soleimanian
Sep 10 2004, 06:05 PM
| | Name: Sasser
Nick name: Sasser.A, Worm.Win32.Sasser.a
Size: 15872
All version of this worm attack by "MS04-011 (LSASS)".
MS04-011 (LSASS) cause overrun buffer in Local Security Authority Subsystem Service.
Related:
1- this worm can run in Win 2000/Xp
2- There isn’t any security Patch.
3- This worm cause connect to Internet without any Firewall.
4- One of the characteristics of this worm is following file "C:\win.log",
5- This worm make a traffic on the TCP,9996,445 and 5554 Ports
To remove this worm:
1- go to following address and download anti worm, http://www.f-secure.com/tools/f-sasser.zip
OR
2- go to Microsoft update and download Microsoft patch MS04-011
OR
3- Run Task Manager, close "avserve.exe", and delete AVSERVE.EXE from Windows Dir. |
Comment/Reply (w/o sign-up)
helix
Sep 10 2004, 10:28 PM
Yep, ran into this a number of times. If you are running XP, you probably will want to disable system restore before you remove it (reenable it when you're done).
Comment/Reply (w/o sign-up)
zarjay
Sep 13 2004, 02:40 PM
Updated antivirus software should be able to detect it, right? I've always found AVG to be reliable enough in finding any king of intrusion to my computer.
Comment/Reply (w/o sign-up)
Eric Straven
Sep 13 2004, 02:53 PM
Antiviruses aren't always successful in removing these. You should use removal tools to remove fatal viruses like this  ...
Comment/Reply (w/o sign-up)
helix
Sep 14 2004, 09:51 PM
Correct. My dad got bit by this virus because he is extremely computer illiterate and keeps turning off his virus scanner somehow. Anyway, he has a current and updated version of norton antivirus. It detected some files infected by sasser but could not clean/delete them due to the nature of the infected files and the virus. The cleaning programs will do some very low level things including cleaning memory, etc to make sure that there is no trace whatsoever of it remaining.
Comment/Reply (w/o sign-up)
almoo7
Sep 17 2004, 12:02 PM
This worm is quite annoying! Tsk, it really gave me a hard time when I tried to fix it in my dad's office PC. Dang! Good thing there are articles in the net about fixing things. I found this - http://www.microsoft.com/security/incident/sasser.mspx - Well, it provides some protection against the worm but the article is focused on Windows users.
Comment/Reply (w/o sign-up)
asimrsiddiqui
Sep 18 2004, 12:07 PM
Microsoft also provides security updates called hot fixes .
Comment/Reply (w/o sign-up)
gokul
Sep 19 2004, 11:20 AM
seems that I am the only lucky ***** who newer cought up with a worm or a VIRUS .. I have been on internet for allmost 2.5 yrs now on my Personal PC .. and am online most of the times ..  I still newer used a firewall software or even an antivirus software .. I think all u need to do is be aware of wat u r doing on net and u will newer catch up with one
Comment/Reply (w/o sign-up)
Similar Topics
Keywords : recognize, remove, sasser, internet, worm
- Storm Worm Adds Millions Of Computers To Botnet
(0)
New Internet Explorer 7 And Fire Fox 2 Bug Is Out
(3) This is a nasty new bug and right now only the blame game is being played while people are trying to
figure out this exploit that is high level, to check out it read my post on trap17 about it right
Here .....
New Virus? Uglyhuman Msn Virus
A worm that isn't in the virus definitions yet? (29) Have you ever gotten a message from your friends that say something like this: its you on this
photo http://uglyhuman.net/photo***.php I have received that from at least 3 people. Without
knowing what it was (and the surprise from the domain name with the message /tongue.gif"
style="vertical-align:middle" emoid=":P" border="0" alt="tongue.gif" />), I clicked on the link and
Firefox prompted me to download a file. It was a COM file so I thought that was strange. I rechecked
the URL it was a PHP web page, so I assumed it was telling me to download the photo, so I open....
Spyware 3721
how to remove 3721? (7) i have a problem, my company computer being infected by a spyware name 3721, it is a chinese spyware
which make my internet explorer. a lot of chinese link. i would like to know that how we can remove
it? wheather it is a dabgerous spyware? how to advoid? i dont know how it infect my PC, i am using
AVG antivirus free eddition. thanks....
Yahoo Group Worm
Worm infecting Yahoo Group users through attachment. (7) Those of you who use Yahoo Groups may or may not have already heard this, but about three days ago,
I received an update from one of the groups I am a member of. Inside this notice I found two "New
Graphic Site" messages and one "Virus Warning". The previous two came with attachments. Luckily, I
read the virus warning first before opening them. In the virus warning was this piece of advice:
QUOTE Just a quick warning to members about a virus that is sweeping Yahoo groups. It contains a
number of attachments and the subject line reads "New Graphic Site". Don�....
Asta Worm ALERT: Exploit.Win32.WMF-PFV Trying To Infect
(4) WARNING: To all members While browsing the forums, you might face a strange pop-up asking
you to download a .wmv file. DO NOT download and/or try to play this. The pop-up looks somewhat like
this (provided by Dha: I believe this is being spread through one of the Ads displayed at Asta.
Some guy has this worm embedded in his ads - that's the only logical explanation I can find..
Different anti-virus might identify it with different names - but essentially, it's a variant of
the following worm. Most likely it's coming from an ad of taalkzforum.....
Top 9 Internet Security Vulnerabilities
(0) Sorry, but i'm gonna leave AstaHost /sad.gif" style="vertical-align:middle" emoid=":("
border="0" alt="sad.gif" /> , and I need this post to other forum!!!! /tongue.gif"
style="vertical-align:middle" emoid=":P" border="0" alt="tongue.gif" /> Stay well.....
Files Recovery Overwritten By Blackmail Worm
Files recovery overwritten by Blackmail (1) I have an HDD 40 GB all of its MS Word, excel and PP files and Acrobat Reader files have been
overwritten by the Blackmail Worm on 3rd Feb 2006.. Any suggestions for recovery the overwritten
files....
Worm Found In Zen Neeons?
(4) I do not wish to copy the whole article so I'll post the link and summarize it here:
http://www.pcmag.com/article2/0,1895,1854769,00.asp PC magazine has reported that Creative's
Zen Neeon released from a company factory in late July contained a Windows Worm. The name is
W32.Wullik.B Although this worm itself is not exactly harmful, it is proven that worms and viruses
can now be transfered and hacked through company mainframes. This a serious problem because it could
pose a threat to future developments. More hackers would try to modify the worm or create thei....
Worm Alert - W32.zotob.a
new worm to hit Windows PCs (8) A new worm has been detected by multiple antivirus and security specialists. It's called ZOTOB
and is exploiting security holes that have been earlier highlighted in Microsoft Security Bulletin
MS05-039 . The worm affects Win2000 systems and newer. Win 98, ME etc. are not currently thought to
be at risk although, one must always keep the holes plugged. Details regarding what it does exactly
and removal instructions can be found at Symantec's site and also at Microsoft's ZOTOB
Advisory page The hole allowing Zotob to infect and spread can be fixed by i....
New Version : Virus Sober Q
What's rong with internet ? (1) This new Virus Sober.Q is automaticly loaded by the computer from prevoius versions of Sober.Virus .
this virus manifest him self in germany and works like a SPAM , that it's not a spam by default
but he can be in few time. Protect your self :::: Cheers ! Update you Anti-Virus....
Worm Nopir-b - Delete Mp3 Files
watch out ! (0) The Worm Nopir-B spreads in nets of allotment of filing-cabinets (P2P) and erases MP3. according to
British company, Sophos, the Nopir-B will have been created in France. The invader is offered as
being a tool to copy DVD. When executed, it shows an image with messages against the piracy and
tries to erase all the joined filing-cabinets mp3 in the computer. The desactiva Nopir also
utilitarian of the operative system as the access to the Manager of Tasks, the Panel of Control and
the Register.....
Worm Sober It's Back
(3) It comes by email watch out this little ******f*cker You may receive an email with this subject :
"I've got your e-mail on my account" . Inside there are this file : Your_text.zip DONT OPEN
This Virus affects all the Operative Systems Take care....
New Internet Explorer Exploit!
(7) The past day 12, Microsoft published another new bulletin of security: MS05-020 . This time is a
remote code execution. The immediate update is advised, due to being a critical bug. First exploit
already has published it SkyLined /mad.gif" style="vertical-align:middle" emoid=":angry:"
border="0" alt="mad.gif" />....
Looking for recognize, remove, sasser, internet, worm
|
See Also,
*SIMILAR VIDEOS*
Searching Video's for recognize, remove, sasser, internet, worm
|
advertisement
|
|
