Topic 'Re: First go here and follow Micrsoft's recommende' in forum 'Security' - dslreports.com http://www.dslreports.com/forum/Re-First-go-here-and-follow-Micrsofts-recommende-10131641 en Sat, 26 Mar 2022 03:48:30 EDT Sat, 26 Mar 2022 03:48:30 EDT Re: MS releases Sasser worm variant removal tool http://www.dslreports.com/forum/Re-MS-releases-Sasser-worm-variant-removal-tool-10200237
»users.rcn.com/ferchl/Sas ··· -Fix.exe

Comments and/or suggestions for improvement are most welcome. Note: You can open and examine the file with WinZip. It's just a VBScript file and a few utilities.]]> http://www.dslreports.com/forum/Re-MS-releases-Sasser-worm-variant-removal-tool-10200237 Mon, 10 May 2004 01:38:09 EDT Re: MS releases Sasser worm variant removal tool http://www.dslreports.com/forum/Re-MS-releases-Sasser-worm-variant-removal-tool-10161308
»www.foundstone.com/index ··· scan.htm]]> http://www.dslreports.com/forum/Re-MS-releases-Sasser-worm-variant-removal-tool-10161308 Wed, 05 May 2004 16:54:39 EDT Re: MS releases Sasser worm variant removal tool http://www.dslreports.com/forum/Re-MS-releases-Sasser-worm-variant-removal-tool-10141750 said by sheepexplode:
Has anyone come up with a command line scanneer for Sasser?
F-Secure has a Sasser removal tool that can be run from a command line:

»ftp://ftp.f-secure.com/anti-vi ··· sser.zip
--
Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend.]]> http://www.dslreports.com/forum/Re-MS-releases-Sasser-worm-variant-removal-tool-10141750 Mon, 03 May 2004 17:28:13 EDT Re: MS releases Sasser worm variant removal tool http://www.dslreports.com/forum/Re-MS-releases-Sasser-worm-variant-removal-tool-10141001 said by Name Game:
said by sheepexplode:
Has anyone come up with a command line scanneer for Sasser?


did you try f-port and Symantec ??

1.2 Command-Line Scanner
Command-line scanners are currently the most common scanners available for UNIX. In addition to all the basic functions of a virus scanner, the F-Prot Antivirus Command-Line Scanner can be scheduled to perform scans using cronjobs. The F-Prot Antivirus Command-Line Scanner can be used with a third party application. Simple, yet secure, the F-Prot Antivirus Command-Line Scanner is an ideal solution for individual workstations.

By default the Command-line scanner scans by file-type abd reports to STDOUT, it only lists files which are found to be infected.

W32.Sasser Removal Tool
Available command-line switches for this tool

»securityresponse.symante ··· ool.html


I am looking for something I can use to scan our network. eEye has one that you can scan a class C subent, but I want to scan an A subnet.

Thanks
--
»Security »I think my computer is infected or hijacked. What should I do?]]> http://www.dslreports.com/forum/Re-MS-releases-Sasser-worm-variant-removal-tool-10141001 Mon, 03 May 2004 16:05:51 EDT Re: First go here and follow Micrsoft's recommende http://www.dslreports.com/forum/Re-First-go-here-and-follow-Micrsofts-recommende-10139574 said by Link Logger:
On the older versions of Windows this functionality sits on 339 and is different enough to be exempt from this attack
Typo as that should be '139'.

Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel]]> http://www.dslreports.com/forum/Re-First-go-here-and-follow-Micrsofts-recommende-10139574 Mon, 03 May 2004 12:48:31 EDT Re: MS releases Sasser worm variant removal tool http://www.dslreports.com/forum/Re-MS-releases-Sasser-worm-variant-removal-tool-10139434 said by sheepexplode:
Has anyone come up with a command line scanneer for Sasser?


did you try f-port and Symantec ??

1.2 Command-Line Scanner
Command-line scanners are currently the most common scanners available for UNIX. In addition to all the basic functions of a virus scanner, the F-Prot Antivirus Command-Line Scanner can be scheduled to perform scans using cronjobs. The F-Prot Antivirus Command-Line Scanner can be used with a third party application. Simple, yet secure, the F-Prot Antivirus Command-Line Scanner is an ideal solution for individual workstations.

By default the Command-line scanner scans by file-type abd reports to STDOUT, it only lists files which are found to be infected.

W32.Sasser Removal Tool
Available command-line switches for this tool

»securityresponse.symante ··· ool.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/Re-MS-releases-Sasser-worm-variant-removal-tool-10139434 Mon, 03 May 2004 12:29:53 EDT Re: MS releases Sasser worm variant removal tool http://www.dslreports.com/forum/Re-MS-releases-Sasser-worm-variant-removal-tool-10138792 --
»Security »I think my computer is infected or hijacked. What should I do?]]> http://www.dslreports.com/forum/Re-MS-releases-Sasser-worm-variant-removal-tool-10138792 Mon, 03 May 2004 10:56:45 EDT Re: First go here and follow Micrsoft's recommende http://www.dslreports.com/forum/Re-First-go-here-and-follow-Micrsofts-recommende-10134190
Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel]]> http://www.dslreports.com/forum/Re-First-go-here-and-follow-Micrsofts-recommende-10134190 Sun, 02 May 2004 19:46:47 EDT Re: First go here and follow Micrsoft's recommende http://www.dslreports.com/forum/Re-First-go-here-and-follow-Micrsofts-recommende-10134119 http://www.dslreports.com/forum/Re-First-go-here-and-follow-Micrsofts-recommende-10134119 Sun, 02 May 2004 19:40:38 EDT Re: First go here and follow Micrsoft's recommende http://www.dslreports.com/forum/Re-First-go-here-and-follow-Micrsofts-recommende-10134046 --
Robert Tappan Morris, Jr., got six months in jail for crashing 10% of the computers that Bill Gates made $100 million crashing last weekend.]]> http://www.dslreports.com/forum/Re-First-go-here-and-follow-Micrsofts-recommende-10134046 Sun, 02 May 2004 19:32:39 EDT First go here and follow Micrsoft's recommended http://www.dslreports.com/forum/First-go-here-and-follow-Micrsofts-recommended-10132598 »www.microsoft.com/securi ··· sser.asp

(Note that the first step is not removing the worm. You need to take 2 steps to prevent immediate re-infection first.)

More on Sasser variants here:
»isc.sans.org/diary.php

If there is a continuing problem, it may be something else. Follow the steps here: »Security »I think my computer is infected or hijacked. What should I do?]]> http://www.dslreports.com/forum/First-go-here-and-follow-Micrsofts-recommended-10132598 Sun, 02 May 2004 16:24:13 EDT MS releases Sasser worm variant removal tool http://www.dslreports.com/forum/MS-releases-Sasser-worm-variant-removal-tool-10131641 A tool is available to remove the Sasser worm variants
»support.microsoft.com/?k ··· d=841720

(DonnaB discovered the link. I thought it deserved the visibility of its own topic. :) )

Make sure you also run Windows Update to get the 835732 (MS04-011) security update that prevents getting this infection.

In fact, install all "Critical Fixes and Service Packs" that "Windows Update" suggests. (Ignore updates in other catagories unless you really need them.)

More simple MS security steps here: »www.microsoft.com/securi ··· protect/]]> http://www.dslreports.com/forum/MS-releases-Sasser-worm-variant-removal-tool-10131641 Sun, 02 May 2004 14:13:44 EDT