Sasser - there or not??

  • Thread starter Thread starter Mogweed
  • Start date Start date
M

Mogweed

A friend has (I think) got the Sasser worm. The process lsass.exe crashes
and windows displays an alert then shuts the machine down (reboots) one
minute later. However, on running the Sasser removal tool (FxSasser.exe)
available from Symantec, it says the worm was not found, so, do you reckon
he has it or not? And if so, how do we remove it?

Cheers,

Mogweed.
 
Mogweed said:
A friend has (I think) got the Sasser worm. The process lsass.exe crashes
and windows displays an alert then shuts the machine down (reboots) one
minute later. However, on running the Sasser removal tool (FxSasser.exe)
available from Symantec, it says the worm was not found, so, do you reckon
he has it or not? And if so, how do we remove it?

Cheers,

Mogweed.
Click to expand...

I should have said that he is definitely turning off system restore first
before running the removal tool.

Mogweed.
 
To be Sasser it would provide a 60sec timer shutdown with the code # -1073741819 --
http://vil.nai.com/vil/content/v_125007.htm If it is just a LSASS error with an immediate
shutdown, it is not the Sasser.

I have seen several threads in the Microsoft XP General News Group with similar failures.
It may be associated with a MS HotFix that didn't install correctly.

You can test/clean your friend's PC using McAfee Stinger -- http://vil.nai.com/vil/stinger/

--
Dave




| A friend has (I think) got the Sasser worm. The process lsass.exe crashes
| and windows displays an alert then shuts the machine down (reboots) one
| minute later. However, on running the Sasser removal tool (FxSasser.exe)
| available from Symantec, it says the worm was not found, so, do you reckon
| he has it or not? And if so, how do we remove it?
|
| Cheers,
|
| Mogweed.
|
|
 
David H. Lipman said:
To be Sasser it would provide a 60sec timer shutdown with the code
# -1073741819 --
http://vil.nai.com/vil/content/v_125007.htm If it is just a LSASS error
with an immediate
shutdown, it is not the Sasser.

I have seen several threads in the Microsoft XP General News Group with
similar failures.
It may be associated with a MS HotFix that didn't install correctly.

You can test/clean your friend's PC using McAfee Stinger --
http://vil.nai.com/vil/stinger/
Click to expand...

Thanks for that Dave. It definitely does show a 60 second shutdown timer,
counting down from 60, although I'm not sure of the code. I'll give the
McAfee Stinger a try as you suggest.

Cheers,

mogweed.
 
Back
Top