gfxgfx
 
Welcome, Guest. Please login or register.

Login with username, password and session length

April 24, 2014, 05:51:36 AM
gfxgfx

gfx* Home Forum Home Releases BitTorrent Tracker Contact Us xDCC Bot Listing Help Login Registergfx
Anime-Kraze.org  |  Main Boards  |  Announcements (Moderators: runpsicat, danomac)  |  Sasser/lsass Virus/Security Hole in Windows2k/XP « previous next »
Pages: [1] 2 Send this topic Print
Author Topic: Sasser/lsass Virus/Security Hole in Windows2k/XP  (Read 6075 times)
Zerox20
.: Kraze Starter :.
**
Posts: 55



WWW
« on: May 02, 2004, 06:07:42 PM »

In the last day or so a new virus has been released called the SASSER virus.  This virus acts like the blaster virus, so you need windows XP patches to protect against it, the latest Virus definitions should protect against it also.  If you have this virus whenever you try to go on the internet you will get a countdown timer and an error about lsass.exe.  

http://www.microsoft.com/security/incident/sasser.asp

If you head there, that site will have all the fixes and information you need to for taking care of the new virus.  This virus is spreading about like the blaster is.

Symantec Response: w32.sasser.worm @ Symantec Security

Be sure to check this out and run ALL of your windows updates and update all VIRUS definitions as soon as possibe.

Please only respond to this to help others, I will try to check everyday and help people with this issue.

EDIT: I have posted the screenshot that shows how your infected and some extra help on the TweakXP forums:
http://forum.tweakxp.com/forum/forum_posts_view.asp?TID=14083&PN=1
Report to moderator   Logged

-- Zerox20
-- Founder #Anime-Kraze @ irc.rizon.net
-- http://www.anime-kraze.org
Guy Incognito
.: Kraze Rookie :.
*
Posts: 3


« Reply #1 on: May 03, 2004, 09:25:20 AM »

Another way to protect yourself is to close port 445. You do this by adding something to the registry.
Open "start --> run" an type "regedit", go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters", there you add a DWORD value (rightclick --> new --> DWORD value), call it "SMBDeviceEnabled" and set the value to 0.

Now Port 445 is closed and cannot be used by worms like SASSER anymore.

If you want to know which ports are open on your system use Active Ports.
Report to moderator   Logged
Zerox20
.: Kraze Starter :.
**
Posts: 55



WWW
« Reply #2 on: May 03, 2004, 10:41:09 AM »

Be careful when editing the registry, when Sp2 comes out, it will have that port already protected inside of windows XP, closing the port now could cause some problems down the line, but you can close it now. Make sure you backup the registry.
Report to moderator   Logged

-- Zerox20
-- Founder #Anime-Kraze @ irc.rizon.net
-- http://www.anime-kraze.org
whoa2014
.: Kraze Starter :.
**
Posts: 101


« Reply #3 on: May 04, 2004, 05:51:49 PM »

if you already have the virus and can't get online to download virus updates (i'm assuming you're reading this on a different comp.)..... when the shutdown box pops up after being connected for a minute (or however fast it comes up)......

hit start --> Run ---> type: "shutdown -a"

that will close the little box thing and you'll be able to use the internet without your comp. restarting until you yourself restart it or disconnect/reconnect to the internet.....
Report to moderator   Logged
Kaze-Blue
.: Kraze Super Elite :.
*****
Posts: 2247



« Reply #4 on: May 05, 2004, 01:18:30 AM »

Just fixed my sister's PC.  All updated now Very Happy  

What a crappy worm - I hope they catch the jerk who made this one too, like the last guy Mad
Report to moderator   Logged

Kaze-Blue
.: Kraze Super Elite :.
*****
Posts: 2247



« Reply #5 on: May 11, 2004, 01:04:17 AM »

Check this out:

http://www.cnn.com/2004/TECH/internet/05/10/computer.worm.ap/index.html

They caught  the prick, but it might not be over yet.
Report to moderator   Logged

Chococat
Chocolate-coloured nose cat
Global Moderator
.: Kraze Super Elite :.
****
Posts: 4419


I R Cute


« Reply #6 on: May 11, 2004, 01:35:34 AM »

I don't blame him any more that that I blame the stupid users that do not update their OS.

Yes, he created a worm that exploited a hole in the windows OS. But, if he hadn't then someone else would have.

It is not a problem of him creating a worm, it is a problem of users NOT updating their software.

The sad thing is that people don't learn. REMEMBER BLASTER.

If you are going to have your computer connected to the internet all the time, UPDATE YOUR SOFTWARE.

That was my happy rant.
Report to moderator   Logged

MidnightSG
.: Kraze Rookie :.
*
Posts: 28



« Reply #7 on: May 11, 2004, 02:52:30 PM »

Oh wow, thank you. I always keep myself updated on my main PC but I was never that big on updating my laptop (I don’t use it on the internet much) so it got it but that was easy uninstalling it. It saved me a 300+ long novel I am writing.
*bows*
Report to moderator   Logged

Kaze-Blue
.: Kraze Super Elite :.
*****
Posts: 2247



« Reply #8 on: May 11, 2004, 05:54:12 PM »

I agree with what you say BB, but that certainly dosen't excuse that German dude's bad behavior, regardless of his excuses.
Report to moderator   Logged

Crowley
.: Kraze Super Elite :.
*****
Posts: 2601



« Reply #9 on: May 11, 2004, 10:44:30 PM »

Quote from: BBTroll
I don't blame him any more that that I blame the stupid users that do not update their OS.

Yes, he created a worm that exploited a hole in the windows OS. But, if he hadn't then someone else would have.

It is not a problem of him creating a worm, it is a problem of users NOT updating their software.

The sad thing is that people don't learn. REMEMBER BLASTER.

If you are going to have your computer connected to the internet all the time, UPDATE YOUR SOFTWARE.

That was my happy rant.
Didn't the update come out after he release the virus and expose what had to be updated?  Any damage long after the update is partly to blame on the users, but he did make it.
Report to moderator   Logged

Erik
Guest
« Reply #10 on: May 12, 2004, 04:00:43 AM »

So whats the damage?, i thought the virus just kept on rebooting your system, nothing more
Report to moderator   Logged
Guy Incognito
.: Kraze Rookie :.
*
Posts: 3


« Reply #11 on: May 12, 2004, 04:21:04 AM »

He lives just a few miles away from me, maybe I should visit him, hehe.

The author of phatbot, also German, was arrested, too.
Report to moderator   Logged
Kaze-Blue
.: Kraze Super Elite :.
*****
Posts: 2247



« Reply #12 on: May 12, 2004, 01:45:37 PM »

Quote from: Erik
So whats the damage?, i thought the virus just kept on rebooting your system, nothing more
That's pretty much all it did - a modified blaster worm.
Report to moderator   Logged

Erik
Guest
« Reply #13 on: May 12, 2004, 02:29:54 PM »

heh, pretty harmless virus then, i dont mind those
Report to moderator   Logged
LazyWulfran
Destroyer of Post Counts
Global Moderator
.: Kraze Super Elite :.
****
Posts: 4110


Remember, I wield the Banhammer


« Reply #14 on: May 12, 2004, 02:41:03 PM »

I thought it was pretty funny myself.
Report to moderator   Logged

Anime-Kraze.org  |  Main Boards  |  Announcements (Moderators: runpsicat, danomac)  |  Sasser/lsass Virus/Security Hole in Windows2k/XP « previous next »
Pages: [1] 2 Send this topic Print 
Jump to:  
Powered by MySQL Powered by PHP Powered by SMF 1.1.15 | SMF © 2006-2011, Simple Machines
Apollo design by Bloc
Valid XHTML 1.0! Valid CSS!