What to do if your computer has been infected by Sasser Thread poster: LJC (X)
| LJC (X) France Local time: 00:37 French to English + ...
For those who think they've got the Sasser virus, follow Microsoft's instructions at http://www.microsoft.com/security/incident/sasser.asp From this page, you can scan your computer for the virus to see if you've got it, and also check your firewall and security update status (which are automatically adjusted if necessary). | | | What to do if your computer has been infected by Sasser | May 9, 2004 |
Hi Lesley, What are the symptoms? Kim | | | LJC (X) France Local time: 00:37 French to English + ... TOPIC STARTER
Apparently, Sasser only infects Win 2000 and XP. According to Microsoft, one of the symptoms is that the operating system keeps shutting down, but the computer I am trying to sort out doesn't have that problem. This computer is at my local 'mairie' and is open to the public for Internet access, although not many people use it. It is less than a month old and was working normally about a week ago. The computer is working painfully slowly, no Internet sites can be access... See more Apparently, Sasser only infects Win 2000 and XP. According to Microsoft, one of the symptoms is that the operating system keeps shutting down, but the computer I am trying to sort out doesn't have that problem. This computer is at my local 'mairie' and is open to the public for Internet access, although not many people use it. It is less than a month old and was working normally about a week ago. The computer is working painfully slowly, no Internet sites can be accessed, but sending and receiving e-mails is possible. Word opens but doesn't work as it should (I didn't try any other programs). Now I'm a bit prehistoric when it comes to computer problems but there's no-one else to sort this out quickly so I'm trying to do what I can to help. I ran the antivirus first and it found the Welchia E worm, which I quarantined. I then tried to update the antivirus but the files wouldn't all download. As I still couldn't access any site to do an online virus scan or repair, I searched the Net from my computer at home. I found a virus removal program called called Stinger (made by McAfee) at http://vil.nai.com/vil/stinger/ which I downloaded and then burned onto a CD. I ran this on the computer at the 'mairie' and it found 29 files infected with the Sasser worm, which I deleted. After that,I did manage to access a couple of sites, but it was extremely slow and didn't last long before I couldn't access any sites again. I went back home to do some more research on this Sasser thing that I'd never heard of, only to find that half the world seems to be infected! I've printed out the instructions on the Microsoft site and will try them out on Monday. I will then check the firewall and update the antivirus. My own computer (XP) hasn't been infected and I think it may be because my firewall is activated. If anyone else has anything useful to add I would be very interested, as this is the first virus-infected computer I've ever had to deal with. ▲ Collapse | | | Natalie Poland Local time: 00:37 Member (2002) English to Russian + ... MODERATOR SITE LOCALIZER Hi Lesley, maybe this information could help: | May 9, 2004 |
SOPHOS ISSUES FREE REMOVAL TOOL FOR SASSER WORM Sophos has released a free removal tool which disinfects computers infected by the fast-spreading Sasser internet worm (W32/Sasser-A and W32/Sasser-B). The Sasser worm does not spread via email, but exploits a critical security vulnerability in versions of Microsoft Windows. If you are infected by the Sasser worm and wish to download the free removal tool, or want more info... See more SOPHOS ISSUES FREE REMOVAL TOOL FOR SASSER WORM Sophos has released a free removal tool which disinfects computers infected by the fast-spreading Sasser internet worm (W32/Sasser-A and W32/Sasser-B). The Sasser worm does not spread via email, but exploits a critical security vulnerability in versions of Microsoft Windows. If you are infected by the Sasser worm and wish to download the free removal tool, or want more information about the Microsoft security vulnerability it exploits, visit: http://www.sophos.com/virusinfo/articles/sasser.html Further information from Microsoft about the Sasser worm and the security vulnerability can be found at: http://www.microsoft.com/security/incident/sasser.asp http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx Home users who do not know if their computers are running the latest Microsoft security patches should visit the Microsoft WindowsUpdate website: http://www.windowsupdate.microsoft.com PCs which are secured behind properly configured firewalls should not be affected by the Sasser worm. More info can be found at http://www.sophos.com/
[Edited at 2004-05-09 22:03] ▲ Collapse | |
|
|
Ralf Lemster Germany Local time: 00:37 English to German + ... Win9x systems can be infected, too... | May 9, 2004 |
...as you found out on the system you're analysing. Apparently, Sasser only infects Win 2000 and XP. According to Microsoft, one of the symptoms is that the operating system keeps shutting down, but the computer I am trying to sort out doesn't have that problem. Close, but not quite correct: the various variants of the Sasser worm can infect Win9x/WinME systems, and can spread from there, but its payload won't be effective on these machines: the shutdown behaviour will only occur under Win2k/XP. This computer is at my local 'mairie' and is open to the public for Internet access, although not many people use it. It is less than a month old and was working normally about a week ago. The timing is suspicious, as Sasser was starting to spread last weekend. I ran this on the computer at the 'mairie' and it found 29 files infected with the Sasser worm, which I deleted. Did that program also remove the worm? After that,I did manage to access a couple of sites, but it was extremely slow and didn't last long before I couldn't access any sites again. The worm might well still be active, trying to spread by scanning other machines on the web. My own computer (XP) hasn't been infected and I think it may be because my firewall is activated. Spot on. More info, including a removal tool, is available from Symantec. Small consolation: the author of "Sasser" - an 18-year old college student from northern Germany - was arrested yesterday, and has admitted that he developed and spread the worm... HTH, Ralf | | | LJC (X) France Local time: 00:37 French to English + ... TOPIC STARTER Thank you Natalie and Ralph | May 9, 2004 |
Thanks for those very useful links Natalie, particularly the Sophos one with the removal tool. Hi Ralph, Thank you too. Ralf Lemster wrote: The timing is suspicious, as Sasser was starting to spread last weekend. I'm not sure about the exact timing. Did that program also remove the worm? I think so, Stinger says it is a virus/worm remover, not just a detector. The worm might well still be active, trying to spread by scanning other machines on the web. If the worm was removed, I suppose it's possible that the computer got re-infected almost immediately before I could download the patch from Microsoft. I didn't think to run the program again. Small consolation: the author of "Sasser" - an 18-year old college student from northern Germany - was arrested yesterday, and has admitted that he developed and spread the worm... I think his punishment should be to explain himself to every single person individually who has physically suffered through delays in medical treatment caused by his actions, and fully reimburse everyone who has suffered financial loss. Then the men in white coats can have him! Thanks again to you both, Lesley | | | To report site rules violations or get help, contact a site moderator: You can also contact site staff by submitting a support request » What to do if your computer has been infected by Sasser Anycount & Translation Office 3000 | Translation Office 3000
Translation Office 3000 is an advanced accounting tool for freelance translators and small agencies. TO3000 easily and seamlessly integrates with the business life of professional freelance translators.
More info » |
| Trados Studio 2022 Freelance | The leading translation software used by over 270,000 translators.
Designed with your feedback in mind, Trados Studio 2022 delivers an unrivalled, powerful desktop
and cloud solution, empowering you to work in the most efficient and cost-effective way.
More info » |
|
| | | | X Sign in to your ProZ.com account... | | | | | |