While I hope no one needs this, here are several tools and techniques for removing the Sasser worm. All of these tools are excellent. I prefer the Microsoft Removal Tool instructions (listed first), which includes the MS04-011 security patch required to avoid reinfections.
Microsoft Removal Tool
Symantec Removal Tools
F-Secure Removal Tools
Before using the tool please read the disinfection instructions from 'f-sasser.txt'.
Trend Micro Removal Tools
Microsoft - Manual Disinfection
To manually disinfect an infected system, first apply the Microsoft patch MS04-011, then use Task Manager to kill the "avserve2.exe" process, then delete the file AVSERVE2.EXE from your Windows directory and reboot.
Steps from Microsoft's site (includes test button and tools):
Manual Removal steps for Technical Users
NETWORK LSASS SCANNING TOOLS
eEye offers free scanning network tool -- As a service to the network security community, eEye has announced the availability of a free tool to scan network computers and detect if any are vulnerable to the "Sasser.A" worm currently circulating worldwide. The tool allows administrators to quickly identify vulnerable workstations that do not contain the patch required to protect from the attack, and it provides information on where to locate the patch made available from Microsoft.
Download the FREE Retina Sasser Audit Tool here:
This free tool from Foundstone identifies workstations with unpatched MS04-011 LSASS vulnerabilities.
Foundstone DSSCAN tool
Edited by harrywaldron, 02 May 2004 - 03:58 PM.