Sasser Worm

  • Thread starter Thread starter David
  • Start date Start date
D

David

Which patch should I download exactly to get rid of this
worm or to avoid this.




any help on this is muchly appreciated.

David
 
for windows 2000 :

Make sure u r have windows 2000 sp4
common to all 2000 / xo you have to install the patch 835732 and the sasser
removal tool from microsoft.com which is "Windows-KB841720-ENU.exe"

that should do it...


this is to remove the worm and the problem computes shutting down...
 
Which patch should I download exactly to get rid of this
worm or to avoid this.
Click to expand...

Also, your firewall should block the attack vector port. In fact
ports 137-139 should always be blocked anyway, and are by defaiult in
the XP firewall and most other firewall products.

Jeff
 
Hi David,

Removing the Sasser worm is a four step process:

First, unplug the network cable from the machine. If it is a dial-up
connection, be sure you are not connected to the internet while peforming
steps 1 and 2.

1. DISABLE THE VIRUS CURRENTLY RUNNING ON THE COMPUTER
a. Open Task Manager
b. Click the Processes tab
c. Click on the first column heading to sort the process list
alphabetically for easy searching
d. Look for the following processes.
- end with _UP.EXE
- start with AVSERV
- HKEY.EXE
- MSIWIN84.EXE
- WMIPRVSW.EXE
e. If you locate one or more of these processes, please click on it
one time to highlight it, then click on the End Process button, then click

yes on the warning to end it.
(NOTE: DO NOT end task on WMIPRVSE.EXE, it is NOT a virus)

2. If you are using windows XP, enable internet connection firewall
(Control Panel --> Network Connectons --> dial-up/LAN connection
properties --> advanced).

If you are using Windows 2000, stop the server service temporarily (cmd
--> net stop server /y)

3. Now you can plug the network cable back on/dial-up and connect to the
internet.
DOWNLOAD AND INSTALL the MS04-011 PATCH
a. Go to this page:
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
b. Click the DOWNLOAD button on the right side and choose to save
this file to your desktop
c. Once the file has downloaded, disconnect from the Internet
(optional) and double click the file
d. This will install the security update and your computer will
restart once it is complete.

This will get the newer files in place and prevent further infection from
this particular virus.

4. RUN THE SASSER REMOVAL TOOL
a. When the computer comes back up, connect to the Internet again
b. Go to this page: http://www.microsoft.com/downloads
c. Scroll down to "Sasser (A-D) Worm Removal Tool (KB841720)"
d. Click the DOWNLOAD button on the right side and choose to save
this file to your desktop
c. Once the file has downloaded, double click the file
d. This will run the Sasser removal tool and clean the system of the
Sasser worm

Once these steps are completed, you should be good to go.

HTH

Ashok
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top