Perhaps you could try the sasser removal tool that
Microsoft provides. It says it works for A and B, but it'd be worth trying
on C too...
-or-
I haven't noticed problems on my systems yet, but that's
probably because the worm travels over port 445 which I am blocking at the
subnet border with IPSec.
Jeff Bowes
We are also seeing this, and the Symantec tool is not detecting on
our PCs either. The error message we see says, in part, "LSASS.exe termintaed
with code 128."
Gene
On 5/3/2004 11:09 AM, Cameron Ramo Williams
wrote:
[log in to unmask] type="cite">Hello
fellow NAGers
I was wondering if anyone here has found evidence of new
Sasser worm
variants on campus PCs? We have a couple PCs that exhibit the
random
reboots that make me suspect they have been infected with the
Sasser worm,
but the removal tools I downloaded from Symantec have been
run repeatedly on
these PCs in safe mode and have not found any evidence
of Sasser. According
to Symantec, the removal tools cover the initial
Sasser worm and variants B
and C. I just wondered if anyone else has found
evidence of Sasser but have
been unable to get a removal tool to detect
it's presence? I surmise it is
some new variant that the removal tool is
not able to locate and remove.
Any others with this experience today?
Thanks!
Cameron Williams
---
_______________________________________
Cameron R. Williams
Information Technologist
Center for Global Change and Earth
Observations
Michigan State University
101 Manly Miles
East
Lansing, MI 48825
(517) 432-4675
[log in to unmask]
--
Gene
Willacker
Systems Analyst
H&FS Systems Operations
Group
Michigan State University
Food Stores Building
East Lansing, MI
48824
1-517-353-1691