symantec.com sites blocked after sasser

[Guest]

I got sasser'd. I did the XP-home update, and then the MS removal tool. The sasscln.log entry shows I'm now clean. Before the clean up, I could not connect to the Norton update service, and this continues. When trying to go to their sites, my browser is giving a "site not found" error. I'm not finding anything that says sasser leaves this lasting effect after it's removed. Thoughts? Ideas

bumbee

 

[roger]

Hi,

I got sasser'd. I did the XP-home update, and then the MS removal tool. The sasscln.log entry shows I'm now clean. Before the clean up, I could not connect to the Norton update service, and this continues. When trying to go to their sites, my browser is giving a "site not found" error. I'm not finding anything that says sasser leaves this lasting effect after it's removed. Thoughts? Ideas?

bumbee

Go to C:\WINDOWS\SYSTEM32\DRIVERS\ETC
and find the "HOSTS" file. It's the one that's bigger than 1 k. Make a
copy of it for backup. Double click it to bring up the "Open With.."
window. Choose notepad to open it, then delete every line except
"127.0.0.1 localhost". Save it.

Good luck

 

[MAP]

-----Original Message-----
I got sasser'd. I did the XP-home update, and then the

MS removal tool. The sasscln.log entry shows I'm now
clean. Before the clean up, I could not connect to the
Norton update service, and this continues. When trying
to go to their sites, my browser is giving a "site not
found" error. I'm not finding anything that says sasser
leaves this lasting effect after it's removed.
Thoughts? Ideas?

bumbee
.

Open up your Hosts file and see what's in there,
127.0.0.1 is normal all others should be considred
suspect. If you see something like
127.0.0.1 symantec.com delete it.

Go to: Windows\System32\DRIVERS\etc. In the right pane
open your hosts file using Notepad. Note: Some XP users
have found renaming the Hosts files folder works as well.

 

[Guest]

Thanks, Roger and MAP. I found the long list of blocked sites in the HOSTS file, and fixed it. But, it came back after reboot. I turned off System Restore, fixed the file and saved it again, rebooted, and it came back bad again. With the file fixed, I can do my virus definitions update on my re-install of Norton (another Sasser related issue). But, how do I keep the file clean? There's something beyond the System Restore going on

bumbee

 

[wayne]

You have another virus that is trying to stop you from going to Symantec.com
web site!
Set your hosts file security to read only for all the users listed that
should stop it from being changed.

then update Norton and boot safe mode run a complete scan!

This virus is probably the one you have if you can get to Symantec's web
site

http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.removal.tool.html

Wayne

Thanks, Roger and MAP. I found the long list of blocked sites in the

HOSTS file, and fixed it. But, it came back after reboot. I turned off
System Restore, fixed the file and saved it again, rebooted, and it came
back bad again. With the file fixed, I can do my virus definitions update
on my re-install of Norton (another Sasser related issue). But, how do I
keep the file clean? There's something beyond the System Restore going on.