Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Infected with W32.Sasser.B.Worm..PLSSSSS HELP

Posted on 2004-10-27
13
Medium Priority
?
233 Views
Last Modified: 2013-12-04
Hi,

My computer is infected with the Sasser.B Worm.
When infected the computer slows down...Moving from application to application is slow..
Boot and Logins are painfully slow.

*** I ran the Symantec Fix tool a couple of times in the last week [yes i  turned off the System Restore]. But after a complete run it came out saying no infected files found.
***I ran the Norton AV also and it completed with "NO VIRUS FOUND" results

 After these scans my computer doesnt hang.

Then again  in a couple of days...it starts infecting and spreads from a few files to 1000s in minutes.

It seems like The Sasser Hides when the Tool runs"...

I guess the Virus is bound in some "temp" folders.

 I regularly empty the Temp Internet Folders whenever I Log off.
Can i delete the contents of all the possible temp folders on my mahcine. as in C:\Windows\Temp etc.

Please help...
thanks,
Jzzzz


0
Comment
Question by:Jzzzz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
13 Comments
 
LVL 27

Assisted Solution

by:Asta Cu
Asta Cu earned 400 total points
ID: 12426686
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 400 total points
ID: 12426688
Hello Jzzzz =)

Follow the Full Instructions given here,

What You Should Know About the Sasser Worm and Its Variants:
http://www.microsoft.com/security/incident/sasser.mspx

Apply MS Security Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Use One of the Following Removal Tools to Delete the Virus:
======================================
1) Sasser (A-F) Worm Removal Tool (KB841720) >> http://www.microsoft.com/downloads/details.aspx?familyid=76C6DE7E-1B6B-4FC3-90D4-9FA42D14CC17&displaylang=en

2) FxSasser.exe.from Symantec >> http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

3) Stinger from McAfee >> http://vil.nai.com/vil/stinger/

4) SysClean PACKAGE from TrendMicro >> http://www.trendmicro.com/download/dcs.asp

5) SASSGUI\SASSSFX from Sophos >> http://www.sophos.com/support/disinfection/sasser.html

6) ClnSasser from Computer Associates >> http://www3.ca.com/Files/VirusInformationAndPrevention/clnsasser.zip

7) F-Sasser from F-Secure >> http://www.f-secure.com/tools/f-sasser.zip

8) SasserFix2 from Norman >> http://www.norman.com/Virus/Virus_removal_tools/14938

9) QuickRemover from Panda >> http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=sol&idvirus=46865
---------------------------------------------------------
NOTE: plzz see the Relevant Sites for FULL Instructions on Removal in the First Link Before using the Tools
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12426694
What You Should Know About the Sasser Worm
http://www.microsoft.com/security/incident/sasser.mspx
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 27

Expert Comment

by:Asta Cu
ID: 12426704
Scary, Shehar.... again was alone here and just about to post all of those, luckily I hit refresh first. LOL
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12426713
>> Can i delete the contents of all the possible temp folders on my mahcine

Yes, there are two temps folder which u shud clean and delete all the contents present there,
one is C:\Windows\TEMP folder, and other is hidden one, i.e C:\Documents and Settings\ur usernmae\Local Settings\Temp
adn delete all ur temp internet files also of IE !!

0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12426731
Depending on your Operating System type; if applicable, be sure to turn off System Restore first; then when clean after reboots, turn back on.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12426744
lol Asta 8-)
0
 

Author Comment

by:Jzzzz
ID: 12426837
such quick posts...
thanks guysss....

Helooo Saahill :) ...to the rescue again...

I will fight the virus and i'LL be back.

thanks again..
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12426873
":0)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12426878
sure, and dont forget to remove all the internet connections and modems from ur system,,, and then run those tools and delete the files in safemode !!
U have this working system form where u are typing, Just download the tools from here and transfer to ur system, dont connect ur system with internet at this stage !! :)
0
 

Author Comment

by:Jzzzz
ID: 12434330

Oh!!. I know what could have happened. I might not have  turned off the system restore (I have XP) when I  ran the SymantecFix/ NAV and the Virus got backed up by the Sys Restore.

Now, I ran all the possible tools. Its clean now I guess.

*****Astaec****
 I got to read about and All about CRAZYONE from the link in your profile .
I read throught almost all the posts(atleast a 100) and it was really overwhelming.

I would like to quote  FatalException ....

" I cannot think of any other profession or field of business that brings so many people together so tightly.  
A community that shares it's expertise, it's troubles, and usually ends up taking care of it's own.  
Without a doubt, this is the finest bunch of professionals  and above all "HUMAN BEINGS"  "

I have just been asking questions So far and getting my answers and thinking i was smart to find the answers. I guess Its time i started answering too, from watever very little I know..

I am proud of  E __ E
Cya Around guys.....
Jzz



0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12434414
Yep, System Restore is definitely a major player here, happy it helped you resolve this.

AND, I sure agree with you.  This is a most excellent site.  The teamwork we have is wonderful, the people just great.  And the whole issue of our friend Spence (CrazyOne) is a very intense one.  

I'm very pleased with all that goes on here, and not only find great friends, but am also often helped.  While helping others as best I can, I also am taught many things.

":0) Asta
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12434525
good new Jzzzz..... glad u finally got it solved :)
Cheers ^_^
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question