| New Virus Exploiting Microsoft Holes |
| Author: |
Message: |
matty
Scripting Guru
Posts: 8336
Reputation: 109
39 /  / 
Joined: Dec 2002
Status: Away
|
O.P. New Virus Exploiting Microsoft Holes
Microsoft Windows LSASS Buffer Overrun Vulnerability
Description
Microsoft Windows LSASS (Local Security Authority Subsystem Service) is prone to a remotely exploitable buffer overrun vulnerability. Successful exploitation of this issue could allow a remote attacker to execute malicious code on a vulnerable system, resulting in full system compromise.
This issue could be exploited by an anonymous user on Microsoft Windows 2000 and XP operating systems. The issue may reportedly only be exploited by local, authenticated users on Microsoft Windows Server 2003 and Microsoft Windows XP 64-Bit Edition 2003.
Symantec Vulnerability Assessment
Symantec Vulnerability Assessment detects and reports this vulnerability. Click here for the advisory released April 13, 2004.
http://securityresponse.symantec.com/avcenter/sec...Content/10108.html
Stupid Microsoft making everyone aware of their holes then people make viruses, well work will be busy next few months, I do tech support and heard there was 160 calls waiting 
![[Image: attachment.php?pid=236608]](http://shoutbox.menthix.net/attachment.php?pid=236608)
Image credit to Matty.
----------------------------------------------------------------
Removal
Norton Removal Tool
Download the FxSasser.exe file from: http://securityresponse.symantec.com/avcenter/FxSasser.exe.
Save the file to a convenient location, such as your downloads folder or the Windows desktop, or removable media known to be uninfected.
To check the authenticity of the digital signature, refer to the "Digital signature" section later in this writeup.
Close all the running programs before running the tool.
If you are on a network or if you have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
If you are running Windows Me or XP, then disable System Restore. Refer to the "System Restore option in Windows Me/XP" section later in this writeup for further details.
Caution: If you are running Windows Me/XP, we strongly recommend that you do not skip this step.
Double-click the FxSasser.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer.
Run the removal tool again to ensure that the system is clean.
If you are running Windows Me/XP, then re-enable System Restore.
Run LiveUpdate to make sure that you are using the most current virus definitions.
Disable System Restore Windows ME
Click Start
Click Settings
Click Control Panel
Double Click System
Click Preformance Tab at the top
Click File System
Click Troubleshooting Tab at the top
Check Disable System Restore (last box)
Click Ok, then Ok again
Disable System Restore Windows XP
Click Start
Click Run
Type "control panel" (without the quotes)
If in Category View(Says Pick a Category at the top) Click on System
If in Classic View (All icons shown) Double Click System
Click the System Restore tab at the top
Check the box that says Turn off System Restore on all drives.
You will be prompted and asked if you are sure and that all restore points will be deleted, Click Yes
Then click Apply, then Click OK
IF BY ANY CHANCE IN THE PROCESS OF DOING THIS THE BOX TO SHUT DOWN YOUR COMPUTER POPS UP DO THE FOLLOWING...
Click Start
Click Run
type "shutdown -a" (without the quotes)
Then Run the Removal Tool From Norton
After you have Run the Patch
Download and install the Microsoft update from here
(This Patch is for Windows XP Home and Pro with and without SP1)
For other Operating Systems please visit here
------------------------------
Variants
W32.Sasser.Worm
W32.Sasser.B.Worm
W32.Sasser.C.Worm
 Attachment: Sasser Worm.gif (7.44 KB)
This file has been downloaded 377 time(s).
This post was edited on 05-08-2004 at 04:20 PM by matty.
|
|
| 05-02-2004 03:46 AM |
|
 |
Patchou
Messenger Plus! Creator
Posts: 8607
Reputation: 201
43 / /
Joined: Apr 2002
|
|
RE: New Virus Exploiting Microsoft Holes
Bha.. don't worry about it, IT guys always take those things way too seriously. As for Microsoft publishing this kind of information, that's because they released a patch so anyone who is scared can secure himself easily. If they don't publish the info, they get accused of hidding things.
Thanks for the post.
|
|
| 05-02-2004 04:50 AM |
|
|
Jordan2004
Junior Member
The Electronic Brain Community Admin
Posts: 53
37 / / –
Joined: Jan 2004
|
RE: New Virus Exploiting Microsoft Holes
quote:
Originally posted by Patchou
Bha.. don't worry about it, IT guys always take those things way too seriously.
Agreed Patch. 
Even though this is a very serious and quick spreading virus, there is already a patch for this on Windows Update (for affected operating systems), and virus definition are already updated. Therefore anyone who keeps their system up-to-date is not really going to be affected.
That's generally all users really need to do to combat viruses at the moment. |
|
| 05-02-2004 11:31 AM |
|
|
tomfletcherman
Senior Member
Posts: 929
Reputation: 7
35 / / –
Joined: Dec 2002
|
RE: New Virus Exploiting Microsoft Holes
My firewalls just blocked three trojans, probably that  |
|
| 05-02-2004 03:02 PM |
|
|
Mike
Elite Member
Meet the Spam Family!
Posts: 2795
Reputation: 48
31 / / 
Joined: Mar 2003
|
RE: New Virus Exploiting Microsoft Holes
Hmmm...
I got this shutdown message today about Issas.exe being closed but after the 60 secs, computer didnt shutdown 
If I was going to the shutdown button on xp it was showing the log of screen.
When i clicked log off it stayed at "Saving your settings" and i had to close my computer with the hard way...
But after that i didnt got the same thing....
Btw wasnt blaster doing the same thing? |
|
| 05-02-2004 07:51 PM |
|
|
matty
Scripting Guru
Posts: 8336
Reputation: 109
39 / /
Joined: Dec 2002
Status: Away
|
O.P. RE: New Virus Exploiting Microsoft Holes
quote:
Originally posted by Mike2
Hmmm...
I got this shutdown message today about Issas.exe being closed but after the 60 secs, computer didnt shutdown
If I was going to the shutdown button on xp it was showing the log of screen.
When i clicked log off it stayed at "Saving your settings" and i had to close my computer with the hard way...
But after that i didnt got the same thing....
Btw wasnt blaster doing the same thing?
Yes it was doing the same thing, but these are two totally different viruses.
|
|
| 05-02-2004 09:08 PM |
|
|
Maniac
Senior Member
Posts including T&T: 1684
Posts: 549
Reputation: 9
36 / / –
Joined: Apr 2004
|
RE: New Virus Exploiting Microsoft Holes
Who cares, if you get that weird shutting off error, open a DOS command type "shutdown -a" then take ur type to get all the patches and ull be clear  ![[Image: maniacsig0pb.jpg]](http://img272.echo.cx/img272/6024/maniacsig0pb.jpg)
*It took Jesus 3 days to respawn! Talk about lag!* 
|
|
| 05-03-2004 12:24 AM |
|
|
tomfletcherman
Senior Member
Posts: 929
Reputation: 7
35 / / –
Joined: Dec 2002
|
|
RE: New Virus Exploiting Microsoft Holes
I had 87 attempts to put that on my pc yesterday
|
|
| 05-03-2004 08:38 AM |
|
|
mgt
New Member
Posts: 3
Joined: May 2004
|
|
RE: New Virus Exploiting Microsoft Holes
Stupid Microsoft making everyone aware of their holes then people make viruses, well work will be busy next few months, I do tech support and heard there was 160 calls waiting
i had 10 calls :~(
|
|
| 05-03-2004 08:45 AM |
|
|
Wabz
Elite Member
Its Groovy Baby!
Posts: 3459
Reputation: 29
38 / / 
Joined: Jan 2003
|
RE: New Virus Exploiting Microsoft Holes
quote:
Originally posted by mgt
Stupid Microsoft making everyone aware of their holes then people make viruses, well work will be busy next few months, I do tech support and heard there was 160 calls waiting
i had 10 calls :~(
Hmmmm I remembr the blaster worm I don't do tech support but i was getting phoned every 30 seconds from friends asking what was happening Mess.be Forum Moderator
Messenger Plus ex-IRC Network Admin
Gimme a Rep! |
|
| 05-03-2004 09:23 AM |
|
|
|
Pages: (3):
« First
[ 1 ]
2
3
»
Last »
|
|
|
![[Image: signature2.gif]](http://www.patchou.com/perso/signature2.gif)
