Infected with W32.Sasser.B.Worm..PLSSSSS HELP

Hi,

My computer is infected with the Sasser.B Worm.
When infected the computer slows down...Moving from application to application is slow..
Boot and Logins are painfully slow.

*** I ran the Symantec Fix tool a couple of times in the last week [yes i  turned off the System Restore]. But after a complete run it came out saying no infected files found.
***I ran the Norton AV also and it completed with "NO VIRUS FOUND" results

 After these scans my computer doesnt hang.

Then again  in a couple of days...it starts infecting and spreads from a few files to 1000s in minutes.

It seems like The Sasser Hides when the Tool runs"...

I guess the Virus is bound in some "temp" folders.

 I regularly empty the Temp Internet Folders whenever I Log off.
Can i delete the contents of all the possible temp folders on my mahcine. as in C:\Windows\Temp etc.

Please help...
thanks,
Jzzzz


JzzzzAsked:
Who is Participating?
 
SheharyaarSaahilConnect With a Mentor Commented:
Hello Jzzzz =)

Follow the Full Instructions given here,

What You Should Know About the Sasser Worm and Its Variants:
http://www.microsoft.com/security/incident/sasser.mspx

Apply MS Security Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Use One of the Following Removal Tools to Delete the Virus:
======================================
1) Sasser (A-F) Worm Removal Tool (KB841720) >> http://www.microsoft.com/downloads/details.aspx?familyid=76C6DE7E-1B6B-4FC3-90D4-9FA42D14CC17&displaylang=en

2) FxSasser.exe.from Symantec >> http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

3) Stinger from McAfee >> http://vil.nai.com/vil/stinger/

4) SysClean PACKAGE from TrendMicro >> http://www.trendmicro.com/download/dcs.asp

5) SASSGUI\SASSSFX from Sophos >> http://www.sophos.com/support/disinfection/sasser.html

6) ClnSasser from Computer Associates >> http://www3.ca.com/Files/VirusInformationAndPrevention/clnsasser.zip

7) F-Sasser from F-Secure >> http://www.f-secure.com/tools/f-sasser.zip

8) SasserFix2 from Norman >> http://www.norman.com/Virus/Virus_removal_tools/14938

9) QuickRemover from Panda >> http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=sol&idvirus=46865
---------------------------------------------------------
NOTE: plzz see the Relevant Sites for FULL Instructions on Removal in the First Link Before using the Tools
0
 
Asta CuCommented:
What You Should Know About the Sasser Worm
http://www.microsoft.com/security/incident/sasser.mspx
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
Asta CuCommented:
Scary, Shehar.... again was alone here and just about to post all of those, luckily I hit refresh first. LOL
0
 
SheharyaarSaahilCommented:
>> Can i delete the contents of all the possible temp folders on my mahcine

Yes, there are two temps folder which u shud clean and delete all the contents present there,
one is C:\Windows\TEMP folder, and other is hidden one, i.e C:\Documents and Settings\ur usernmae\Local Settings\Temp
adn delete all ur temp internet files also of IE !!

0
 
Asta CuCommented:
Depending on your Operating System type; if applicable, be sure to turn off System Restore first; then when clean after reboots, turn back on.
0
 
SheharyaarSaahilCommented:
lol Asta 8-)
0
 
JzzzzAuthor Commented:
such quick posts...
thanks guysss....

Helooo Saahill :) ...to the rescue again...

I will fight the virus and i'LL be back.

thanks again..
0
 
Asta CuCommented:
":0)
0
 
SheharyaarSaahilCommented:
sure, and dont forget to remove all the internet connections and modems from ur system,,, and then run those tools and delete the files in safemode !!
U have this working system form where u are typing, Just download the tools from here and transfer to ur system, dont connect ur system with internet at this stage !! :)
0
 
JzzzzAuthor Commented:

Oh!!. I know what could have happened. I might not have  turned off the system restore (I have XP) when I  ran the SymantecFix/ NAV and the Virus got backed up by the Sys Restore.

Now, I ran all the possible tools. Its clean now I guess.

*****Astaec****
 I got to read about and All about CRAZYONE from the link in your profile .
I read throught almost all the posts(atleast a 100) and it was really overwhelming.

I would like to quote  FatalException ....

" I cannot think of any other profession or field of business that brings so many people together so tightly.  
A community that shares it's expertise, it's troubles, and usually ends up taking care of it's own.  
Without a doubt, this is the finest bunch of professionals  and above all "HUMAN BEINGS"  "

I have just been asking questions So far and getting my answers and thinking i was smart to find the answers. I guess Its time i started answering too, from watever very little I know..

I am proud of  E __ E
Cya Around guys.....
Jzz



0
 
Asta CuCommented:
Yep, System Restore is definitely a major player here, happy it helped you resolve this.

AND, I sure agree with you.  This is a most excellent site.  The teamwork we have is wonderful, the people just great.  And the whole issue of our friend Spence (CrazyOne) is a very intense one.  

I'm very pleased with all that goes on here, and not only find great friends, but am also often helped.  While helping others as best I can, I also am taught many things.

":0) Asta
0
 
SheharyaarSaahilCommented:
good new Jzzzz..... glad u finally got it solved :)
Cheers ^_^
0
All Courses

From novice to tech pro — start learning today.