Sasser: oldie but goodie

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Had two dead motherboards (bad batch of Dell GX270s) replaced today
and both machins got hit with the Sasser virus.   Guess I better get a
firewall to protect me from the corporate firewall?   Tech did the
work so didn't have the pleasure with dealing with it.

I tried to check on windoze updates (running XP) on both the new
motherboard machine and an old one.  Friigen computers can't even
connect to the update page.   What a system LOL.   Another box I am
currently using the multi-av tool, just to be sure all is okay :0)


Re: Sasser: oldie but goodie


| Had two dead motherboards (bad batch of Dell GX270s) replaced today
| and both machins got hit with the Sasser virus.   Guess I better get a
| firewall to protect me from the corporate firewall?   Tech did the
| work so didn't have the pleasure with dealing with it.
|
| I tried to check on windoze updates (running XP) on both the new
| motherboard machine and an old one.  Friigen computers can't even
| connect to the update page.   What a system LOL.   Another box I am
| currently using the multi-av tool, just to be sure all is okay :0)

Ozzy:

Just need to know...

Is this TRULY a Sasser worm or was it another worm that was using the buffer
overflow
explotation in LSASS via TCP port 445 ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Sasser: oldie but goodie

wrote:
Quoted text here. Click to load it
Alas I wasn't in there to see anything in action but I did see he ran
the Symantec W32.Sasser removal tool (and told me both got hit with
Sasser).

The Multi-AV just finished before I left and a very quick look at the
log showed a Zapchast and a trojan downloader was on the computer
(which have a trend-micro client).

I'll look at the file names and see if they have a match on the other
computer.   I *think* one was c.bat(zapchast) in the /system folder.

Now, can I install multi-av on the other computer.  I was able to do
it on the  one as the tech hadn't signed off (us workers have no
administrative rights on the XP boxes).    It's not that I don't trust
big brother to protect me, it's I just don't trust big brother to
protect me LOL.



Re: Sasser: oldie but goodie



| Alas I wasn't in there to see anything in action but I did see he ran
| the Symantec W32.Sasser removal tool (and told me both got hit with
| Sasser).
|
| The Multi-AV just finished before I left and a very quick look at the
| log showed a Zapchast and a trojan downloader was on the computer
| (which have a trend-micro client).
|
| I'll look at the file names and see if they have a match on the other
| computer.   I *think* one was c.bat(zapchast) in the /system folder.
|
| Now, can I install multi-av on the other computer.  I was able to do
| it on the  one as the tech hadn't signed off (us workers have no
| administrative rights on the XP boxes).    It's not that I don't trust
| big brother to protect me, it's I just don't trust big brother to
| protect me LOL.
|

The reason why I ask is that the Sasser is pretty much dead and numerous other
Internet
worms have added that exploit in their infection vector arsenal.

I'd be interested in seeing those log files from the Multi AV Scanning Tool and
you can
install it but under a limited account, have little effectiveness.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Site Timeline