:: NORMAN :: Antivirus | Firewall

Proactive IT security

Home

News

Support

Partner

Select country

Select product

Virus & security » Security articles » Articles previous years » Information about the Sasser worms

Information about the Sasser worms

Add to My Norman Bookmarks

Question

How can I check if my computer is infected with one of the Sasser worms?

Answer

If you do not have an antivirus program, you should install the latest version of Norman Virus Control
Make sure that your antivirus program is completely updated. In Norman Virus Control, click the N-icon, choose About. The signature date for binary viruses should be 2004/05/03 or newer.
Run a full virus scan by clicking the N-icon, and choose Scan harddisks.
Alternatively to the items above you may download and run our free Sasserfix found here.

Question

How do I remove the Sasser worms from my system?

Answer

Download and run Norman’s free Sasserfix by clicking this link.
Note! This fix will remove the worm from your system. It will however not prevent your system from being reinfected. Install an updated antivirus program and the Microsoft MS04-011 (LSASS) patch to prevent reinfection.

Question

I have successfully cleaned the virus from my system, and I am running an up-to-date antivirus program. However, when connecting to the Internet, my PC will shut down after a few minutes. I get the message

This system is shutting down. Please save all work in progress and log off

LSA Shell(Export version) has encountered a problem and needs to close.

Why does this happen?

Answer

Sasser uses the LSASS vulnerability to infect systems. Your antivirus system will prevent the worm from infecting your system, but it will not prevent it from trying to infect it. When the worm tries to infect your system it will often cause your system to shut down with one of the above-mentioned messages. To prevent this from happening you must install the Microsoft MS04-011 (LSASS) patch.

Question

My system is shutting down whenever I connect to the Internet due to the Sasser worm trying to infect it. I am unable to download the Microsoft MS04-011 (LSASS) patch from Microsoft before my system shuts down. How can I prevent my system form shutting down?

Answer

If you are running Windows XP you can issue the command Shutdown -a. Click Start | Run and enter the command. You can also delay the shutdown by turning the clock one hour back. You have to turn the clock back when the shutdown message appears. This is especially useful on the NT/2000 platforms where the shutdown command is not available.

Question

What is the Microsoft MS04-011 (LSASS) vulnerability?

Answer

Please visit Microsoft’s web site for an in-depth description here.

CURRENT VIRUS THREATS

Medium risk
15	Aug	08	AntiVirus 2008
24	Oct	07	Pidief.A
24	Jan	07	Tibs
25	Sep	06	Stration
18	Jan	06	Small.KI
12	Sep	05	Bagle.CS
17	Aug	05	Zotob.B
08	Jun	05	Mytob
17	Feb	05	MyDoom.AQ
26	Jul	04	MyDoom.L
25	Mar	04	Netsky.P
Low risk
05	Mar	07	Viking.GT
27	Jan	06	Feebs
16	Jan	05	MyDoom.AH
22	Apr	04	SDBot
30	Mar	04	Netsky.Q

Latest virus definition file published

>>	2008-09-05

Security Information

>>	The Internet Crime Complaint Center's report for 2007
>>	2007

Security News and Advisories

>>	Six critical updates for Microsoft systems in August 2008
>>	No critical updates for Microsoft systems in July 2008

Norman is one of the world’s leading companies within the field of data security. With products for antivirus (virus control), personal firewall, antispam and antiadware, the company plays an important role in the data industry.