Fiz got Sasser'd

Other Chit-Chat
1

Some of you may or may not know of the extreme difficulties I’ve been having with my new computer: it would completely freeze up for aboot 20 seconds every couple minutes, many times automatically restarting the computer. Turns out that within a few hours of getting connected to the net on it, I got the deadly Sasser worm…

I thought it was a problem with the RPC locator service… I mean, how could it be a virus? I’ve hardly done anything with the net yet; just downloaded a few programs (i.e. winamp, quicktime)

But after a while, I started getting gay porn popups. This obviously sparked my virus-alarm… and while I was tempted to keep the homosexual pr0n popups, I decided they were too much of a nusiance. So I went by antivirus.com and started running the scan. Only to have the gay pr0n try to load the browser to its site. >< EVENTUALLY I managed to complete the scan (with a notorious use of the “Stop” button on Internet Explorer) and to my horror saw 244 infected files.

WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B
WORM_SASSER.B

Lucky for me, not all of them were Sasser… ONE was the gay pr0n popup http://ffradio.sytes.net/yabb/YaBBImages/wink.gif

Also lucky for me, all the sasser worm executables were similarily named (i.e. 31523.exe) in the same directory. But to my surprise, there were not 243 as one would suspect from the scan… but somewhere in the vacinity of 850!!!1

Cleaning up my registry, I also found another half-dozen malicious programs ><

I think I got it all cleaned up now and installed the Sasser patch and updates… but I’m afraid to restart the computer. http://ffradio.sytes.net/yabb/YaBBImages/cheesy.gif

2

this is not suprising because worms replicate at a very fast rate. it is possible that there were 243 when the scan was done and they replicated to atleast 850. having had viri myself i know this can be very troublesome but i’m sure with the patches you will be fine. just make sure you install some virus software and keep it up to date

3