Sasser worm

[NoBonus]

So, I have seen the Sasser worm infect two computers so far (not mine, people who needed my help fixing it).  Has anyone else seen or gotten the Sasser worm?  I found that the 60 seconds Sasser gives you before rebooting is just enough time to download Symantic's Sasser removal tool, but not enough time to really search for the tool and read any instructions, so it took a couple re-boots before I got it downloaded. (It was kind of like a fun game, download the anti-virus before your system reboots)

NoBonus

[abrannan]

Sasser (and it's three variants) and the latest version of GaoBot have been my life the past few days.  But this outbreak is nothing compared to the biggies of the past couple of years.  Nimda and SQLSlammer were the biggies, with Blaster close behind.

You can just kill the avserve2.exe process and delete the %windir%/avserve2.exe file in the 60 seconds to reboot.  That will stop the worm from restering on reboot.  Then you can get the tool and cleanup.

Let me just take this opportunity to make a Public Service Announcement:

Everyone, please run a firewall on your high speed connections!  There are plenty of free personal firewall programs out there, if you don't have a hardware firewall.  Also, please patch your systems!  Microsoft has provided the automatic update client to automatically check for and install patches on 2000 and XP.  Also, please get an anti-virus program and run it.  If it isn't already, configure it to automatically check for updates as well.  If everyone did these three things, viruses like Sasser wouldn't create half the impact they do today.



Ah, there, now I feel better.

[Tailgunner]

My mom's system caught at least two variants of Sasser this past weekend. Annoying little bugger.

[Edgedamage]

Yah some GOOF!!!!!!!!!!! in our office opened a email from someone they didn't know and unleashed the worm. The only system that didn't get hit was my work station. Call me anal but I check the microsoft update site each day when I log in. Also I do a live update on my systems virus scanner each morning. Man I wish I had the IT guys job here he just smokes butts all day long while each system has the little update globe beside the clock in the system tray.

[shmokes]

Why don't you just tell windows to apply critical updates automatically at a certain time every day?  Then you don't have to check their website.

[Valence]

I found this worm to be mild. Fairly easy to remove and itself was very buggy. I support about a thousand users and we had 7 infections. The one where it causes a reboot does not actually infect anyone. (Infect as being able to reproduce) We had about 18 of the RPC errors. Also, if you logged into the machine with a different user profile it didn't crash.

Edgedamage: These virui are not transmitted by emails. They use an open port as far as I know.  

[NoBonus]

He may be referring to the Netsky variant that used "Sasser worm removal tool" as bait.

[knuttz]

I kinda like viruses, worms and the like.  They are a nice change of pace from the normal daily routine.

jk

[Apollo]

I agree, I actually get kind of a thrill when I get a virus. If you have the right protection ( gotta be Norton ) and you know the basics it's pretty cool. It's like yeah yeah you can't get me ( that's not an invitation by the way, lol ).

[knuttz]

Yeah, my brother got a virus that was able to close his browser if he typed in the word virus, antivirus, etc into the search window.  It would also attemt to cancel Norton AV's instilation program if it was ran.  It was horrible and beautiful at the same time.

[patrickl]

I used to collect virii (virusses?) when I during my study days. The University PC's would always have loads of them on their hard disks.

[fredster]

The microsoft site has a thing to do to stop the virus so it won't knock you offline.  You have to make a logfile.

Some of you guys LIKE viruses?  I think they should bury the guy who unleases one of the these things in a hole with his feet sticking out.

If you are computer savy, fine.  But I fixed one yesterday where the woman was litterally in tears about it.  I don't think it's funny or cool at all.

[knuttz]

fredster, No I don't really like viruses.  I was just joking around.