- Virus
"W32.Sasser.Worm/W32.Sasser.B.Worm"same
as famous "BLUSTER Worm " has reappeared:
A
worm "W32.Sasser.B.Worm" infected office and home
computers in the US and quickly spread throughout the world
affecting OS released after Windows Me.
W32.Sasser.B.Worm is a variant of W32.Sasser.Worm.
It attempts to exploit the LSASS vulnerability described in
Microsoft Security Bulletin MS04-011, and spreads by scanning
randomly-chosen IP addresses for vulnerable systems.
Symptoms:
After connecting to the internet, within minutes
a box comes telling a " This
system is shutting down. Please save all work in progress
and log off. Any unsaved changes will be lost. This shutdown
was initiated by NT AUTHORITY\SYSTEM
Time before shutdown: 00:00:60(
edit - thats 60 secs )
Message
The system process
'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with
status code - 1073741819. The system will now shut down and
restart."
Patches:
Patches for this is available at Symantech
and removal
tool from symantech. If the download is hampered by continuous
restart then do this:
To end the malicious process:
Press Ctrl+Alt+Delete once.
Click Task Manager.
Click the Processes tab.
Double-click the Image Name column header to alphabetically
sort the processes.
Scroll through the list and look for the following processes:
avserve2.exe
any process with a name consisting of 4 or 5 digits followed
by _up.exe (eg 74354_up.exe).
If you find any such process, click it, and then click End
Process.
Exit the Task Manager.
Then
Update your Antivirus Software and Run a thorough scan
|