Sasser worm - what to do...?
 

I need guidance from the IT experts.

With this sasser worm going around..... should I go ahead and install the Windows XP patches and follow the procedures that the MS website is giving out....?

Im currently looking this website:

http://www.microsoft.com/security/incident/sasser.asp

Any advice would be greatly appreciated.

Thanks.

G'day Gaucho,

Yes, by all means install the latest patches on your computer. I would also suggest an anti-virus software programme.

If you do not have one installed, may I suggest www.grisoft.com Click on the free version. This is an excellent piece of software that will protect your computer. It is identical to Sophos or Symantec but it is free. :cool:

Agreed you should d/l MS security updates and I read the MS stuff a firewall program such as ZoneAlarm (a free version is available) should stop it and a lotta other stuff too.

MisterNice

Grrr....
 

My wife got the thing on her laptop.

I stuck one of the removal tools on a disk, but her floppy drive refused to acknowledge the disk. So I beamed it to her, got rid of the worm, got online to get the patch, and within 3 minutes she had the worm again.

So I downloaded the patch (and several others) to my PC, going to burn a CD, and install them while she's gone this weekend, and then I should be able to get online and take a look at all the other updates, as well as some better antivirus.

When MS releases "critical" patches, I tend to install them on my laptop ASAP--since my data is backed up, I can afford to lose the machine in the event that MS sends out a bum patch--this has been known to happen.

Patching one's windows OS and keeping an updated virus scanner are critical. IMHO, if you ware not checking windows update once a day and doing the same for your virus patterns (or having the respective proggies do it for you), you are inviting exposure to something like sasser.

I don't know that a virus scanner will keep you from actually getting sasser--it might clean it when it finds it. If I get the time, I'll read the trend/symantec writeups and comment further...

Don't forget to turn on XP's firewalling (or get behind a hardware firewall if you can; if not, and you aren't running XP, by all means, purchase someone's software firewall (there are several vendors).

Most people don't need anyone connecting TO their machine (especially if you are on dialup), and it will save you from worms like these.

Steve

Critical downloads say they do not have security ID
 

I have a CWS infection as previously mentioned. This along with a bunch of other stuff is making life miserable. The machine has windows XP, factory-installed and update worked until the malware and spyware files got into the machine.

Is there a work-around to get the critical updates installed? Note: I am now using Mozilla Firefox as my default browser and many of the problems are hidden. They are not when I revert to IE. Thanks for any help.

MisterNice:

Have you installed ZoneAlarm? Any problems that some programs are not running after the installation?I use the XP firewall ... and at least all programs are still running.
I had bad experiences with other firewalls, like McAffe .. it took me several days and an IT specialist to get things running again...it was a nightmare! :mad:

I've been using ZoneAlarm for a few years now. Every day it blocks dozens of computers trying to 'access' my computer. I'm sure 95% of those attempts are benign, but it's that 5% that you just don't know about. And having ZoneAlarm allows me to sleep fine at night when viruses such as the current one come about. I highly recommend ZoneAlarm.

I'd say avoiding using....
 

Internet Explorer and all flavours of Outlook is good enough. :D

Is this supposed to be a joke? That is definitely not enough to avoid the sasser worm. This is not a simple virus spread by email. You should really install the patches and use a (hardware) firewall.

If by CWS you mean Coolwebsearch, download and run the CWShredder program. A friend's laptop was infected by CWS and it worked like a charm:

http://www.majorgeeks.com/download4086.html


Many other sharewar sites have CWShredder as well.

Thanks for the tips.... Ive already done the MS patches and it seems like Im clean. I already had Norton 2004 security and anti-virus programs installed, so I guess Im OK for now... ^

I've been running zonealarm for many years now and never had a problem with it. It's currently on an XP and a 98 machine at home.

For those using wireless routers, most of them also have firewall capablities built in, may be worth turning that on if it's not already on.

Critical patches, a decent firewall, and as the last line of defense up to date antivirus software.

I always install all "critical" updates. Anyone who does not is very vulnerable to attack. I also use Norton Firewall (the firewall in WinXP is too basic)
and Antivirus (both of which I update regularly - at least weekly) and have had great success in being protected. You can buy them together in the internet suite. I set those programs to automatically update and, set Win XP to automatically notify me and download upgrades. I would strongly suggest that no one access the internet without a good anti-virus and firewall installed (see PC World or PC Mag for reviews of different programs).
Practice Safe Computing

ZoneAlarm (the free and other versions) will work quite well with most programs, but many of the car rental sites, travelocity.com, orbitz.com, tdwaterhouse.com with Level 2 info etc will often conflict to some degree and not run properly.

My solution is to turn off ZoneAlarm as I use these sites and turn it back immediately on after I exit them. ZA will keep a record of attempted "breakins" etc if you desire.

MisterNice

As a long time computer weenie let me offer this humble advice:

Protecting yourself 'taint easy: The attacks are many, sophisticated and persistent.

Keep your OS patched: The days of waiting to hear if a patch causes problems before installing it are over.

Remove IE and Outlook from your computers: True Sasser is independent of IE/Outlook but most of the other 45,754 known nasties out there in the wild take advantage of various shortcomings in them. There are lots of alternative browsers and mail clients to chose from.

Install a virus scanner: Turn it on, and leave it on and keep it updated.

Install a pest-scanner: Pest-patrol, Ad-aware, Spy-bot.....

Install a fire-wall: Use it to block unneeded ports. Best is to place a router that provides NAT(Network Address Translation) between you and your internet connection.

Pay attention to the attachments in your e-mail: Learn what can hurt you and what can't.

....and most of all do your backups! Right now!! It's not if your computer will die(from hardware failure, virus attacks, worms...) but when.

Hoping that someone here can help me...

My computer at home is a simple IBM Windows Me - about 3yrs old. It seems to have been infected with sasser.

Microsoft says that Windows Me is not affected by the virus. There does not seem to be a patch available as Microsoft isn't supporting it anymore - I think.

I've run Norton numerous times (yes, it's current) but it says I'm fine, however my computer keeps freezing and restarting.

It looks like a duck, acts like a duck, and quacks like a duck but they say it's not a duck!

Anyone out there here about anything similar?

thanks...

You can download a sasser removal tool at this site:


http://securityresponse.symantec.com...oval.tool.html


Since you have Win ME, be sure to note the instructions to run the tool in "safe mode"

Best of luck in getting rid of the worm

My understanding with XP is that you have to install the patch before you can run the removal tool.