Sasser/lsass Virus/Security Hole in Windows2k/XP

[Zerox20]

In the last day or so a new virus has been released called the SASSER virus.  This virus acts like the blaster virus, so you need windows XP patches to protect against it, the latest Virus definitions should protect against it also.  If you have this virus whenever you try to go on the internet you will get a countdown timer and an error about lsass.exe.  

http://www.microsoft.com/security/incident/sasser.asp

If you head there, that site will have all the fixes and information you need to for taking care of the new virus.  This virus is spreading about like the blaster is.

Symantec Response: w32.sasser.worm @ Symantec Security

Be sure to check this out and run ALL of your windows updates and update all VIRUS definitions as soon as possibe.

Please only respond to this to help others, I will try to check everyday and help people with this issue.

EDIT: I have posted the screenshot that shows how your infected and some extra help on the TweakXP forums:
http://forum.tweakxp.com/forum/forum_posts_view.asp?TID=14083&PN=1

[Guy Incognito]

Another way to protect yourself is to close port 445. You do this by adding something to the registry.
Open "start --> run" an type "regedit", go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters", there you add a DWORD value (rightclick --> new --> DWORD value), call it "SMBDeviceEnabled" and set the value to 0.

Now Port 445 is closed and cannot be used by worms like SASSER anymore.

If you want to know which ports are open on your system use Active Ports.

[Zerox20]

Be careful when editing the registry, when Sp2 comes out, it will have that port already protected inside of windows XP, closing the port now could cause some problems down the line, but you can close it now. Make sure you backup the registry.

[whoa2014]

if you already have the virus and can't get online to download virus updates (i'm assuming you're reading this on a different comp.)..... when the shutdown box pops up after being connected for a minute (or however fast it comes up)......

hit start --> Run ---> type: "shutdown -a"

that will close the little box thing and you'll be able to use the internet without your comp. restarting until you yourself restart it or disconnect/reconnect to the internet.....

[Kaze-Blue]

Just fixed my sister's PC.  All updated now  

What a crappy worm - I hope they catch the jerk who made this one too, like the last guy

[Kaze-Blue]

Check this out:

http://www.cnn.com/2004/TECH/internet/05/10/computer.worm.ap/index.html

They caught  the prick, but it might not be over yet.

[Chococat]

I don't blame him any more that that I blame the stupid users that do not update their OS.

Yes, he created a worm that exploited a hole in the windows OS. But, if he hadn't then someone else would have.

It is not a problem of him creating a worm, it is a problem of users NOT updating their software.

The sad thing is that people don't learn. REMEMBER BLASTER.

If you are going to have your computer connected to the internet all the time, UPDATE YOUR SOFTWARE.

That was my happy rant.

[MidnightSG]

Oh wow, thank you. I always keep myself updated on my main PC but I was never that big on updating my laptop (I don’t use it on the internet much) so it got it but that was easy uninstalling it. It saved me a 300+ long novel I am writing.
*bows*

[Kaze-Blue]

I agree with what you say BB, but that certainly dosen't excuse that German dude's bad behavior, regardless of his excuses.

[Crowley]

I don't blame him any more that that I blame the stupid users that do not update their OS.

Yes, he created a worm that exploited a hole in the windows OS. But, if he hadn't then someone else would have.

It is not a problem of him creating a worm, it is a problem of users NOT updating their software.

The sad thing is that people don't learn. REMEMBER BLASTER.

If you are going to have your computer connected to the internet all the time, UPDATE YOUR SOFTWARE.

That was my happy rant.

Didn't the update come out after he release the virus and expose what had to be updated?  Any damage long after the update is partly to blame on the users, but he did make it.

[Erik]

So whats the damage?, i thought the virus just kept on rebooting your system, nothing more

[Guy Incognito]

He lives just a few miles away from me, maybe I should visit him, hehe.

The author of phatbot, also German, was arrested, too.

[Kaze-Blue]

So whats the damage?, i thought the virus just kept on rebooting your system, nothing more

That's pretty much all it did - a modified blaster worm.

[Erik]

heh, pretty harmless virus then, i dont mind those

[LazyWulfran]

I thought it was pretty funny myself.