Windows XP home edition

[Charles Smith]

A buddy of mine bought a new Dell Inspirion 5100 with the
XP OS and didn't hear about the update process being
important. Guess what he got Sasser. I removed it the
first time and was in the process of updating his OS when
it struck again right in the middle of the installing the
securtiy patches. Now the operating system will not come
up in either regular or safe modes. Am I screwed and will
have to reinstall the system and loose all his STUFF as he
calls it?

 

[Sadie]

Was the XP firewall enabled when you tried to update your
buddies patches?Or,was your buddy running a third party
firewall?Just a tip you might like to pass on for future
reference.
Can you access safe mode via the BIOS? I am not 100%
certain what is going on here,I am only aware that many
people are reporting this type of issue.

This is highly experimental,since I am uncertain what is
causing the constant resets being reported by so many
people.Virus activity is one possibility-but a multitude
of other things such as soundcard problems/CPU
overheating can cause
resets.Bear in mind,this is written purely from a sense
of enabling a P.C to remain online long enough to
download critical patches.Let me know if it works or
not.My reasoning being,Sasser causes a buffer
overrun,flooding lsass.This will be recognised a system
failure,and if set to reboot automatically in the event
of system failure,XP will do so.)

If your computer resets before accessing Windows XP,refer
to your BIOS manual to determine how to boot into safe
mode via the BIOS.(e.g.I tap F5,but your computer may be
different.)This may prove impossible-report back,so a
clearer picture of events can be garnered from your
responses.

To prevent resets interupting the downloading of patches
Turn off Automatic Reboot, if you haven't already. Of
course, you can only do this if you can get into Safe
Mode and logged in as Administrator:

1) Click on "Start", right-click on "My Computer",
choose "Properties"
2) Click on the "Advanced" tab.
3) Under "Startup and Recovery" click on "Settings"
4) Under "System Failure" uncheck "Automatically Restart".
5) Click "Apply" then "Ok" then reboot your system.( If
you get an error message, and your system doesn't reboot,
report the precise error message.)
If it successfully reboots:
Still in safe mode,run a full virus scan of your entire
platform.Decent A.V programmes will allow you to do this.
At the very least,run Stinger,which has been updated to
detect all sasser variants.Download and save it straight
to a floppy:

Stinger:
http://vil.nai.com/vil/stinger/

Bear in mind the possibility that many agobots/worms also
exploited the lsass vulnerability.If your buddy got
Sasser,he probably let in a few nasties,too.Plus the
fact,the lsass patch is not the only patch against remote
code execution your pal might've missed.

Beyond that,keep exchanging feedback via this or the
virus forum.Even if you elect to reformat,please report
whether you were able to accomplish this.By reformat,I
mean a true,reboot from CD,run set-up style reformat.
It'd really help us all build a clear picture of what is
really going on.

Sadie

 

[Guest]

Hi,

Sadie has given you an excellent break down fo the issue which is 110% coorect. I am going to deliver a solution on how to save your "buddy's" data

You need to install windows into a new directory and then copy his profile across or his relevant data that he needs across to the new installation of Windows. I would also advise you geting the Free Security update CD from you local MS Sub as it has updares for Windows XP up until October 200

Please see below for the steps on installing windows to a new directory.

1. Insert your Windows XP CD
2. Restart the machine
3. Press the key specified to enter your BIOS. In most cases you need to press Del to enter the BIOS setup. You should see a message on startup, right in the beginning, which says something like “press <key> to enter setupâ€. E.g. Press Del to enter setup
4. Go into either the Boot section, if you have one, or the 2nd option (should be something like “BIOS features setup†or “Advanced BIOS featuresâ€)
5. Change to boot sequence (should show as “boot sequence†or first boot device; 2nd boot device; 3rd boot device; etc.) so that CD-ROM is first
6. Exit saving changes
7. When you see the message to press any key to boot from CD, press any key
8. At the "Welcome to Setup" screen, press Enter to do a clean install
9. Press F8 to agree to the license agreement
10. Press Esc to perform a clean installation. (If this option is not available, skip to the next step.
11. Press Enter to install to the selected drive
12. Press C to continue if prompted
13. When prompted to format, select the option to “Leave the current file system in tact†and press Enter
14. At the next screen, press Esc to change the directory
15. Change the path to \WinX
16. Press Enter
17. Complete the installation

Regards,

 

[Charles Smith]

No I didn't realize that XP had a firewall, I do now
thanks. I had cleared avserve out of the computer and was
getting the patches from MS when I was reinfected with
Sasser and at a very bad time just when the MS downlaod
had completed and the program was in the midst of
installing it. Sasser shut down the system and rebooted to
nothing, I got a black blank screen and nothing more. I
think the little B$st$rd should be brought to the U.S. so
we could hang him in the Town Squares around the U>S> as a
Pinota' for all to strike at least once. Thanks for your
help will try to follow your suggestions Sadie & Kirtal

 

[Charles Smith]

Sadie,

Thank you for your help finally resolved the problem
with your help. I was able to "F2" at the attempt to boot
and get the bios screen and then "alt-p" to the page that
shows the boot device and highlight the "cd drive" and "U"
till it was the top device and then "esc" and "change and
save" and "enter". Then I rebooted using the cd that came
with the laptop and after a long process I was able
to "repair and reload the windows system" this doesn't
effect the programs or files just thw windows operating
system. I then enabled ICF and downloaded McAfee and MS
updates with no trouble other than 8 hrs time as there
were 17 updates at 28k. That is quite a change from win95
or win98 I may have to buy a copy and upgrade mine. I also
bought a copy of Curt Simmons "Windows XP Secrets" It is
well worth the price.
Chuck Smith
Sturgeon Bay, WI.