If you have Sasser, follow these directions to remove it from your
computer. Follow the steps carefully and do not skip any steps.
I have Windows 95/98/ME am I safe?
Yes and no, your computer can not be infected but it can
be a carrier to infect unprotected systems susceptable
If the following steps do not work or
apply, you may have Blaster
An error message about "LSASS.EXE (not IASS.EXE)" is a common symptom
of Sasser Worm.
If you have Sasser Worm, follow this to assist in the
1. DISCONNECT the subject computer from any
2. If necessary to stop the
Type "shutdown -a" ENTER while the message
about shutting down is on the screen.
Follow the step Under "Recovery" to prevent LSASS.EXE
PSS Security Response Team Alert -
Sasser Worm and Variants
3. Install or enable a firewall
IMMEDIATELY, before connecting to the internet
4. Install the patch appropriate to your operating
Microsoft Security Bulletin
Install the patch whether you believe it is
installed or not. If you caught Sasser, the patch
was not properly installed.
Follow this link to get rid of Sasser Worm:
What You Should Know About the
Sasser Worm and Its Variants
6. Turn off/on System Restore to ensure the worm is not saved in System
Start/All Programs/Accessories/System Tools/System Restore.
Click System Restore Settings on left side.
Check "Turn off System Restore", click OK, follow prompts and reboot.
This deletes ALL Restore Points including corruption.
Then go back and turn on system Restore and create a Restore Point.
After this is resolved prevent similar occurrences by installing ALL
Critical Updates from Windows Update.
Keep antivirus up to date and run at least weekly.
Install or enable a firewall.
What you MUST
do to protect your PC and keep things like this from occurring in the