Re: Win32.Sasser!FTP worm was - someone please help me

From: PA Bear (PABearMVP_at_gmail.com)
Date: 12/07/04 

Date: Tue, 7 Dec 2004 00:46:34 -0500

Going full circle in this thread but...

Help with Hijackware
http://aumha.org/a/parasite.htm
   http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm 

-- 
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE)
Posting and You
http://www.trials-shack.co.uk/posting.html
Bruce Swinden wrote:
> Thank you for the web sites. I used the trend Micro removal utility
> and got a mixed message, i.e. one virus found and possibly no viruses
> found. Anyway I reran the CA scan and no virus.
>
> The problem is that the old symptoms (unable to access MSN etc.)
> persist. Looks like I'm going to have to repair something.
>
> Any ideas?
>
> B
>
> On Mon, 6 Dec 2004 13:31:01 -0500, "PA Bear" <PABearMVP@gmail.com>
> wrote:
>
>> Sysclean (RTFM)
>> http://www.trendmicro.com/download/dcs.asp
>>
>> Free online Trojan Scanner - Scan your system for Trojans:
>> http://www.windowsecurity.com/trojanscan/
>>
>> Other online scans
>> http://aumha.org/secure.php#freeav
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-Windows (IE/OE)
>>
>> Posting and You
>> http://www.trials-shack.co.uk/posting.html
>>
>>
>> Bruce Swinden wrote:
>>> On Sat, 26 Jun 2004 17:40:18 +0100, "Will Denny" <willdenny@mvps.org>
>>> wrote:
>>>
>>>> Hi
>>>>
>>>> Try these programs to check for any spyware that may be on your system:
>>>>
>>>> Ad-Aware - www.lavasoftusa.com
>>>> Spybot - http://www.safer-networking.org/
>>>> CWShredder - http://www.spywareinfo.com/~merijn/downloads.html
>>>>
>>>> Also see the following link:
>>>>
>>>> http://mvps.org/winhelp2002/unwanted.htm
>>>> http://www.microsoft.com/security/articles/spyware.asp
>>>
>>>
>>> I had similar symptoms. (Browser won't access any Microsoft sites plus
>>> E-Bay, etc.).
>>>
>>> I was relying on the XP firewall and got let down, so back to
>>> ZeroAlarm.
>>>
>>> I tried about a dozen virus checking programs including the ones
>>> above. None could identify  my problem except Computer Associates CA @
>>> http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39012
>>> and it told me that I had a Win32.Sasser!FTP worm.
>>>
>>> NOTE: I couldn't even access the page above except through my Google
>>> hard address search site. Also CA downloads were only supported
>>> through Internet Explorer and the downloads would only work when
>>> connected via my dial-up.
>>>
>>> So now, I know the name of the beast but I am still looking for
>>> software to clear the worm. Stinger, Arast and "aswclnr" dates are all
>>> prior to mid August and so don't do the trick.
>>>
>>> I have McAfee (v8) but they want me to pay for an upgrade to v9 (with
>>> 6 months left on v8) and even if I give them my $29.99 (after shelling
>>> out for PC Tools Spydoctor and Registry Mechanic) I have no idea if v9
>>> will be effective with this particular variant.
>>>
>>> Problem is that this variant originated in mid August 2004 and so only
>>> programs that have been updated since then will locate or fix this
>>> worm.
>>>
>>> Any help would be appreciated (as I continue to search for an
>>> automated fix).
>>>
>>> TIA.
>>>
>>> B

Relevant Pages
Quantcast