Goddamn SASSER update: What are we having for dinner? SASSER 'E'!!

Meowster · Sun 02/05/2004 20:51:03

The SASSER worm is the newest annoyance on the world wide web of computers and criminals. Just wondering if anybody knew how to remove it manually. I only have AVG virus thingy, and it doesn't seem to help even though I got the latest update. And for other remedies I apparently need to buy their goddamn virus software. Which I can't afford.

Also; how the hell do you uninstall goddamn McAffee?

Ishmael · Sun 02/05/2004 20:53:48

~~Have you got the latest updates for AVG?~~ Do you know where the worm is, if it has decided to live in a single file? If you do, you can get rid of that file, if no other way, then adding "del [path\file]" to autoexec.bat to remove the file on next startup...

How to uninstall McAffee? Through control panel -> add/remove programs?

---- EDIT ----

I cannot type today, I cannot read today...

AGA · Sun 02/05/2004 20:57:39

Use STINGER.

edmundito · Sun 02/05/2004 21:30:49

My parents computer has this thing called avast.... apparently, the home version is free:
http://www.avast.com/i_kat_6.html

They had the virus too, and it got rid of it.

Meowster · Tue 11/05/2004 01:02:54

Sigh.

I have tried AVAST, AGV, Stinger, the Microsoft Removal Tool (which claimed to remove all four variations of SASSER) and yet still, seemingly, I have it.

AGV, Stinger, and the Microsoft Removal tool detected and removed it... one after the other, after the last tool claimed to have removed it.

I keep getting the very same LSA SHELL errors, followed by a 60 second shutdown. I can halt the shut downs by going to START -> RUN -> shutdown -a. But then my computer acts weird and sometimes needs to be restarted anyway.

And when I say weird... I clicked to restart, but instead of showing the restart, shut down, sleep mode options, it showed the log off options. Or when I clicked to go into a folder, the folder appeared empty and it showed a nonsensical error message. But this was all fine when I restarted.

I'm running windows XP and I plan to format the goddamn PC anyway because it's obviously riddled with pests, but for now it would be nice to be even a little stable. Does anybody have any ideas as to what this is? Or if it IS Sasser (And it shows all the symptoms of SASSER), how can I remove it?

When I click CTRL, ALT + DEL there is a process there called lsasss.exe (three s's). I can shut this process down. Sometimes there are multiple processes by this name, as well as by lsass.exe.

I also changed my password to something horrible, excrutiately complicated, because I heard bad things about lsasss.exe.

Matt Brown · Tue 11/05/2004 01:12:13

my entire school district was hit today...mucho badness

panda software (actual antivirus company) has a fix on the net, for versions a b and c. I dunno about d yet...e is supposed to hit this week

good luck..its a nasty one

Ghormak · Tue 11/05/2004 01:25:18

Well... if you haven't updated Windows or don't have a firewall, you're automatically going to get it again after you've removed it just by being logged on to the Internet.

So... update your stuff.

Dart · Tue 11/05/2004 01:34:04

Panda Antivirus Software is what I use to fix all of my virus problems... in fact, it deletes viruses which Microsoft and McAfee cannot.

If that doesn't work, reformat your computer.

But I really recommend downloading Panda Antivirus.

EDIT: Have you tried using msconfig to edit the programs which start-up automatically every time you restart? Another wise thing to do right now is to turn off your system restore.

Meowster · Tue 11/05/2004 01:50:22

Did all of the above already. I'm only using XP firewall, which it claims blocks it at least partially. What gets me is that nothing is detecting it. No virus software is detecting it, even software that previously did. perhaps I already have e.

Like, before any of you guys.

Man, I feel so privilaged. Look, I'm so excited, I can't even spell!

LGM · Tue 11/05/2004 01:59:09

Maybe you DON'T HAVE THE SASSER VIRUS!! :-p

Unless that's what you said in the garbled mess above.

Ishmael · Tue 11/05/2004 07:26:08

If you're reformating, install 98 or something along with XP. I have 98, and no virus has ever struck on this computer...

I get trojan.downlaoder whatevers in temp internet files and dnled program files, but I can disinfect/rename/remove those files... once my mirc config file got somehting, and got unuseable... but nothing else, ever... I have F-Secure Antivirus...

Pessi · Tue 11/05/2004 07:56:03

My brother has the same thing. He's tried probably all softwares out there to remove the virus but none has actually done it yet. I remember him saying some programs don't even find it even if they claim to be able to.

I really don't know what to do about it. He reformatted the computer and it's still there. Or perhaps the computer got infected again but either way... I don't know if it's Windows updates or the fact that I have a firewall but my computer's all fine. Yeah, that should make you feel better.

I suppose one option would be to format the HD and disconnect from the internet until you get a firewall or something. But it's not an option for everyone.

Meowster · Tue 11/05/2004 13:49:10

I feel for your brother. Is he running XP?

I'm at a complete dead end; nobody knows what to do. Not even microsoft.

dasjoe · Tue 11/05/2004 14:24:11

check for the blaster virus, i regularly still get it after reinstalling windows.

LGM · Tue 11/05/2004 15:02:47

I dunno what your big issue is. AFAIK, the sasser worm just uses your internet connection to send the worm to other people.. Does it really do any damage?

Meowster · Tue 11/05/2004 15:20:06

Shuts down your PC regularly.

I'll check for the blaster worm again. Thanks.

Pessi · Tue 11/05/2004 15:28:09

Yeah, he's running XP. Let me know if you manage to solve the problem!

LilGryphMaster, you can't basically do anything with the computer since it stays up for like 5 minutes at maximum.

Meowster · Tue 11/05/2004 15:34:38

Pessi -> I have a way to stop it from shutting down. Tell your brother; when it shows you the 60 second shutdown screen, click Start -> RunÃ,Â and type Shutdown -a

That stops the shut down attempt.

Meowster · Tue 11/05/2004 20:52:42

I am delighted to announce I have SASSER e.

I got the new AVG update, that was released today.

Pessi, if your brother has a process running in task manager called LSASSS.exe, then he probably has SASSER e. I suspected I might have a different variation of SASSER, and I guess I have. Now to set about removing it... although AVG keeps shutting down. Hmmm...

You can download a new tool from Microsoft.com to remove Sasser e.

Pumaman · Tue 11/05/2004 21:23:43

Make sure you remove it, go to windows update and install all the security patches, then remove it again. If your firewall is configured properly, you shouldn't get infected again.