Help with Sasser!

[Futher]

I apparently have the sasser virus. As soon as I start to boot up, it gives me the "shutting down in 1 minute" countdown, and won't let me use the comp at all. I can boot into safe mode, and I tried to scan the comp with the sasser prog, but it doesn't find it. Anyone know what I can do? Can I get it with Hijackthis? Thanks in advance.

 

[corkyg]

There are about 8 or 9 variants of the Sasser virus and/or worm.

Sasser

 

[FlyingPenguin]

Disconnect the computer from the Internet (I assume you have broadband) and it won't reboot. If you enable your firewall that should also prevent it from rebooting (your firewall would have prevented the infection in the first place - it blocks the port Sasser uses to infect you).

How do you know it's Sasser? There are at least 4 different viruses (and variants) that will cause a countdown reboot like that: MSBlast, Sasser, Scob and Zotob (all attack the RPC service). It's probably Zotob unless you haven't done a security update in a year.

You need to install the security updates that fix the holes these viruses exploit. Specifically KB824146, KB835732, KB870669, KB899588. Or just run Windows update and get ALL the latest updates (which would be smart).

You then need to download and run the Microsoft Malicious Software removal tool: http://www.microsoft.com/security/malwareremove/default.mspx

I would STRONGLY urge you run a FULL virus scan in SAFE MODE afterwards (make sure your anti-virus definitions are up to date!).

Hope this helps...

 

[mechBgon]

Also, get a router if at all possible (I assume you aren't on dial-up). If you're on a router but other computers share it, enable at least the Windows Firewall or another software firewall to firewall you against the other computers that share your router.