Sasser Worm

 

 

If you have Sasser, follow these directions to remove it from your computer. Follow the steps carefully and do not skip any steps.

I have Windows 95/98/ME am I safe?
Yes and no, your computer can not be infected but it can be a carrier to infect unprotected systems susceptable to Sasser:
W32.Sasser.E.Worm

If the following steps do not work or apply, you may have Blaster

An error message about "LSASS.EXE (not IASS.EXE)" is a common symptom of Sasser Worm.
If you have Sasser Worm, follow this to assist in the removal.

1.  DISCONNECT the subject computer from any network IMMEDIATELY.

2. If necessary to stop the reboot process:
Windows XP:
Start/Run
Type "shutdown -a" ENTER while the message about shutting down is on the screen.
Windows 2000:
Follow the step Under "Recovery" to prevent LSASS.EXE from crashing:
PSS Security Response Team Alert - Sasser Worm and Variants

3.  Install or enable a firewall IMMEDIATELY, before connecting to the internet

4.  Install the patch appropriate to your operating system Microsoft Security Bulletin MS04-011 (835732)Install the patch whether you believe it is installed or not.  If you caught Sasser, the patch was not properly installed.

5.  Follow this link to get rid of Sasser Worm:
What You Should Know About the Sasser Worm and Its Variants

6.  Turn off/on System Restore to ensure the worm is not saved in System Restore:
Start/All Programs/Accessories/System Tools/System Restore.
Click System Restore Settings on left side.
Check "Turn off System Restore", click OK, follow prompts and reboot.
This deletes ALL Restore Points including corruption.
Then go back and turn on system Restore and create a Restore Point.

7.  After this is resolved prevent similar occurrences by installing ALL Critical Updates from Windows Update.
Keep antivirus up to date and run at least weekly.
Install or enable a firewall.

What you MUST do to protect your PC and keep things like this from occurring in the future.

Search this site powered by FreeFind

This site was last updated Monday, 17 September 2007