|
Sasser scanner/removal tool
|
Re: Sasser scanner/removal tool
Brett Roberts wrote:
> http://www.microsoft.com/security/incident/sasser.asp heh, thanks... grabbed for workmates brother. -- Dave Hall http://Dave.net.nz We have Hangman, Pacman, and Space Invaders |
Re: Sasser scanner/removal tool
On Tue, 4 May 2004 08:59:05 +1200, "Brett Roberts"
<brettrob@abcmicrosoftxyz.com> wrote: >http://www.microsoft.com/security/incident/sasser.asp People should be aware that there is a serious bug with this patch. It can cause a PC to be unable to load a driver on startup and to freeze while trying to do so, by using all the CPU time. Some info is at http://support.microsoft.com/default...b;EN-US;841382 It can happen with any driver apparently. It affected our file server and locked it up while trying to load the driver for the RAID card. This was early morning just before everyone turned up for work. Fortunately our backups are on removable hard drives and not tapes, so the backup machine became a file server for the day. The patch can be uninstalled through Add/Remove Programs (Windows Hotfix KB835732) but even in safe mode our machine was running so slowly it took some hours to complete the uninstall. There are no warnings about this on Microsoft Security Bulletin MS04-011. We will being installing a Linux file server in the next week or so. We can cope with viruses and vulnerabilities etc but having to rely on MS-supplied "fixes" which can kill critical machines without warning is simply too dangerous. Ray Greene. |
Re: Sasser scanner/removal tool
Ray Greene wrote:
> We will being installing a Linux file server in the next week or so. We can > cope with viruses and vulnerabilities etc but having to rely on MS-supplied > "fixes" which can kill critical machines without warning is simply too > dangerous. Any patches from anywhere can kill critical machines without warning... if the machine is critical, why does it have access to the net? -- Dave Hall http://Dave.net.nz We have Hangman, Pacman, and Space Invaders |
Re: Sasser scanner/removal tool
On Tue, 4 May 2004 08:59:05 +1200, "Brett Roberts"
<brettrob@abcmicrosoftxyz.com> wrote: > >http://www.microsoft.com/security/incident/sasser.asp > Hi Brett, Thanks for that. Just a bit of feedback - I ran the thing and it ended silently - that is, it didn't say "not found" or "virus found". Now I only ran it experimentally since I don't have the virus, but it would have been nice if it had told me so! Cheers, Cliff |
Re: Sasser scanner/removal tool
"Enkidu" <enkidu@xyzcliffpxyz.com> wrote in message
news:hh0e90hndfeqgg75vq8fg7es4cmpd3sj7h@4ax.com... > On Tue, 4 May 2004 08:59:05 +1200, "Brett Roberts" > <brettrob@abcmicrosoftxyz.com> wrote: >> >>http://www.microsoft.com/security/incident/sasser.asp >> > Hi Brett, > > Thanks for that. Just a bit of feedback - I ran the thing and it ended > silently - that is, it didn't say "not found" or "virus found". Now I > only ran it experimentally since I don't have the virus, but it would > have been nice if it had told me so! > > Cheers, > > Cliff Thanks Cliff, this is good feedback. I will forward to the people who built the scanner tool |
Re: Sasser scanner/removal tool
"Ray Greene" <ray.greene@icsc.co.nz> wrote in message
news:IZClc.89$XI4.1566@news.xtra.co.nz... > On Tue, 4 May 2004 08:59:05 +1200, "Brett Roberts" > <brettrob@abcmicrosoftxyz.com> wrote: > >>http://www.microsoft.com/security/incident/sasser.asp > > People should be aware that there is a serious bug with this patch. It can > cause a PC to be unable to load a driver on startup and to freeze while > trying to do so, by using all the CPU time. Some info is at > http://support.microsoft.com/default...b;EN-US;841382 > > It can happen with any driver apparently. It affected our file server and > locked it up while trying to load the driver for the RAID card. This was > early morning just before everyone turned up for work. Fortunately our > backups are on removable hard drives and not tapes, so the backup machine > became a file server for the day. > > The patch can be uninstalled through Add/Remove Programs (Windows Hotfix > KB835732) but even in safe mode our machine was running so slowly it took > some hours to complete the uninstall. > > There are no warnings about this on Microsoft Security Bulletin MS04-011. > > We will being installing a Linux file server in the next week or so. We > can > cope with viruses and vulnerabilities etc but having to rely on > MS-supplied > "fixes" which can kill critical machines without warning is simply too > dangerous. > > Ray Greene. Hi Ray, I'm sorry to hear about the hassles you ran into applying MS04-011. Please let me know via nz.comp or by calling me on (09) 3575800 if you need any technical support in remedying the problems. |
Re: Sasser scanner/removal tool
Ray Greene
> On Tue, 4 May 2004 08:59:05 +1200, "Brett Roberts" > <brettrob@abcmicrosoftxyz.com> wrote: > > >http://www.microsoft.com/security/incident/sasser.asp > > People should be aware that there is a serious bug with this patch. It can > cause a PC to be unable to load a driver on startup and to freeze while > trying to do so, by using all the CPU time. Some info is at > http://support.microsoft.com/default...b;EN-US;841382 > > It can happen with any driver apparently. It affected our file server and > locked it up while trying to load the driver for the RAID card. This was > early morning just before everyone turned up for work. Fortunately our > backups are on removable hard drives and not tapes, so the backup machine > became a file server for the day. > > The patch can be uninstalled through Add/Remove Programs (Windows Hotfix > KB835732) but even in safe mode our machine was running so slowly it took > some hours to complete the uninstall. > > There are no warnings about this on Microsoft Security Bulletin MS04-011. I did read some warnings about these patches on the MS site so the info is there, I understand Windows 2000 has had some problems with it |
Re: Sasser scanner/removal tool
T.N.O. - Dave.net.nz
> Ray Greene wrote: > > We will being installing a Linux file server in the next week or so. We can > > cope with viruses and vulnerabilities etc but having to rely on MS-supplied > > "fixes" which can kill critical machines without warning is simply too > > dangerous. > > Any patches from anywhere can kill critical machines without warning... > > if the machine is critical, why does it have access to the net? it's a file server, it has access to their internal network, and anything that is on a network is potentially vulnerable to any of these things |
Re: Sasser scanner/removal tool
Enkidu
> On Tue, 4 May 2004 08:59:05 +1200, "Brett Roberts" > <brettrob@abcmicrosoftxyz.com> wrote: > > > >http://www.microsoft.com/security/incident/sasser.asp > > > Hi Brett, > > Thanks for that. Just a bit of feedback - I ran the thing and it ended > silently - that is, it didn't say "not found" or "virus found". Now I > only ran it experimentally since I don't have the virus, but it would > have been nice if it had told me so! There are also scanners available from the antivirus companies and probably one for your favourite AV package. |
| All times are GMT. The time now is 08:11 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.