windows xp

[garry]

friend has virus on computer, keeps shuting down.
comes up with, nt authority system c\windows\system32\ i
sass.exe. statuscode 1073741819. could anyone help to
correct this fault. thanks.

 

[Sadie]

Hello,

Try Norman's Sasser fix tool:

http://www.norman.com/norman_virus_information/14943/en

Sadie

 

[Sadie]

Read what I expected to read,first time round.Be
absolutely positive concerning the spelling!
IF it is isass.exe,this is applicable:

isass - isass.exe - Process Information
Process File: isass or isass.exe
Process Name: isass
Description: Virus added to the system as a result of
variant of the OPTIX PRO TROJAN that opens TCP port 3410
and allows a hacker to control an infected computer.
Company: N/A
System Process: No
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): Yes
Common Errors: N/A

Navigate to the location of isass.exe and delete the
file.Be certain it begins with i (eye) not l (elle).

DO NOT UNDER ANY CIRCUMSTANCES DELETE LSASS.EXE
(lsass.exe)This is a legitimate XP file.
Reboot after deleting OPTIX/isass.
Click start>run>type cmd
a command box will open.Type netstat -an into the command
line and press enter.Confirm that TCP port 3410 is
not "listening".

IF,on the other hand,the shutdown message
contains "lsass.exe"/"LSASS.EXE" (Not isass)the sasser
tool will take care of it.

Sadie

 

[Bruce Chambers]

Greetings --

Haven't seen a newspaper or news broadcast in the past week?

You've apparently contracted the latest worm, W32.Sasser.Worm,
specifically designed to attack people who do not update their
computers promptly and who do not practice "safe hex." In other
words, like Blaster, this worm was developed and distributed _after_ a
patch for the vulnerability was announced and made publicly available.
Further, and also like Blaster, this worm could not affect any
computer whose user had taken the basic precaution of using a properly
configured firewall.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH

 

[Sadie]

Careful,Bruce!
I fell into making that assuption,initially.
Re-read the initial post;the author typed "isass.exe".
Either a typo,or another kettle of fish..hence my second
posting.

Sadie

 

[Poindexter]

-----Original Message-----
friend has virus on computer, keeps shuting down.
comes up with, nt authority system c\windows\system32\ i
sass.exe. statuscode 1073741819. could anyone help to
correct this fault. thanks.
.
He got it. the notorius sass virus, new one to the

internet. everyone is talking about it. probably the only
thing he can do is go to a computer store and get the
patch for it. he might have to pay but some dealers just
want money

 

[Guest]

My friend
This can be caused by the existence of 3 viruses: SASSER, BLASTER and NETSKY together, already seen some cases of this and already I removed these more than 3 together ones of 100 computers. Verify this