Archive

Archive for the ‘Malware Troubleshooting’ Category

SASSER Virus – Things to know about a Virulent Computer Worm in 2004

September 15th, 2010 1 comment

sasser-worm Sasser is a worm that infects your machine via a vulnerable internet connection. It attacked a single computer and also the entire networks of computers connected through LAN. Sasser virus intrudes into a known windows vulnerability that was easily patched by Microsoft. It has attacked Windows 2000, Windows XP, Windows Server 2003 and Windows NT.

Microsoft Security Team fixed the following vulnerabilities using patches/updates:

  • LSASS Vulnerability
  • PCT Vulnerability
  • LDAP Vulnerability
  • Metafile Vulnerability
  • Winlogon Vulnerability
  • Utility Manager Vulnerability
  • Help and Support Center Vulnerability
  • Windows Management Vulnerability
  • H.323 Vulnerability
  • Local Descriptor Table Vulnerability
  • Negotiate SSP Vulnerability
  • Virtual DOS Machine Vulnerability
  • ASN.1 “Double-Free” Vulnerability
  • SSL Vulnerability

A Microsoft Security Bulletin version MS04-011 explains about the operating systems which were affected due to Sasser Worm.

Before Microsoft created sasser worm removal tool to fix this issue security experts followed the below process in removing w32 sasser b:

1. First, disconnect the computer from any internet or LAN connection

2. Terminate all the program that are running. For this open Windows Task Manager either by pressing CTRL+ALT+DEL or select Task Manager and process Tab on WinNT/2000/XP machine. Locate any one of the following files

avserve.exe, avserve2.exe, skynetave.exe or any process running with “_up.exe” and click End Task. Close Task Manager.

3. Next, activate Windows XP Firewall Version for Windows XP and another firewall for other versions to disable the worm from shutting down when the downloading the patches is still in process.

4. Download and install the patches for the respective Operating Systems

5. Remove the Registry entries

6. Delete all the infected files. In case you are using Windows ME and XP first turn off System Restore

7. In the end reboot the computer, update your windows and antivirus software and do a thorough scan.

In 2004 Microsoft “Fast Publish” a tool called Microsoft Sasser Worm Removal Tool which removes w32.sasser.worm effectively from the PC but later it has been added to the Microsoft malicious software removal tool.

If your computer is running slower than usual or experiencing unexpected pop-ups just give a call to the free security support for Microsoft PC Safety.

Wordpress SEO Plugin by Wordpress SEO Plugin