If you are using Microsoft® Windows® XP or Windows XP Service Pack 1 (SP1) and your computer has been infected by the Sasser worm, you can take these steps to update your software, remove the worm, and help protect against future infections.
Step 1: Disconnect from the Internet
To avoid further problems, disconnect from the Internet:
• Broadband connection users: Locate the cable that runs from your external DSL or cable modem and unplug that cable either from the modem or from the telephone jack.
• Dial-up connection users: Locate the cable that runs from the modem inside your computer to your telephone jack and unplug that cable either from the telephone jack or from your computer.
Top of page
Step 2: Stop the Shutdown Cycle
This worm may cause LSASS.EXE to stop responding, which forces the operating system to shut down after 60 seconds. If your computer starts to shut down, follow these steps to abort any system shutdown that may be in progress.
1.
On the taskbar at the bottom of your screen, click Start, and then click Run.
2.
Type: cmd and then click OK.
3.
At the command prompt, type: shutdown.exe -a and then press ENTER.
Top of page
Step 3: Mitigate the Vulnerability
You can temporarily remove the vulnerability that allows the worm to infect your computer by creating a log file.
Create the log file
1.
On the taskbar at the bottom of your screen, click Start, and then click Run.
2.
Type: cmd and then click OK.
3.
At the command prompt, type: echo dcpromo >%systemroot%\debug\dcpromo.log and then press ENTER.
Make the log file read-only
1.
At the command prompt, type: attrib +R %systemroot%\debug\dcpromo.log and then press ENTER.
Top of page
Step 4: Improve System Performance
If your computer is acting sluggish or if the Internet connection is slow, the worm may be flooding your local network connection. This may make it impossible for you to download and install the required software update. To improve system performance:
1.
Press CTRL+ALT+DELETE, and then click Task Manager.
2.
For each of the following tasks that may be listed, click the task to select it, and then click the End Task button to end it.
• Any task ending with _up.exe (for example, 12345_up.exe).
• Any task starting with avserve (for example, avserve.exe).
• Any task starting with avserve2 (for example, avserve2.exe).
• Any task starting with skynetave (for example, skynetave.exe).
• hkey.exe
• msiwin84.exe
• wmiprvsw.exe
Note Do not end the wmiprvse.exe task; it is a legitimate system task.
Top of page
Step 5: Enable a Firewall
A firewall is a piece of software or hardware that creates a protective barrier between your computer and the Internet. Microsoft does not manufacture stand-alone software firewalls. The following resources provide more information about some firewall options.
1.
On the taskbar at the bottom of your screen, click Start, and then click Control Panel.
2.
Click the Network and Internet Connections category.
(If the Network and Internet Connections is not visible, click Switch to Category View under Control Panel on the left side of the Control Panel window.)
3.
Click Network Connections.
4.
Right-click the Dial-up, LAN, or High-Speed Internet connection that you use to connect to the Internet, and then click Properties from the shortcut menu.
5.
On the Advanced tab, under Internet Connection Firewall, select Protect my computer and network, and then click OK. The Windows XP firewall is now enabled.
Top of page
Step 6: Reconnect to the Internet
Plug the cable (referred to in Step 1) back into your computer, telephone jack, or modem.
Top of page
Step 7: Install the Required Update
To help protect your computer against this worm in the future, you must download and install security update 835732, which was released with Microsoft Security Bulletin MS04-011. To download security update 835732, go to http://go.microsoft.com/?LinkID=601354
Top of page
Step 8: Check For and Remove Sasser
After you have installed the update and restarted your computer, go to the Web page "What You Should Know About the Sasser Worm and Its Variants" at http://www.microsoft.com/security/incident/sasser.mspx. Use the Sasser Worm Removal Tool to search your hard disk for and remove Sasser.A, Sasser.B, Sasser.C, Sasser.D, Sasser.E, and Sasser.F.
If you are using Microsoft® Windows® XP or Windows XP Service Pack 1 (SP1) and your computer has been infected by the Sasser worm, you can take these steps to update your software, remove the worm, and help protect against future infections.
Step 1: Disconnect from the Internet
To avoid further problems, disconnect from the Internet:
• Broadband connection users: Locate the cable that runs from your external DSL or cable modem and unplug that cable either from the modem or from the telephone jack.
• Dial-up connection users: Locate the cable that runs from the modem inside your computer to your telephone jack and unplug that cable either from the telephone jack or from your computer.
Top of page
Step 2: Stop the Shutdown Cycle
This worm may cause LSASS.EXE to stop responding, which forces the operating system to shut down after 60 seconds. If your computer starts to shut down, follow these steps to abort any system shutdown that may be in progress.
1.
On the taskbar at the bottom of your screen, click Start, and then click Run.
2.
Type: cmd and then click OK.
3.
At the command prompt, type: shutdown.exe -a and then press ENTER.
Top of page
Step 3: Mitigate the Vulnerability
You can temporarily remove the vulnerability that allows the worm to infect your computer by creating a log file.
Create the log file
1.
On the taskbar at the bottom of your screen, click Start, and then click Run.
2.
Type: cmd and then click OK.
3.
At the command prompt, type: echo dcpromo >%systemroot%\debug\dcpromo.log and then press ENTER.
Make the log file read-only
1.
At the command prompt, type: attrib +R %systemroot%\debug\dcpromo.log and then press ENTER.
Top of page
Step 4: Improve System Performance
If your computer is acting sluggish or if the Internet connection is slow, the worm may be flooding your local network connection. This may make it impossible for you to download and install the required software update. To improve system performance:
1.
Press CTRL+ALT+DELETE, and then click Task Manager.
2.
For each of the following tasks that may be listed, click the task to select it, and then click the End Task button to end it.
• Any task ending with _up.exe (for example, 12345_up.exe).
• Any task starting with avserve (for example, avserve.exe).
• Any task starting with avserve2 (for example, avserve2.exe).
• Any task starting with skynetave (for example, skynetave.exe).
• hkey.exe
• msiwin84.exe
• wmiprvsw.exe
Note Do not end the wmiprvse.exe task; it is a legitimate system task.
Top of page
Step 5: Enable a Firewall
A firewall is a piece of software or hardware that creates a protective barrier between your computer and the Internet. Microsoft does not manufacture stand-alone software firewalls. The following resources provide more information about some firewall options.
1.
On the taskbar at the bottom of your screen, click Start, and then click Control Panel.
2.
Click the Network and Internet Connections category.
(If the Network and Internet Connections is not visible, click Switch to Category View under Control Panel on the left side of the Control Panel window.)
3.
Click Network Connections.
4.
Right-click the Dial-up, LAN, or High-Speed Internet connection that you use to connect to the Internet, and then click Properties from the shortcut menu.
5.
On the Advanced tab, under Internet Connection Firewall, select Protect my computer and network, and then click OK. The Windows XP firewall is now enabled.
Top of page
Step 6: Reconnect to the Internet
Plug the cable (referred to in Step 1) back into your computer, telephone jack, or modem.
Top of page
Step 7: Install the Required Update
To help protect your computer against this worm in the future, you must download and install security update 835732, which was released with Microsoft Security Bulletin MS04-011. To download security update 835732, go to http://go.microsoft.com/?LinkID=601354
Top of page
Step 8: Check For and Remove Sasser
After you have installed the update and restarted your computer, go to the Web page "What You Should Know About the Sasser Worm and Its Variants" at http://www.microsoft.com/security/incident/sasser.mspx. Use the Sasser Worm Removal Tool to search your hard disk for and remove Sasser.A, Sasser.B, Sasser.C, Sasser.D, Sasser.E, and Sasser.F.
If you are using Microsoft® Windows® XP or Windows XP Service Pack 1 (SP1) and your computer has been infected by the Sasser worm, you can take these steps to update your software, remove the worm, and help protect against future infections.
Step 1: Disconnect from the Internet
To avoid further problems, disconnect from the Internet:
• Broadband connection users: Locate the cable that runs from your external DSL or cable modem and unplug that cable either from the modem or from the telephone jack.
• Dial-up connection users: Locate the cable that runs from the modem inside your computer to your telephone jack and unplug that cable either from the telephone jack or from your computer.
Top of page
Step 2: Stop the Shutdown Cycle
This worm may cause LSASS.EXE to stop responding, which forces the operating system to shut down after 60 seconds. If your computer starts to shut down, follow these steps to abort any system shutdown that may be in progress.
1.
On the taskbar at the bottom of your screen, click Start, and then click Run.
2.
Type: cmd and then click OK.
3.
At the command prompt, type: shutdown.exe -a and then press ENTER.
Top of page
Step 3: Mitigate the Vulnerability
You can temporarily remove the vulnerability that allows the worm to infect your computer by creating a log file.
Create the log file
1.
On the taskbar at the bottom of your screen, click Start, and then click Run.
2.
Type: cmd and then click OK.
3.
At the command prompt, type: echo dcpromo >%systemroot%\debug\dcpromo.log and then press ENTER.
Make the log file read-only
1.
At the command prompt, type: attrib +R %systemroot%\debug\dcpromo.log and then press ENTER.
Top of page
Step 4: Improve System Performance
If your computer is acting sluggish or if the Internet connection is slow, the worm may be flooding your local network connection. This may make it impossible for you to download and install the required software update. To improve system performance:
1.
Press CTRL+ALT+DELETE, and then click Task Manager.
2.
For each of the following tasks that may be listed, click the task to select it, and then click the End Task button to end it.
• Any task ending with _up.exe (for example, 12345_up.exe).
• Any task starting with avserve (for example, avserve.exe).
• Any task starting with avserve2 (for example, avserve2.exe).
• Any task starting with skynetave (for example, skynetave.exe).
• hkey.exe
• msiwin84.exe
• wmiprvsw.exe
Note Do not end the wmiprvse.exe task; it is a legitimate system task.
Top of page
Step 5: Enable a Firewall
A firewall is a piece of software or hardware that creates a protective barrier between your computer and the Internet. Microsoft does not manufacture stand-alone software firewalls. The following resources provide more information about some firewall options.
1.
On the taskbar at the bottom of your screen, click Start, and then click Control Panel.
2.
Click the Network and Internet Connections category.
(If the Network and Internet Connections is not visible, click Switch to Category View under Control Panel on the left side of the Control Panel window.)
3.
Click Network Connections.
4.
Right-click the Dial-up, LAN, or High-Speed Internet connection that you use to connect to the Internet, and then click Properties from the shortcut menu.
5.
On the Advanced tab, under Internet Connection Firewall, select Protect my computer and network, and then click OK. The Windows XP firewall is now enabled.
Top of page
Step 6: Reconnect to the Internet
Plug the cable (referred to in Step 1) back into your computer, telephone jack, or modem.
Top of page
Step 7: Install the Required Update
To help protect your computer against this worm in the future, you must download and install security update 835732, which was released with Microsoft Security Bulletin MS04-011. To download security update 835732, go to http://go.microsoft.com/?LinkID=601354
Top of page
Step 8: Check For and Remove Sasser
After you have installed the update and restarted your computer, go to the Web page "What You Should Know About the Sasser Worm and Its Variants" at http://www.microsoft.com/security/incident/sasser.mspx. Use the Sasser Worm Removal Tool to search your hard disk for and remove Sasser.A, Sasser.B, Sasser.C, Sasser.D, Sasser.E, and Sasser.F.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
FAQ
Search
Register
Profile
Log in to check your private messages
Log in
