Re: Shutdown and sasser

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: MowGreen [MVP] (mowgreen_at_nowandzen.com)
Date: 05/03/04

• Next message: MowGreen [MVP]: "Re: EMERGENCY! computer auto shutoff, updates won't install"
• Previous message: MowGreen [MVP]: "Re: critical update not downloadable"
• In reply to: Kelley: "Shutdown and sasser"
• Next in thread: Shenan Stanley: "Re: Shutdown and sasser"
• Reply: Shenan Stanley: "Re: Shutdown and sasser"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 03 May 2004 10:11:29 -0700

To end the malicious process:
Press Ctrl+Alt+Delete once.
Click Task Manager.
Click the Processes tab.
Double-click the Image Name column header to alphabetically sort the
processes.
Scroll through the list and look for the following processes:
avserve.exe
any process with a name consisting of 4 or 5 digits followed by _up.exe
(eg 74354_up.exe).
If you find any such process, click it, and then click End Process.
Exit the Task Manager.
------------------------------------------------------------------------

Download Stinger to remove the worm. Run it in Safe Mode. It will fit on
a floppy disk if you need to download it to another computer :
http://vil.nai.com/vil/stinger

Then install the patch to prevent it's reoccurrence from this page :
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

MowGreen [MVP]
*-343-* Never Forgotten

Kelley wrote:

> ok, got to the CMD screen, but it does not recognize:
>
> shutdown -a is not recognized as an internal or external command, operable program or batch file.
>
> I am running Windows 2000...any help would be appreciated. I have been dealing with this all day long. Don't have firewall yet but can't get until I can get the comp to stay on for more than a few minutes.

---

• Next message: MowGreen [MVP]: "Re: EMERGENCY! computer auto shutoff, updates won't install"
• Previous message: MowGreen [MVP]: "Re: critical update not downloadable"
• In reply to: Kelley: "Shutdown and sasser"
• Next in thread: Shenan Stanley: "Re: Shutdown and sasser"
• Reply: Shenan Stanley: "Re: Shutdown and sasser"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: System keeps re-starting ... Double-click the Image Name column header to alphabetically sort the ... Scroll through the list and look for the following processes: ... Exit the Task Manager. ... Download Stinger to remove the worm. ... (microsoft.public.windowsupdate) Re: im geting a lsass.exe error i think its sassor but ... Double-click the Image Name column header to alphabetically sort the ... Scroll through the list and look for the following processes: ... Exit the Task Manager. ... Download Stinger to remove the worm. ... (microsoft.public.windowsupdate) Re: windows/system32 error ... Double-click the Image Name column header to alphabetically sort the ... Scroll through the list and look for the following processes: ... Exit the Task Manager. ... Download Stinger to remove the worm. ... (microsoft.public.windowsupdate) Re: Shutdown and sasser ... > Double-click the Image Name column header to alphabetically sort the ... > Exit the Task Manager. ... > Download Stinger to remove the worm. ... (microsoft.public.windowsupdate) Re: My task manager has disappered not just been disabled ... Go to C:\Windows\System32 Folder. ... Scroll down to taskmgr.exe. ... choose Send to Desktop as Shortcut. ... the ability to get the task manager to pop-up with ALT+CTRL+DEL and I ... (microsoft.public.windowsxp.perform_maintain)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windowsupdate  > 2004-05