Go to Post Our team's worst moment was the 13 years of FIRST's existence in which it did not exist. - Joe G. [more]
Home
Go Back   Chief Delphi > Other > Chit-Chat
Reload this Page Fiz got Sasser'd
CD-Media   CD-Spy  
portal register members calendar search Today's Posts Mark Forums Read FAQ rules

 
 
 
Thread Tools Rate Thread Display Modes
Prev Previous Post   Next Post Next
  #1   Spotlight this post!  
Unread 14-07-2004, 00:01
FizMan's Avatar
FizMan FizMan is offline
aboot, eh?
AKA: Chris Sinclair
#0783 (Mobotics)
Team Role: Alumni
  
Join Date: Feb 2004
Location: Toronto, Canada
Posts: 102
FizMan will become famous soon enough
Send a message via AIM to FizMan Send a message via MSN to FizMan
Fiz got Sasser'd
Some of you may or may not know of the extreme difficulties I've been having with my new computer: it would completely freeze up for aboot 20 seconds every couple minutes, many times automatically restarting the computer. Turns out that within a few hours of getting connected to the net on it, I got the deadly Sasser worm...

I thought it was a problem with the RPC locator service... I mean, how could it be a virus? I've hardly done anything with the net yet; just downloaded a few programs (i.e. winamp, quicktime)

But after a while, I started getting gay porn popups. This obviously sparked my virus-alarm... and while I was tempted to keep the homosexual pr0n popups, I decided they were too much of a nusiance. So I went by antivirus.com and started running the scan. Only to have the gay pr0n try to load the browser to its site. >< EVENTUALLY I managed to complete the scan (with a notorious use of the "Stop" button on Internet Explorer) and to my horror saw 244 infected files.

WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B

Lucky for me, not all of them were Sasser... ONE was the gay pr0n popup

Also lucky for me, all the sasser worm executables were similarily named (i.e. 31523.exe) in the same directory. But to my surprise, there were not 243 as one would suspect from the scan... but somewhere in the vacinity of 850!!!1

Cleaning up my registry, I also found another half-dozen malicious programs ><

I think I got it all cleaned up now and installed the Sasser patch and updates... but I'm afraid to restart the computer.
__________________
Joules per second! Watt? Joules per second! Watt? Jouls per second! Watt?
Reply With Quote
 

« Previous Thread | Portal | Next Thread »

Thread Tools
Display Modes Rate This Thread
Threaded Mode Threaded Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 07:37.

The Chief Delphi Forums are sponsored by Innovation First International, Inc.

Contact Us - Chief Delphi - Rules - Archive - Top

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright © Chief Delphi