Hi. The sasser virus attacked my pc last month and I used the norton antivirus cleanup tool to remove it. Ever since the virus, the CPU usage is almost always at 100%, programs crash continually, and opening up web pages takes several minutes. I am considering reimaging my system. Not sure what other steps I can take to correct all of these issues. Any other ideas would be appreciated.
Sasser isn't the only virus attacking thru the LSASS vulnerability, and others,
known or unknown. Did you apply patches, and get a firewall or router? If not,
you're an open target for the later LSASS attacks, and for any later malware
(which will never cease).
Some authoritative websites do recommend rebuilding an infected computer. If
you have vulnerabilities, that may be the best recourse.
But PLEASE don't start without improving your protection, immediately, if not
sooner.
http://www.firewall-software.com/firewall_faqs/what_is_a_firewall.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;q321050
Hoping that you have already taken card of all that, let's continue.
Find out what process are taking 100% of cpu. Get Process Explorer (free) from
<
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml>. Provides way more
information than Task Manager. Will show so many details about any process.
Try one or more of these free online virus scans, which should complement your
current protection:
<
http://www.bitdefender.com/scan/license.php>
<
http://www.pandasoftware.com/activescan>
<
http://www.ravantivirus.com/scan/>
<
http://security.symantec.com/ssc/home.asp>
<
http://housecall.trendmicro.com/housecall/start_corp.asp>
Now check for, and learn to defend against, additional problems. Have you
downloaded these programs before? Download them again, as the latest version
may be needed to keep up with the current level of malware being attempted
constantly - get the absolutely most current version of each product listed.
They're all free - and most pretty small, so they download quickly enough.
Start by downloading each of the following free tools:
CWShredder <
http://www.majorgeeks.com/download4086.html>
CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
<
http://www.safer-networking.org/minifiles.html>
HijackThis <
http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix and WinsockLSPFix <
http://www.cexx.org/lspfix.htm>
Spybot S&D <
http://www.safer-networking.org/index.php?page=download>
Stinger <
http://us.mcafee.com/virusInfo/default.asp?id=stinger>
Install and run Stinger.
<
http://us.mcafee.com/virusInfo/default.asp?id=stinger>
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. Spybot S&D has an install routine - run it. The other
downloaded programs can be copied into, and run from, any convenient folder.
Start by closing all Internet Explorer and Outlook windows, and running
CoolWebSearchSmartKiller, then CWShredder. Have the latter fix all.
Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<
http://forums.spywareinfo.com/index.php?showtopic=227>
Finally, have your HJT log interpreted by experts at one or more of the
following forums (and post it, or a link to your forum post, here):
<
http://forums.net-integration.net/>
<
http://forums.spywareinfo.com/>
<
http://spywarewarrior.com/index.php>
<
http://forums.tomcoyote.org/>
<
http://www.wilderssecurity.com/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
