Results 1 to 18 of 18
  1. #1
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    A nasty new worm is doing the rounds on the web, exploiting Windows 2000/XP/NT machines with a security vulnerability announced two weeks ago.

    See: http://www.f-secure.com/v-descs/sasser.shtml
    http://www.sophos.com/virusinfo/anal...32sassera.html

    I'm getting probes from this worm on my firewall every 10 minutes or so. A firewall should give you some protection, but you need to ensure that your security patches are all up to date by visiting http://windowsupdate.microsoft.com/ right now if you haven't updated recently.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  2. #2
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    767
    It got my computer yesterday, but luckily it's easy to get rid of it.
    It was using 80 - 100% of the CPU and the computer had to restart twice before I realized something bad was going on...

  3. #3
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    It's not too destructive.. but you reaaaally need to get a decent firewall

    I use ZoneAlarm on my XP box which is pretty good. You should probably set those Windows update things to be automatic too.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  4. #4
    Web Ho - Design B!tch ~Michelle's Avatar
    Join Date
    January 18th, 2005
    Location
    Michigan
    Posts
    2,040
    I used to run zone alarm on my Win 98 machine, but when I moved up to XP Pro I was told I didn't need to mess with Zone Alarm since XP Pro has a firewall built into it.

    Is that true? I have ran my XP Pro for the past year+ and haven' had a problem yet.
    ~Michelle
    "All I ask is a chance to prove that money can't make me happy."
    "Work to become, not to acquire." -- Confucius

  5. #5
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    XP has a basic but fairly useful firewall in.. but it's turned off by default.

    You need to go into the Control Panel, switch to "Classic View" open "Network Connections" find the relevant network connection, right-click and then select "Properties" then click on the "Advanced" tab and ensure that the "Protect my computer etc etc" tick box is TICKED. Simple, huh?

    Seriously, ZoneAlarm is hugely better, but the Windows XP one is better than nothing.

    There's a useful and simple guide to making your PC secure here - http://www.sans.org/rr/papers/index.php?id=1298 - it's especially useful if you're just getting a new PC "out of the box".
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  6. #6
    Web Ho - Design B!tch ~Michelle's Avatar
    Join Date
    January 18th, 2005
    Location
    Michigan
    Posts
    2,040
    Yep, it's turned on. That is one of the first things I did after building this machine.

    I do have one more question that maybe someone could answer.

    I have always been under the impression that if you have your computers networked together and share an internet connection, even if the "server" is firewall protected, you should protect the other computers on the network also.

    I was told as long as my machine (server) is firewall protected, that protection will carry over to all the other machines on my network.

    Which is correct?
    ~Michelle
    "All I ask is a chance to prove that money can't make me happy."
    "Work to become, not to acquire." -- Confucius

  7. #7
    ABW Ambassador Packy's Avatar
    Join Date
    January 18th, 2005
    Location
    Syracuse
    Posts
    4,205
    Irma,
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>It got my computer yesterday, but luckily it's easy to get rid of it. <HR></BLOCKQUOTE>
    Do ya wanna share I just spent a couple of hours on my Aunts computer trying to get her going again. She keeps getting the lsiss.exe which keeps restarting the computer

    So far, here is what I did with no success I downloaded the fix that Symantec has for the Sasser Worm. She has so much stuff that loads at start up that I have no time to do anything in regular mode because the reboot count down starts right up, so I started the comp in Safe Mode. Then I ran the fix from Symantec which didn't find anything related to the worm. When I do a control, alt delete in XP there is nothing that indicates the virus. She has McAfee which I have setup to auto-update so that should be up to date. I ran Mcafee in safe mode and that also came up with nothing. Unfortunately, I can't get to Microsoft for any of the updates on her comp because in safe mode you can't connect to the internet I also ran ad-aware6 in safe mode and still nothing shows up. Any suggestions??? From what I am reading on the net, others are having similar problems with nothing being detected. Thanks
    The Answer to the New York Tax Law - Repeal, REPEAL, REPEAL -

    Camping Gear and Equipment

  8. #8
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    767
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR> Do ya wanna share I just spent a couple of hours on my Aunts computer trying to get her going again. She keeps getting the lsiss.exe which keeps restarting the computer <HR></BLOCKQUOTE>
    I used the step by step instructions for manual removal from Symantec. I didn't download any fixes... maybe that was the difference. It worked right away. Do try the manual removal!

  9. #9
    Newbie
    Join Date
    January 18th, 2005
    Posts
    24
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>She has so much stuff that loads at start up that I have no time to do anything in regular mode because the reboot count down starts right up <HR></BLOCKQUOTE>

    How about reducing her start up programs through the start menu and/or registry? Can you do this in safe mode?

    Here's a place in the registry to look:
    HKEY_CURRENT_USER--&gt;Software--&gt;Microsoft--&gt;Windows--&gt;Current Version--&gt;Run

    You can modify the entries and change them back later.


    --------------
    Randy Carey, Affiliate Manager
    http://www.shareasale.com/shareasale...erchantID=5302
    http://shop.norcrossmarine.com
    16% | non-expiring cookies | datafeeds | anti-parasite

  10. #10
    ABW Ambassador mousejockey's Avatar
    Join Date
    January 18th, 2005
    Posts
    2,494
    Just got hit by a Trojan luckily AVG took care of it...
    Why can't these ratbags find a hobby like bungy jumping without the rubber or skydriving without a parachute

  11. #11
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Haven't been hit by it yet, but I have manually patched over 170 PCs today to make sure
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  12. #12
    ABW Ambassador Packy's Avatar
    Join Date
    January 18th, 2005
    Location
    Syracuse
    Posts
    4,205
    Irma,
    <BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR> I used the step by step instructions for manual removal from Symantec. I didn't download any fixes... maybe that was the difference. It worked right away. Do try the manual removal! <HR></BLOCKQUOTE>
    Thanks, thats in the plans for later today. Hopefully that will do the trick. I'm one who doesn't mind screwing around with stuff on my comp, but get a little nervous playing around with someone elses So far I haven't messed anyones comp up TOO much

    Norcros, thanks, thats probably worth checking out.

    MJ, I think a mandatory 10 years in Prison would do the trick. Maybe that would discourage some others from doing the same thing.

    Dynamoo, smart!!! I think the problem with this worm is that there are several versions of it and it sneaks by all the virus protections other than the firewalls. You would think MSoft would fricking learn by now
    The Answer to the New York Tax Law - Repeal, REPEAL, REPEAL -

    Camping Gear and Equipment

  13. #13
    ABW Ambassador lola's Avatar
    Join Date
    January 18th, 2005
    Location
    Winnipeg, Mb
    Posts
    566
    My zone alarm cd is buried under all the crap on my desk somewhere

  14. #14
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    Worms spread a *lot* faster than virus signatures.

    Moo's holy trinity of PC security is - patch regularly + have a decent AV program that updates at least once a day + a good firewall.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  15. #15
    ABW Ambassador mousejockey's Avatar
    Join Date
    January 18th, 2005
    Posts
    2,494
    10 years sounds good Packster...without access to a computer, that'll fix them

    Just for the record, my Windows Updater is set to auto, my antivirus auto-updates daily, and I run a firewall.
    The patch Microsoft is recommending,I already had it... so don't know how I picked it up

  16. #16
    ABW Ambassador Packy's Avatar
    Join Date
    January 18th, 2005
    Location
    Syracuse
    Posts
    4,205
    Lol MJ,
    Hell aweek without the comp would even get them going through the withdrawal syptoms.

    Well 2 more hours today and I am no further than I was before. I tried the manual removal but the only problem was is that there are no files that they are talking about to remove I looked for;

    Click Start, and then click Run. (The Run dialog box appears.)
    Type regedit

    Then click OK. (The Registry Editor opens.)


    Navigate to the key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run


    In the right pane, delete the value:

    "avserve.exe"="%Windir%\avserve.exe"


    Exit the Registry Editor.

    Unfortunately no file avserve.exe to be found. It's not in the Windows folder either. I did notice that the sasser-D has different a different name so I am going to head over and see if I can see that anywhere. If not the comp is going out the door %$(&)&&^%$%^. Who knows, maybe it's not the virus and something else is making the lsass.exe to reboot the comp. Man I have a headache Be back in a bit, yea right, more like a couple of hours.
    The Answer to the New York Tax Law - Repeal, REPEAL, REPEAL -

    Camping Gear and Equipment

  17. #17
    ABW Ambassador mousejockey's Avatar
    Join Date
    January 18th, 2005
    Posts
    2,494
    Packy sorry to hear about your problems, are you using AVG, you can get it at:
    http://www.grisoft.com/us/us_index.php

    They also have a free version with all the bells and whistles.

    Here's some info from their site about the top threats right now:
    http://www.grisoft.com/us/us_vir_tt.php

    Best of luck with removing it

  18. #18
    ABW Ambassador Packy's Avatar
    Join Date
    January 18th, 2005
    Location
    Syracuse
    Posts
    4,205
    Thanks MJ She has mcafee on her comp which has worked goo to date so far. I think I finally whipped the little bastard, what ever it was. Well ok it kicked my butt but I think it is all good to go. I finally was able to download and install the patches that MS had out The problem was that the lsass.exe would keep coming up right away so everytime I tried to download and update it I wouldn't have enough time before the comp rebooted. After I don't know how many tries I made it by about 7 seconds, lol. What a Pita.
    For some reason once the update was installed it seemed to be the fix also.

    I'm still confused as to why there weren't any of the worms files on her computer. No where!!! My guess is that the port was open and maybe her comp kept just getting hit from the port but nothing was being put on her computer. Is that a likelyhood. Any ideas from you techies out there??? Anyways, I hope it's fixed now and thanks for the suggestions all. It's always appreciated
    The Answer to the New York Tax Law - Repeal, REPEAL, REPEAL -

    Camping Gear and Equipment

  19. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Virus Alert
    By oranges in forum Midnight Cafe'
    Replies: 0
    Last Post: October 15th, 2008, 02:09 PM
  2. Virus/Worm Sent to My CJ Address
    By kea12345678 in forum Commission Junction - CJ
    Replies: 1
    Last Post: August 30th, 2005, 08:20 PM
  3. Virus Alert
    By heisje in forum Midnight Cafe'
    Replies: 0
    Last Post: December 30th, 2002, 05:13 PM
  4. VIRUS FROM WINDOWS UPDATE???
    By 807 in forum Midnight Cafe'
    Replies: 4
    Last Post: May 2nd, 2002, 11:30 AM
  5. Virus Alert
    By Guffy in forum Midnight Cafe'
    Replies: 2
    Last Post: April 13th, 2002, 12:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •