and read all instructions on the "fix" pages CAREFULLY...if you miss one step, your attempted fixes might not work AOSCLAY

0

I work for a very large company and this virus plagued the entire network yesterday. It seems that sometimes the stinger.exe doesn't work on the first attempt and needs to be ran a 2nd time. We have a very large mess and looks like it might take a while to get it cleaned up. Good luck to you!

0

Finally, I got it fixed. What helped was to install Microsoft security update 835732. However, I'm still unaware why none of my antivirus programs is unable to detect the virus. I'm sure that I'm uptodate because i'm updating my virus definitions almost hourly. Additionally, I ran both Symantec's Fxsasser.exe and F-secure's f-sasser.exe removal tools and none of them reported the virus had been found on my computer. Thank you all guys!

0

It seems that you've encountered exactly the same problems as I've done Nasko. I haven't got rid of it with Virusscans (Norton2004 + numerous online scans) so far and the Removaltools doesn't work. I'll try the security update as I get home, hopefully that will solve the problem. If it does I owe you bigtime! =) One thing that's been bugging me is symantecs advice concerning "Ending the malicious process". I can't find Avserve2.exe or the other "Five digits"_up.exe file. That seems pretty odd to me since my system shows all the Sasser symptoms. I suspect that it appears differently in 2000 than in XP (which most helpfiles is written for). Could that be so?

0

"I suspect that it appears differently in 2000 than in XP (which most helpfiles is written for). Could that be so?" Yes, that most certainly could be so, from a symptomatic level. Like with Blaster, the visible symptoms of infection were a bit different between XP and 2000. I suspect that might be so with Sasser. THIS IS IMPORTANT: YOU WILL NOT WIN UNTIL YOU PATCH YOUR OPERATING SYSTEM With XP, the built in firewall makes this easier to do once you are infected. But in 2000 its going to be more difficult. UNTIL YOU PATCH, YOU WILL NOT BE SUCCESSFUL IN THE END that's usually how it goes, especially in the case of worms such as Sasser or Blaster. If you have no firewall, are not patched, and have already been hit, you have a hard fight ahead. Read the articles, get the patches (separately from another PC if you can't do a windows update or download them yourself). The info is there, its just going to be a fight. AOSCLAY

0

I have had the same problem. I ran the fix tool, it found the virus, but the problem is still there. I re-ran the tool and nothing is found. I have known about the security update for a while... the only problem is that when I run it manually I get a very helpfull message saying 'File is corrupt'. If I run it straight from the windows update site it just fails. .philodox.

0

Klab0, exactly! Every virus-scan software I could lay my hands on reported nothing suspicious on my system. The two Sasser removal tools I ran didn't find the worm. Additionally, I ran F-prot under DOS - nothing. At the same time all the symptoms of Sasser infection matched - exept for the Avserve2.exe and *_up.exe files - none of them was on my system. The good thing is that as soon as I installed the Microsoft update (835732) the problem just disappeared. And no software ever declared that it had removed anything!

0

We have just had a plague of this worm on Win2K. Many of our machines missed the 835732 patch. The biggest problem is applying the patch because the worm activates the Shutdown during the boot process or shortly after the logon -- it varies. We copied the patch file to a network location using a clean machine. On the first available 60 sec window before shutdown we copied the patch file to the desktop. This saves having to open up Explorer to find it. On the next available window -- a few reboots later -- we were able to run the patch all the way through. I searched for the files associated with the worm and couldn't find any. Hope this helps.

0