Print

Print
Our guys working on the PCs tell me the error code 128 is an old one, and refers to a patch they did a long time ago. The associated error message said something about the cause being not re-booting after applying a patch, which they did at that time. I believe we got the latest MS patch last week.

On 5/3/2004 11:26 AM, Lee Duynslager wrote:

Did you ensure that the machine was already updated with the Critical Security Patches?

 

 

Lee

 

Lee Duynslager

Information Technologist

Integrated Plant Systems

Michigan State University

 

(517) 432-5296

 

-----Original Message-----
From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Gene Willacker
Sent: Monday, May 03, 2004 10:21 AM
To: [log in to unmask]
Subject: Re: [MSUNAG] Possible Sasser worm variants?

 

We are also seeing this, and the Symantec tool is not detecting on our PCs either. The error message we see says, in part, "LSASS.exe termintaed with code 128."

Gene

On 5/3/2004 11:09 AM, Cameron Ramo Williams wrote:

Hello fellow NAGers

I was wondering if anyone here has found evidence of new Sasser worm
variants on campus PCs? We have a couple PCs that exhibit the random
reboots that make me suspect they have been infected with the Sasser worm,
but the removal tools I downloaded from Symantec have been run repeatedly on
these PCs in safe mode and have not found any evidence of Sasser. According
to Symantec, the removal tools cover the initial Sasser worm and variants B
and C. I just wondered if anyone else has found evidence of Sasser but have
been unable to get a removal tool to detect it's presence? I surmise it is
some new variant that the removal tool is not able to locate and remove.
Any others with this experience today?

Thanks!

Cameron Williams
---
_______________________________________
Cameron R. Williams
Information Technologist
Center for Global Change and Earth Observations
Michigan State University
101 Manly Miles
East Lansing, MI 48825
(517) 432-4675
[log in to unmask]

 

--
Gene Willacker
Systems Analyst
H&FS Systems Operations Group
Michigan State University
Food Stores Building
East Lansing, MI 48824
1-517-353-1691

 

This message has been sanitized - it may have been altered to improve security, as described below. 

 
Sanitizer (start="1083597814"):
  Part (pos="2195"):
    SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
      Match (names="unnamed.txt", rule="2"):
        Enforced policy: accept
 
  Part (pos="3790"):
    SanitizeFile (filename="unnamed.html", mimetype="text/html"):
      Match (rule="default"):
        Enforced policy: accept
 
    Note: Styles and layers give attackers many tools to fool the
    user and common browsers interpret Javascript code found
    within style definitions.  References:
     - http://www.securityfocus.com/bid/630
     - http://archives.indenial.com/hypermail/bugtraq/2001/January2001/0512.html
    Rewrote HTML tag: >>_div class="moz-signature"_<<
                  as: >>_p__MODIFIED_div class="moz-signature"_<<
    Rewrote HTML tag: >>_/div_<<
                  as: >>_/p__MODIFIED_div_<<
    Total modifications so far: 2
 
 

See http://help.msu.edu/mail/sanitizer.html for more information.

 


--
Gene Willacker
Systems Analyst
H&FS Systems Operations Group
Michigan State University
Food Stores Building
East Lansing, MI 48824
1-517-353-1691