Oh crap, watch out for the Sasser worm!

Discussion in 'Computers' started by Gary->dee, May 2, 2004.

  1. Gary->dee

    Gary->dee Screenwriter

    Joined:
    Feb 14, 2003
    Messages:
    1,923
    Likes Received:
    1
    Yesterday evening while using my new notebook computer and attempting to connect to the internet the following box would repeatedly appear on my screen:
    [​IMG]

    I thought, SHIT! I just bought this damn thing and I'm already having problems?? I couldn't download any Microsoft updates because every time I tried connecting the box would appear and give the dreaded countdown to shut down. Finally I wisened up and used the Windows XP restore method in which I could restore my computer back to a certain point in time before I experienced the problem. Once I did that and everything worked fine again I hit Microsoft's site hard and downloaded a bunch of critical/security updates. The problem seemed to be solved.

    I was just looking around Yahoo and lo-and-behold, what I experienced was a wicked worm called the Sasser which is apparently spreading like wildfire, especially to unprotected laptops like mine.

    So be warned and read up if you think you've been hit or have the chance.

    Yahoo's story on Sasser worm.

    What you should know about the worm
     
  2. Scott_MacD

    Scott_MacD Supporting Actor

    Joined:
    May 13, 2001
    Messages:
    760
    Likes Received:
    0
    I know there's a command which stops the shutdown countdown long enough to get the required updates.. To stop those pesky reboots try:
    [*]Clicking the start menu[*]Select Run... [*]In the requester type "shutdown /a" (minus the quotes)[/list]That should abort the shutdown and give you enough time to install patches.

    If the countdown starts again, repeat as neccessary
     
  3. Ricardo C

    Ricardo C Producer

    Joined:
    Feb 14, 2002
    Messages:
    5,059
    Likes Received:
    0
    I already patched my system, updated my virus scanner, and my firewall.

    Meanwhile, my brother, whose PC fell victim to Blaster a while back, game me a "meh, I haven't gotten around to it" when I told him about Sasser. I know it's mean, but I hope the little shit gets a scare. Nothing serious, but enough to make him take better care of his (much more expensive than mine) PC.
     
  4. Gary->dee

    Gary->dee Screenwriter

    Joined:
    Feb 14, 2003
    Messages:
    1,923
    Likes Received:
    1
    Thanks for the info, Scott. [​IMG]

    No doubt that I was hit by the worm. [​IMG]

    [​IMG]
     
  5. MikeH1

    MikeH1 Screenwriter

    Joined:
    Oct 25, 2000
    Messages:
    1,492
    Likes Received:
    0
    Its a good idea to go to microsofts website every couple of weeks or so just to check to see what new critical patches are released and what you need. Its easy to, just click on the "update pc", it scans your pc in seconds and lets you know what patches you have or do not have.

    Then download!
     
  6. Gary->dee

    Gary->dee Screenwriter

    Joined:
    Feb 14, 2003
    Messages:
    1,923
    Likes Received:
    1
    Yeah this incident has opened my eyes to the importance of the 'automatic updates' feature for Windows. I had turned it off because I didn't want to be bothered but now I realize that was a mistake. :b
     
  7. Mark Dubbelboer

    Mark Dubbelboer Screenwriter

    Joined:
    Oct 6, 1999
    Messages:
    1,008
    Likes Received:
    0
    i used to be wary of windows updates
    i thought, meh if it was important it would be in windows already

    Now i'm a windows update nazi. I check at least once a week just in case. There's a utility you can download that will use windows task scheduler to automatically tell you/download the latest updates but I hate clutter on my taskbar.
     
  8. Philip_G

    Philip_G Producer

    Joined:
    Nov 13, 2000
    Messages:
    5,030
    Likes Received:
    0
    this is a nasty mofo, it got a few workstations at work, and either it, or something else got one of their servers.
     
  9. Neal_C

    Neal_C Second Unit

    Joined:
    Mar 15, 2001
    Messages:
    476
    Likes Received:
    0
    Yea, my dad got this worm and I had to do tech support with him over the phone for about an hour. He couldn't download the patch from MS before his computer got shutdown, so I had him run antivirus (AVG) and it found 28 files. It could only clean 27 and the other it couldn't do anything with. I was puzzled for a minute, and then it popped in my head to have him pull up task manager. Sure enough there was a process in there utilizing 40 - 50% CPU useage...it was called AVSERV2.EXE. So I had him end that process and rerun antivirus. This time it found 8 files (so this process had corruped 7 more files in just a couple of minutes) and was able to clean them all. Then he got the security updates loaded and is back in business.

    I couldn't stress enough that he needed to keep XP and AVG up to date [​IMG]

    Neal
     
  10. Rob Gillespie

    Rob Gillespie Producer

    Joined:
    Aug 17, 1998
    Messages:
    3,632
    Likes Received:
    5
    A firewall should stop this, like with Blaster last year.

    Anti-Virus, Patch, Firewall. No excuses.


    It's easier just to subscribe to Microsoft's email bulletin which will get sent out every time they release a new patch. Patches typically get released on the 10th-15th of each month but they'll put out ones at other times if required.
     
  11. Drew Bethel

    Drew Bethel Screenwriter

    Joined:
    Nov 22, 1999
    Messages:
    1,209
    Likes Received:
    0
    >>>Now i'm a windows update nazi
     
  12. Ted Lee

    Ted Lee Lead Actor

    Joined:
    May 8, 2001
    Messages:
    8,390
    Likes Received:
    0
    yep, it's in the SYSTEM applet in the control panel. the tab is called "automatic updates". just check the first box.
     
  13. Kris McLaughlin

    Kris McLaughlin Stunt Coordinator

    Joined:
    Jun 5, 2000
    Messages:
    235
    Likes Received:
    0
    oh for the love.... looks like I got this thing, too. Problem is, I'm unable to log in to windows to fix it. Any hints? Google has been no help so far.

    Also, my box that comes up is slightlty different than Gary's. Mine refers to the file 'services.exe' instead of 'lsass.exe'. Any thoughts?

    Man, I love my PowerBook even more today than I did yesterday.

    Thanks for any help!
     
  14. Gary->dee

    Gary->dee Screenwriter

    Joined:
    Feb 14, 2003
    Messages:
    1,923
    Likes Received:
    1
    I'm just guessing here but is it possible you can use a boot disk to boot your system up and/or start in safe mode? Then you might be able to access certain parts of your computer like possibly anti-virus software or get online for critical updates, etc.

    I wish I could be of further help but I'm not an Apple person. But I do feel for you Kris and I wish you luck! Hopefully someone else here more knowledgable can help you out if my suggestions don't work. [​IMG]
     
  15. JeremySt

    JeremySt Screenwriter

    Joined:
    Aug 19, 2001
    Messages:
    1,770
    Likes Received:
    14
    Real Name:
    Jeremy
    my uncle got it, and he has norton, but we cant seem to get rid of it. we run virus scan, and it finds nothing. also he is running dial up (a problem wich should be fixed soon)

    he is in the process of running windows update, hopefully that does something.

    Meanwhile, I have zippo antivirus programs, and have yet to be hit by any virus ever. (knock on wood)
     
  16. Rob Gillespie

    Rob Gillespie Producer

    Joined:
    Aug 17, 1998
    Messages:
    3,632
    Likes Received:
    5
    The only thing that will stop the machine keep getting reinfected is the MS04-011 patch.
     
  17. Philip_G

    Philip_G Producer

    Joined:
    Nov 13, 2000
    Messages:
    5,030
    Likes Received:
    0
    No, a firewall doesn't always stop it.
    it took them 20 hours to restore everything from the meyham this thing caused.
     
  18. Ted Lee

    Ted Lee Lead Actor

    Joined:
    May 8, 2001
    Messages:
    8,390
    Likes Received:
    0
  19. Kris McLaughlin

    Kris McLaughlin Stunt Coordinator

    Joined:
    Jun 5, 2000
    Messages:
    235
    Likes Received:
    0
    Well now that was weird... Looks like I may not have had the worm after all. Playing around w/ the PC, I got it to boot in safe mode & ran the norton removal tool, nothing was found. (!?)

    So I booted 'er up normally & all was fine. Ran the tool once more just to be sure, but nothing was found again.

    Oddly enough, I think something else was screwed up with the system that just happened to be giving me a nearly identical error message w/ reboot.

    Thanks for the info everyone, for one reason or another that PC seems to be working again.
     
  20. Rob Gillespie

    Rob Gillespie Producer

    Joined:
    Aug 17, 1998
    Messages:
    3,632
    Likes Received:
    5

    Well, the patch has been available since the middle of April so...
     

Share This Page