Regedit from the command line to look for and remove any of the the
following keys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"avserve.exe" = C:\WINDOWS\avserve.exe
HLKM\Software\Microsoft\Windows\CurrentVersion\Run
"windows"="hkey.exe"
"Microsoft Update"="msiwin84.exe"
"System Updater Service"="wmiprvsw.exe"
"avserve2.exe = %WINDIR%\avserve2.exe"

Search for & delete the following files from the harddrive:
C:\WINDOWS\avserv*.exe
c:\WINDOWS\system32\*_up.exe
avserve*.exe
hkey.exe
msiwin84.exe
wmiprvsw.exe


--
~~ JASON HALL ~~
~ Performance Support Specialist,
~ Microsoft Enterprise Platforms Support
~ This posting is provided "AS IS" with no warranties, and confers no
rights.
~ Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
~ Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Sasser Symtoms Without the Virus 7
Lsass problem, not sasser? 1
SP1 2
Sasser virus? 3
Question Regarding Sasser 2
sasser or new virus? 6
Sasser/Internet connection 2
sasser worm 1

Back
Top