[fishtank]

[j_tull]

I'm fighting it now. We couldn't patch any of our Dell C400's becuase they won't boot with the patch installed. Sux.

[Monty22]

You know, I'm not really that happy with Trend Micro's software. Everytime I boot, after installing mirc, it'll say it cleans up an irc.backdoor.trojan.

I've been emailing them for weeks, and it's obviously a false positive. I reinstalled XP from scratch, put their software on, and the instant I did a fresh mirc install, blammo again. I also get some other weird 'cleanups' that I'm not sure are correct.

I'm thinking of going to Panda. Anyone know how that one rates?

[Clemenza]

Last night, I cleaned Sasser off my sistem. It was screwing up my OS for TWO WEEKS. After an hour on the phone with Microsoft, I was able to clear it.

[PigRigger]

"Sasser Worm Infects Thousands of Computers Worldwide....



Back in the late 80's & early 90's Sasser infected the Mets.

[FourPeas]

And, an interesting tidbit from the f-secure site:

The Netsky Connection Posted by Mikko @ 05:18 GMT
--------------------------------------------------------------------------------

New variant of Netsky (Netsky.AC, the 29th variant) was found last night. Nothing new in there.

However, this variant contains this text embedded in the code, which we will be posting publicly although we normally don't do this:

Hey, av firms, do you know that we have programmed the sasser virus?!?.
Yeah thats true! Why do you have named it sasser?
A Tip: Compare the FTP-Server code with the one from Skynet.V!!!
LooL! We are the Skynet...

[Psycho_Bunny]

My mother's sooooo cutting edge...so ahead of the curve...she caught it Wednesday night....on dial-up.

DON'T READ THIS PART MOM

I'd built her a new computer and forgot to enable the firewall so it's my fault she got it but, that's our little secret.

 

[Arthalion]

This will no doubt explode today across the Internet. The spread of this virus has been "slow" for a reason...it was released on a weekend, so most business machines were simply turned off. As these PC's are powered up for the coming work week...boom.

Where I work, the operations guys were given carte blanche after the last rounds of worm infections to keep it from happening again. Using a combination of intelligent routers, carefully located segmenting firewalls, VLANS, and a new forced update system to keep everyone patched up, we're crossing our fingers that this one wont hit us in any significant way.

[FourtySeven]

For a techno dummy like me:

I don't understand how this spreads if not through e-mail? Anyone know?

[Billthedrill]

Just cleaned it off a consultant's computer (NOT one on our network) - it was rebooting his system every 60 seconds with a LSASS.EXE error message. Minor annoyance except to that poor guy, who's lost half a day's work.

@#%^$#$!!! script kiddies...

[Billthedrill]

FWIW - HERE are Microsoft's instructions for getting rid of the little SOB...

[general_re]

It's not coming that fast yet - only 30 hits on the firewall in the last 45 minutes from this thing...

[Snowy]

All of the 'family computer experts' take cover! Unplug your phones! Lock your doors!

[tort_feasor]

Got slamed by it. Bump to let all Freepers know about it.

[FourPeas]

From Reuters:

Sasser Worm Strikes Countless PCs Worldwide

By Brett Young

HELSINKI, Finland (Reuters) - The fast-spreading "Sasser" computer worm has infected hundreds of thousands of PCs globally and the number could rise sharply, a top computer security official said on Monday.

"If you take a normal Windows PC and connect to the Internet, you will be infected in 10 minutes (without protection)," Mikko Hypponen, Anti-Virus research director at Finnish data security firm F-Secure (FSC1V.HE: Quote, Profile, Research) , told Reuters.

"It seems to be gradually getting worse, but it could jump as the U.S. wakes up," he said.

F-Secure says the worm, which surfaced over the weekend, automatically spreads via the Internet to computers using the Microsoft (MSFT.O: Quote, Profile, Research) Windows operating system, especially Windows 2000 and XP.

The spread of the virus has been muted so far, Hypponen said, as it emerged on a weekend, and with holidays closing offices in places like the United Kingdom and Japan on Monday.

But the spread was expected to worsen as the work week hits its stride, Hypponen said, adding he believes the worm originated in Russia.

It was not immediately known what impact the worm was having on computer networks of U.S. companies as they started the business day.

U.S. carrier Delta Air Lines (DAL.N: Quote, Profile, Research) suffered a computer glitch on Saturday that caused delays and cancellations of certain flights across its system, but a spokesman said there was no information yet as to the cause.

A Microsoft representative was not immediately available for comment, but said in a statement that customers could protect themselves by erecting personal firewalls that separate internal networks from public networks, and by downloading Microsoft security patches.

The company also said it was working with law enforcement officials, including the Northwest CyberCrime Taskforce, to analyze the worm and to identify those responsible for it.

Finnish bancassurer Sampo (SAMAS.HE: Quote, Profile, Research) temporarily closed all of its 130 branch offices on Monday as a precaution.

In Australia, Westpac Bank (WBC.AX: Quote, Profile, Research) said it was hit by the worm, and branches had to use pen and paper to allow them to keep trading, The Australian newspaper (http://www.theaustralian.news.com) reported.
"With Sasser it seems that companies are (using software) patches better and more quickly than last year (with virus "Blaster"), but for those that are hit, they are hit hard," Hypponen said.

Blaster infected computers around the globe last year.

NO NEED TO CLICK

The current worm does not need to be activated by double-clicking on an attachment, and can strike even if no one is using the PC at the time. When a machine is infected, error messages may appear and the computer may reboot repeatedly.

"Compared to what happened with Blaster ... last August ... this virus has all the same features," Hypponen said, noting that both worms exploited relatively new holes in Windows and frequently caused computers to reboot.

Microsoft said Blaster cost it "millions of dollars of damages," and has issued a $250,000 bounty for information on the whereabouts of its author.

F-Secure said corporate networks should be protected against Sasser and its variants by firewalls -- Internet road blocks that separate internal from public networks.

F-Secure said the worm emerged 18 days after Microsoft posted a corrective-code software patch on its Web site. This continues a common pattern with viruses whereby companies announce flaws in their software and hackers race to exploit them.

For home computer users, people should make sure they have downloaded the patch from Microsoft to fix the breach. If their computer is infected, it must first be downloaded before the virus is removed or else the PC could catch the worm again.

Hypponen said he was not sure there was a better way for companies to alert users to software problems.

"There are always going to be security holes in mainstream products," he said. "Even if these are not made public, the bad boys will find out about them anyway."

[CyberCowboy777]

W32.Sasser Removal Tool

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

[rwfromkansas]

I recently had something get onto my computer that has installed a lot of adware.

I have Spybot Search and Destroy, Norton AV, Ad Aware, and Swat It.

I have run all of them, but something obviously can't be removed since I notice every time I go back into Ad-Aware another huge number of adware files is in there, so the main suspicious program has not been fully removed.

Any advice on what to do?

[FourPeas]

Just for grins, here's the Microsoft link on Sasser

[sully777]

Anyone want an Apple while their system is down?

[Buggman]

I'm just going to bump this so I can find it again when I get home. I'm pretty sure the computers at my night job are infected. Thanks.