Re: possible virus? and how get rid of it...
- From: Bruce Chambers <bchambers@xxxxxxxxxxx>
- Date: Tue, 14 Jun 2005 18:58:51 -0600
Naturegal74 wrote:
I have Windows XP.
I use the internet rarely, and it's usually to Yahoo email, and I never open documents from people I don't know.
I have Norton and it's up-to-date.
I logged onto the internet, and after a few minutes, I got this message that my computer will shut down in 1 minute. It had something like system/32/lsass.exe in the message. And then it shut down after 1 minute. It does this over and over.
I have had this happen before, and I've immediately gone to Microsoft.com to download any security downloads they had to try and fix it. Plus I've run Norton. I've always been able to get rid of whatever was in there without an issue.
This time, I did the same exact thing. I downloaded the Malicious Threat download that is on Microsoft.com plus ran Norton. Nothing came up from either scan. But the computer keeps shutting down with that same message.
A window did pop up that suggested a free scan to check the computer registry, but then after it scans, it wants you to be $40 to fix the problem. And then another window said to download a patch for $20. I wasn't sure if these were legit or not. I do not have Service Pack II, so should I download that? Would that help? I don't know if the computer will stay on long enough for me to do it, but I can try...
Any thoughts or advice?
You've apparently contracted the latest worm, W32.Sasser.Worm, specifically designed to attack people who do not update their computers promptly and who do not practice "safe hex." In other words, like Blaster, this worm was developed and distributed _after_ a patch for the vulnerability was announced and made publicly available. Further, and also like Blaster, this worm could not affect any computer whose user had taken the basic precaution of using a properly configured firewall.
To stay on-line long enough to get the necessary updates, patches, and removal tools, click Start > Run, and enter "shutdown -a" when the next Shutdown countdown begins. This will abort the shut down. Also, make sure you've enabled a firewall before starting, to preclude any more intrusions while getting the updates/patches/tools.
What You should Know about the Sasser Worm and its Variants http://www.microsoft.com/security/incident/sasser.asp
Microsoft Security Bulletin MS04-011 http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
W32.Sasser.Worm http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html
A tool is available to remove the Sasser worm variants http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720
W32.Sasser.Worm Removal Tool http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html
McAfee AVert Stinger Virus Removal Tool http://vil.nai.com/vil/stinger/
--
Bruce Chambers
Help us help you: http://dts-l.org/goodpost.htm http://www.catb.org/~esr/faqs/smart-questions.html
You can have peace. Or you can have freedom. Don't ever count on having both at once. - RAH
.
- References:
- possible virus? and how get rid of it...
- From: Naturegal74
- possible virus? and how get rid of it...
- Prev by Date: Outlook 2002
- Next by Date: Re: possible virus? and how get rid of it...
- Previous by thread: Re: possible virus? and how get rid of it...
- Next by thread: tell developers to please fix MDAC 2.8 installer
- Index(es):
Relevant Pages
|
