Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected - Possible Sasser Worm?

  • Please log in to reply
1 reply to this topic

#1 achris


  • Members
  • 1 posts
  • Local time:01:26 PM

Posted 04 January 2008 - 08:00 PM

Hi there,
I'm new to this forum and have spent the last 6 hrs battling my pc!
It started off when I downloaded a piece of software called hide my ip, it asked me to download something else in order for it to connect (sorry if i'm not explaining it enough) it then told me to restart the pc to take effect, which i didn't do for another hour or so.

When it rebooted I got a pop up box saying:

"The system is shutting down. Please save all work ...... by NTAUTHORITY\SYSTEM
The system process 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with status code - 1073741819

There have also been over pop up boxes saying over things have had to close inc LSA Shell etc.

On my laptop I managed to get back online and have gone through google looking at everything and trying microsoft patches (which I already had the most updated version) managed to get my Panda virus checker to go through everything and it came up clear, so did the microsoft malicious software checker, spyware Dr and the symmantec sasser worm removal tool.

I've done everything that the pchell.com/virus/sasser said to do but had none of the symptoms to fix.

At the moment I can get safe mode on and now safe mode with networking.
I'm running XP and SERVICE PACK 2
Virus Checker is PANDA SECURITY

Please help me someone! Is it the Sasser worm? If so how come nothing can pick it up?

Edited by achris, 04 January 2008 - 08:03 PM.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,098 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:26 PM

Posted 04 January 2008 - 11:30 PM

How To Remove The Sasser Virus

Download and scan with MS Malicious Software Removal Tool.
click on the link "Skip the details and download the tool"

Download and run Symantec's W32.Sasser Removal Tool.

Sasser is an old infection so your issue may not be related to it. If the above does not help, then do this:

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Please download AVG Anti-Rootkit and save to your desktop
  • Double click avgarkt-setup- to install. By default it will install to C:\Program Files\GRISOFT\AVG Anti-Rootkit
  • Accept the license and follow the prompts to install.
  • You will be asked to reboot to finish the installation so click "Finish".
  • After rebooting, double-click the icon for AVG Anti-Rootkit on your desktop.
  • You will see a window with four buttons at the bottom.
  • Click "Search For Rootkits" and the scan will begin.
  • You will see the progress bar moving from left to right. The scan will take some so be patient and let it finish.
  • When the scan has finished, a small window will open so you can view the results.
  • Right click and select "Save Result To File".
  • By default the file will be saved with a .csv extension. (You can use notepad to open the .cvs file)
  • Copy and paste the results in your next reply.
  • If anything was found, click "Remove selected items"
  • If nothing was found, please click the "Perform in-depth Search" saving anything found to file as before.
Note: Close all open windows, programs, and DO NOT USE the computer while scanning. If the scan is performed while the computer is in use, false positives may appear in the scan results. This is caused by files or registry entries being deleted automatically.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users