Sasser problem

Status
Not open for further replies.

KnightRiderX

Posts: 36   +0
Hi,

I seem to have acquired the Win32/Sasser worm. Getting rid of it while in Windows is no problem for me. The problem I have is that the countdown to shutdown comes even before I have the opportunity to log in. The problem comes off the heels of just updating my Windows with the Febuary version of the Microsoft Malicious Tool. As of right now, I am posting on a fresh install of Windows on a different partition with an expired product key and I will prefer to keep my other Windows install intact. I hope there is someone here that can help shed some light into what it is that I have to do to resolve this. Thanks in advance.
 
That also requires that I log in on the problematic Windows installation. For more clarity, it gives an error code: 1073741819 while counting down.
 
Try this. Boot your computer and go into your bios. Change the system date to 22/02/06, which is obviously a year ago and save and exit bios. This might let you login to windows and run the sasser fix.

Regards Howard :)
 
What antivirus programme do you use? Could you not tell your antivirus programme to scan the partition that has the virus?

Regards Howard :)
 
fyi: origin of Sasser worm

Distribution
* Distribution Level: Medium
* Ports: TCP 445, 5554, 9996
* Target of Infection: Unpatched systems vulnerable to LSASS exploit - MS04-011.

Port 445 is MS Filesharing port :(
 
I use AVG. wouldn't that require me being able to log into windows first? Is there a way for me to tell the problematic installation, while i'm in this fresh installation, to bypass the password entry stage and just log in? cause if I'm able to do that, then I believe I will have enough time to take out the worm my typing "shutdown -a" in cmd.
 
Maybe I`m missing something, so to be clear. You`re using another Windows installation on a different partition on your hard drive?

Do you have AVG antivirus installed on the partition you`re using at the moment?

If so, you should be able to tell AVG to scan the driver letter that corresponds to the partition that has the virus and hopefully, AVG will kill it.

Regards Howard :)
 
howard_hopkinso said:
Boot your computer and go into your bios. Change the system date to 22/02/06

For clarification purposes, if anyone here is from the United States, it would be 2/22/06 for them :) .
 
I know you don`t want to lose your configurations etc, but what other choice do you have? Since you can`t log on to windows in any mode, you`re going to have to try something. The scans you have run haven`t found anything, so we have to assume it`s not a sasser problem.

A Windows repair shouldn`t cause you to lose any data, other than Windows updates/configurations etc, unlike a format would. However, if a repair doesn`t work, then maybe you`re going to have to contemplate backing up your important data and doing just that.

Sadly, I don`t have any other ideas I`m afraid.

Regards Howard :(
 
ok BIG problem. everytime I try to repair the problematic installation, it does not show up on the list of installations to repair. only the one that I'm on right now. I tried booting into the problematic installation and it was still there.
 
Damn and bugger, that`s definitely not good.

It looks like you`re going to have to backup your data and reformat. I just don`t have any other ideas and unless some one else can think of something, I think you`re screwed. :(

I`m real sorry I couldn`t fix it for you.

Regards Howard :(
 
Status
Not open for further replies.
Back