soleimanian 0 Report post Posted September 10, 2004 Name: SasserNick name: Sasser.A, Worm.Win32.Sasser.aSize: 15872All version of this worm attack by "MS04-011 (LSASS)". MS04-011 (LSASS) cause overrun buffer in Local Security Authority Subsystem Service. Related:1- this worm can run in Win 2000/Xp2- There isnât any security Patch.3- This worm cause connect to Internet without any Firewall.4- One of the characteristics of this worm is following file "C:\win.log",5- This worm make a traffic on the TCP,9996,445 and 5554 PortsTo remove this worm:1- go to following address and download anti worm, https://www.f-secure.com/en/web/home_global/products OR2- go to Microsoft update and download Microsoft patch MS04-011 OR3- Run Task Manager, close "avserve.exe", and delete AVSERVE.EXE from Windows Dir. Share this post Link to post Share on other sites
helix1405241470 0 Report post Posted September 10, 2004 Yep, ran into this a number of times. If you are running XP, you probably will want to disable system restore before you remove it (reenable it when you're done). Share this post Link to post Share on other sites
zarjay1405241470 0 Report post Posted September 13, 2004 Updated antivirus software should be able to detect it, right? I've always found AVG to be reliable enough in finding any king of intrusion to my computer. Share this post Link to post Share on other sites
Eric Straven 0 Report post Posted September 13, 2004 Antiviruses aren't always successful in removing these. You should use removal tools to remove fatal viruses like this ... Share this post Link to post Share on other sites
helix1405241470 0 Report post Posted September 14, 2004 Correct. My dad got bit by this virus because he is extremely computer illiterate and keeps turning off his virus scanner somehow. Anyway, he has a current and updated version of norton antivirus. It detected some files infected by sasser but could not clean/delete them due to the nature of the infected files and the virus. The cleaning programs will do some very low level things including cleaning memory, etc to make sure that there is no trace whatsoever of it remaining. Share this post Link to post Share on other sites
almoo7 0 Report post Posted September 17, 2004 This worm is quite annoying! Tsk, it really gave me a hard time when I tried to fix it in my dad's office PC. Dang! Good thing there are articles in the net about fixing things. I found this - https://www.microsoft.com/en-us/security/default.aspx - Well, it provides some protection against the worm but the article is focused on Windows users. Share this post Link to post Share on other sites
asimrsiddiqui 0 Report post Posted September 18, 2004 Microsoft also provides security updates called hot fixes . Share this post Link to post Share on other sites
gokul1405241470 0 Report post Posted September 19, 2004 seems that I am the only lucky ***** who newer cought up with a worm or a VIRUS .. :)I have been on internet for allmost 2.5 yrs now on my Personal PC .. and am online most of the times .. :)I still newer used a firewall software or even an antivirus software .. I think all u need to do is be aware of wat u r doing on net and u will newer catch up with one Share this post Link to post Share on other sites
