Re: Sasser: oldie but goodie

On Mar 6, 3:48 pm, "David H. Lipman" <DLipman~nosp...@xxxxxxxxxxx>
wrote:
From: "Duh_OZ" <ozzy.ko...@xxxxxxxxx>

| Had two dead motherboards (bad batch of Dell GX270s) replaced today
| and both machines got hit with the Sasser virus. Guess I better get a
| firewall to protect me from the corporate firewall? Tech did the
| work so didn't have the pleasure with dealing with it.
|
| I tried to check on windoze updates (running XP) on both the new
| motherboard machine and an old one. Friigen computers can't even
| connect to the update page. What a system LOL. Another box I am
| currently using the multi-av tool, just to be sure all is okay :0)

Ozzy:

Just need to know...

Is this TRULY a Sasser worm or was it another worm that was using the buffer overflow
explotation in LSASS via TCP port 445 ?

--
Alas I wasn't in there to see anything in action but I did see he ran
the Symantec W32.Sasser removal tool (and told me both got hit with
Sasser).

The Multi-AV just finished before I left and a very quick look at the
log showed a Zapchast and a trojan downloader was on the computer
(which have a trend-micro client).

I'll look at the file names and see if they have a match on the other
computer. I *think* one was c.bat(zapchast) in the /system folder.

Now, can I install multi-av on the other computer. I was able to do
it on the one as the tech hadn't signed off (us workers have no
administrative rights on the XP boxes). It's not that I don't trust
big brother to protect me, it's I just don't trust big brother to
protect me LOL.


.

Relevant Pages

  • Re: Sasser: oldie but goodie
    ... today and both machins got hit with the Sasser virus. ... You had 2 Dell machines (new? ...
    (alt.comp.anti-virus)
  • Re: Sasser: oldie but goodie
    ... today and both machins got hit with the Sasser virus. ... You had 2 Dell machines (new? ...
    (alt.comp.anti-virus)
  • Re: Lsass.exe error no Sasser
    ... Sasser has new variants that your system cannot detect yet... ... Update windows, update your antivirus. ... On standalone machines when I've gotten ... >> that error before, a Repair Install at the very least was required, and ...
    (microsoft.public.windowsxp.general)
  • Re: Sasser related Problem?
    ... This doesn't sound like Sasser. ... Are your machines behind a Nat/router, ... Since it works fine in Safe mode, the likelyhood is that some sort of driver ... symptom comes back--perhaps one of the startup items is hanging. ...
    (microsoft.public.security.virus)
  • Re: Isass.exe terminated unexpectedly with status code 128
    ... You are hit by sasser. ... Sasser Worm but all of this started yesterday. ... on one of the machines before shutdown that read: " The system process ... The system will now shutdown and restart." ...
    (microsoft.public.win2000.security)