Solved

Infected with W32.Sasser.B.Worm..PLSSSSS HELP

Posted on 2004-10-27
224 Views
Last Modified: 2013-12-04
Hi,

My computer is infected with the Sasser.B Worm.
When infected the computer slows down...Moving from application to application is slow..
Boot and Logins are painfully slow.

*** I ran the Symantec Fix tool a couple of times in the last week [yes i  turned off the System Restore]. But after a complete run it came out saying no infected files found.
***I ran the Norton AV also and it completed with "NO VIRUS FOUND" results

 After these scans my computer doesnt hang.

Then again  in a couple of days...it starts infecting and spreads from a few files to 1000s in minutes.

It seems like The Sasser Hides when the Tool runs"...

I guess the Virus is bound in some "temp" folders.

 I regularly empty the Temp Internet Folders whenever I Log off.
Can i delete the contents of all the possible temp folders on my mahcine. as in C:\Windows\Temp etc.

Please help...
thanks,
Jzzzz


0
Question by:Jzzzz
    13 Comments
     
    LVL 27

    Assisted Solution

    by:Asta Cu
    0
     
    LVL 65

    Accepted Solution

    by:
    Hello Jzzzz =)

    Follow the Full Instructions given here,

    What You Should Know About the Sasser Worm and Its Variants:
    http://www.microsoft.com/security/incident/sasser.mspx

    Apply MS Security Bulletin:
    http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

    Use One of the Following Removal Tools to Delete the Virus:
    ======================================
    1) Sasser (A-F) Worm Removal Tool (KB841720) >> http://www.microsoft.com/downloads/details.aspx?familyid=76C6DE7E-1B6B-4FC3-90D4-9FA42D14CC17&displaylang=en

    2) FxSasser.exe.from Symantec >> http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

    3) Stinger from McAfee >> http://vil.nai.com/vil/stinger/

    4) SysClean PACKAGE from TrendMicro >> http://www.trendmicro.com/download/dcs.asp

    5) SASSGUI\SASSSFX from Sophos >> http://www.sophos.com/support/disinfection/sasser.html

    6) ClnSasser from Computer Associates >> http://www3.ca.com/Files/VirusInformationAndPrevention/clnsasser.zip

    7) F-Sasser from F-Secure >> http://www.f-secure.com/tools/f-sasser.zip

    8) SasserFix2 from Norman >> http://www.norman.com/Virus/Virus_removal_tools/14938

    9) QuickRemover from Panda >> http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=sol&idvirus=46865
    ---------------------------------------------------------
    NOTE: plzz see the Relevant Sites for FULL Instructions on Removal in the First Link Before using the Tools
    0
     
    LVL 27

    Expert Comment

    by:Asta Cu
    What You Should Know About the Sasser Worm
    http://www.microsoft.com/security/incident/sasser.mspx
    0
     
    LVL 27

    Expert Comment

    by:Asta Cu
    Scary, Shehar.... again was alone here and just about to post all of those, luckily I hit refresh first. LOL
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    >> Can i delete the contents of all the possible temp folders on my mahcine

    Yes, there are two temps folder which u shud clean and delete all the contents present there,
    one is C:\Windows\TEMP folder, and other is hidden one, i.e C:\Documents and Settings\ur usernmae\Local Settings\Temp
    adn delete all ur temp internet files also of IE !!

    0
     
    LVL 27

    Expert Comment

    by:Asta Cu
    Depending on your Operating System type; if applicable, be sure to turn off System Restore first; then when clean after reboots, turn back on.
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    lol Asta 8-)
    0
     

    Author Comment

    by:Jzzzz
    such quick posts...
    thanks guysss....

    Helooo Saahill :) ...to the rescue again...

    I will fight the virus and i'LL be back.

    thanks again..
    0
     
    LVL 27

    Expert Comment

    by:Asta Cu
    ":0)
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    sure, and dont forget to remove all the internet connections and modems from ur system,,, and then run those tools and delete the files in safemode !!
    U have this working system form where u are typing, Just download the tools from here and transfer to ur system, dont connect ur system with internet at this stage !! :)
    0
     

    Author Comment

    by:Jzzzz

    Oh!!. I know what could have happened. I might not have  turned off the system restore (I have XP) when I  ran the SymantecFix/ NAV and the Virus got backed up by the Sys Restore.

    Now, I ran all the possible tools. Its clean now I guess.

    *****Astaec****
     I got to read about and All about CRAZYONE from the link in your profile .
    I read throught almost all the posts(atleast a 100) and it was really overwhelming.

    I would like to quote  FatalException ....

    " I cannot think of any other profession or field of business that brings so many people together so tightly.  
    A community that shares it's expertise, it's troubles, and usually ends up taking care of it's own.  
    Without a doubt, this is the finest bunch of professionals  and above all "HUMAN BEINGS"  "

    I have just been asking questions So far and getting my answers and thinking i was smart to find the answers. I guess Its time i started answering too, from watever very little I know..

    I am proud of  E __ E
    Cya Around guys.....
    Jzz



    0
     
    LVL 27

    Expert Comment

    by:Asta Cu
    Yep, System Restore is definitely a major player here, happy it helped you resolve this.

    AND, I sure agree with you.  This is a most excellent site.  The teamwork we have is wonderful, the people just great.  And the whole issue of our friend Spence (CrazyOne) is a very intense one.  

    I'm very pleased with all that goes on here, and not only find great friends, but am also often helped.  While helping others as best I can, I also am taught many things.

    ":0) Asta
    0
     
    LVL 65

    Expert Comment

    by:SheharyaarSaahil
    good new Jzzzz..... glad u finally got it solved :)
    Cheers ^_^
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
    No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
    This video is in connection to the article "The case of a missing mobile phone (https://www.experts-exchange.com/articles/28474/The-Case-of-a-Missing-Mobile-Phone.html)". It will help one to understand clearly the steps to track a lost android phone.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now