bookmark - How to recognize and remove Sasser Internet worm?

How to recognize and remove Sasser Internet worm?

 
 Discussion by soleimanian with 7 Replies.
 Last Update: September 19, 2004, 11:20 am
 
bookmark - How to recognize and remove Sasser Internet worm?  
    
free web hosting
 
Name: Sasser
Nick name: Sasser.A, Worm.Win32.Sasser.a
Size: 15872
All version of this worm attack by "MS04-011 (LSASS)".
MS04-011 (LSASS) cause overrun buffer in Local Security Authority Subsystem Service.
Related:
1- this worm can run in Win 2000/Xp
2- There isn’t any security Patch.
3- This worm cause connect to Internet without any Firewall.
4- One of the characteristics of this worm is following file "C:\win.log",
5- This worm make a traffic on the TCP,9996,445 and 5554 Ports

To remove this worm:
1- go to following address and download anti worm, http://www.f-secure.com/tools/f-sasser.zip

OR

2- go to Microsoft update and download Microsoft patch MS04-011

OR
3- Run Task Manager, close "avserve.exe", and delete AVSERVE.EXE from Windows Dir.

Fri Sep 10, 2004    Reply    New Discussion   


Yep, ran into this a number of times. If you are running XP, you probably will want to disable system restore before you remove it (reenable it when you're done).

Fri Sep 10, 2004    Reply    New Discussion   

Updated antivirus software should be able to detect it, right? I've always found AVG to be reliable enough in finding any king of intrusion to my computer.

Mon Sep 13, 2004    Reply    New Discussion   

Antiviruses aren't always successful in removing these. You should use removal tools to remove fatal viruses like this :)...

Mon Sep 13, 2004    Reply    New Discussion   


Correct. My dad got bit by this virus because he is extremely computer illiterate and keeps turning off his virus scanner somehow. Anyway, he has a current and updated version of norton antivirus. It detected some files infected by sasser but could not clean/delete them due to the nature of the infected files and the virus. The cleaning programs will do some very low level things including cleaning memory, etc to make sure that there is no trace whatsoever of it remaining.

Tue Sep 14, 2004    Reply    New Discussion   

This worm is quite annoying! Tsk, it really gave me a hard time when I tried to fix it in my dad's office PC. Dang! Good thing there are articles in the net about fixing things. I found this - http://www.microsoft.com/security/incident/sasser.mspx - Well, it provides some protection against the worm but the article is focused on Windows users.

Fri Sep 17, 2004    Reply    New Discussion   

Microsoft also provides security updates called hot fixes .

Sat Sep 18, 2004    Reply    New Discussion   

seems that I am the only lucky ***** who newer cought up with a worm or a VIRUS .. :)
I have been on internet for allmost 2.5 yrs now on my Personal PC ..
and am online most of the times .. :)
I still newer used a firewall software or even an antivirus software ..
I think all u need to do is be aware of wat u r doing on net and u will newer catch up with one

Sun Sep 19, 2004    Reply    New Discussion   

Quickly Post to How to recognize and remove Sasser Internet worm? w/o signup Share Info about How to recognize and remove Sasser Internet worm? using Facebook, Twitter etc. email your friend about How to recognize and remove Sasser Internet worm? Print
Reply / Comment Ask a Question? Share / Bookmark E-Mail a Friend Print

(5) Microsoft's security program manager... use firefox ????  Microsoft's security program manager... use firefox ????