sasser worm virus problem on a friend's PC

Discussion in 'Computer Information' started by Justin, Oct 13, 2004.

  1. Justin

    Justin Guest

    A friend of mine has an eMachines Celeron 1.4 machine. The internet kept
    shutting down after only a minute. She hasn't been able to surf the 'net
    for 6 months. She called me. I reinstalled her OS (xp) from the eMachines
    restoration CD's, but the sasser worm (where it says "PC shell, your PC
    will shut down in 40 seconds") was still on there (that message popped up
    once after reinstalling XP). I took her PC home with me, and I was on the
    internet on her machine for about 30 minutes last night and it didn't shut
    down once. Is the virus gone? Should I format the HD and then reinstall
    the OS? Thanks for your help.


    ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
    ---= East/West-Coast Server Farms - Total Privacy via Encryption =---
    Justin, Oct 13, 2004
    #1
    1. Advertising

  2. Justin

    Justin Guest

    "HF" <21.co.uk> wrote in news:416d885c$:
    > Stop - think- anti virus will remove it. Does your friend want to lose
    > all her stuff on the laptop.


    It's a desktop PC. I brought it home to fix it. She doesn't have an
    anti-virus program like Norton or McAfee. I have Norton on CD. Maybe
    I'll install it on her PC (if it'll let me). But my overarching
    question is: shouldn't a restoration of the OS wiped the worm/virus off
    of the HD? Or do I have to format the HD and then reinstall the OS?
    She doesn't have any data on the PC. She had no files, pics, media,
    etc. saved on the HD (I asked 3 times). She's very PC illiterate and
    mainly used it for email/web surfing/games. I'd like to install XP
    service pack 2 on it (with built in virus/firewall), but she has no
    ethernet card to hook it to my cable modem. I might install one in her
    PC (I have a few lying around) and then install XP SP2.



    > There is so much info on sasser on the
    > net .Of course it will still be there if you took no action to remove
    > it. "Justin" <justin1138@REMOVEnet> wrote in message
    > news:Xns958170342ABD2justin1138REMOVEzoom@216.65.98.75...
    >> A friend of mine has an eMachines Celeron 1.4 machine. The internet
    >> kept shutting down after only a minute. She hasn't been able to surf
    >> the 'net for 6 months. She called me. I reinstalled her OS (xp)
    >> from the

    > eMachines
    >> restoration CD's, but the sasser worm (where it says "PC shell, your
    >> PC will shut down in 40 seconds") was still on there (that message
    >> popped up once after reinstalling XP). I took her PC home with me,
    >> and I was on the internet on her machine for about 30 minutes last
    >> night and it didn't shut down once. Is the virus gone? Should I
    >> format the HD and then reinstall the OS? Thanks for your help.
    >>
    >>
    >> ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet

    > News==----
    >> http://www.newsfeeds.com The #1 Newsgroup Service in the World!
    >> >100,000

    > Newsgroups
    >> ---= East/West-Coast Server Farms - Total Privacy via Encryption =---

    >
    >
    > ---
    > Outgoing mail is certified Virus Free.
    > Checked by AVG anti-virus system (http://www.grisoft.com).
    > Version: 6.0.775 / Virus Database: 522 - Release Date: 08/10/2004
    >
    >
    >




    ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
    ---= East/West-Coast Server Farms - Total Privacy via Encryption =---
    Justin, Oct 13, 2004
    #2
    1. Advertising

  3. Justin

    HF Guest

    Stop - think- anti virus will remove it. Does your friend want to lose all
    her stuff on the laptop. There is so much info on sasser on the net .Of
    course it will still be there if you took no action to remove it.
    "Justin" <justin1138@REMOVEnet> wrote in message
    news:Xns958170342ABD2justin1138REMOVEzoom@216.65.98.75...
    > A friend of mine has an eMachines Celeron 1.4 machine. The internet kept
    > shutting down after only a minute. She hasn't been able to surf the 'net
    > for 6 months. She called me. I reinstalled her OS (xp) from the

    eMachines
    > restoration CD's, but the sasser worm (where it says "PC shell, your PC
    > will shut down in 40 seconds") was still on there (that message popped up
    > once after reinstalling XP). I took her PC home with me, and I was on the
    > internet on her machine for about 30 minutes last night and it didn't shut
    > down once. Is the virus gone? Should I format the HD and then reinstall
    > the OS? Thanks for your help.
    >
    >
    > ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet

    News==----
    > http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000

    Newsgroups
    > ---= East/West-Coast Server Farms - Total Privacy via Encryption =---



    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.775 / Virus Database: 522 - Release Date: 08/10/2004
    HF, Oct 13, 2004
    #3
  4. Justin

    Thor Guest

    "Justin" <justin1138@REMOVEnet> wrote in message
    news:Xns958186E5D87ACjustin1138REMOVEzoom@216.65.98.75...
    > "HF" <21.co.uk> wrote in news:416d885c$:
    >> Stop - think- anti virus will remove it. Does your friend want to lose
    >> all her stuff on the laptop.

    >
    > It's a desktop PC. I brought it home to fix it. She doesn't have an
    > anti-virus program like Norton or McAfee. I have Norton on CD. Maybe
    > I'll install it on her PC (if it'll let me). But my overarching
    > question is: shouldn't a restoration of the OS wiped the worm/virus off
    > of the HD?


    No, not necessarily. Often, recovery programs supplied with brand-name
    machines give you a choice between a destructive recovery and a
    non-destructive recovery. A non-destructive recovery would not necessarily
    get rid of a virus. Secondly, Sasser, if memory serves me, is spread
    primarily via internet connectivity alone, and not via email. Even if you
    did a destructive recovery and wiped out the sasser worm on that machine, it
    could have been re-infected almost immediately after re-establishing an
    internet connection. To prevent Sasser, and some others like "Mydoom" etc
    from getting back on the PC, you need to start the PC turn on the windows
    firewall for the internet connection, and immediately go to windows update,
    and download the critical patches from Microsoft which plug the
    vulnerabilities that those worms used to infect the PC. SP2 will also have
    these fixes included, should you choose to install that instead.

    >Or do I have to format the HD and then reinstall the OS?
    > She doesn't have any data on the PC. She had no files, pics, media,
    > etc. saved on the HD (I asked 3 times). She's very PC illiterate and
    > mainly used it for email/web surfing/games. I'd like to install XP
    > service pack 2 on it (with built in virus/firewall),


    SP2 doesn't have built-in antivirus protection. It merely monitors your PC
    to make sure you have a functioning antivirus product installed, and will
    alert you if you don't, or if it is malfunctioning.

    > but she has no
    > ethernet card to hook it to my cable modem. I might install one in her
    > PC (I have a few lying around) and then install XP SP2.


    If you have a cable modem, and a cd burner, then download the full SP2
    package from Microsoft Technet (~260MB) and burn it onto a CD for
    installation on her PC.
    http://tinyurl.com/5bobl
    Thor, Oct 13, 2004
    #4
  5. Justin

    Justin Guest

    "Thor" <> wrote in news::

    >
    > "Justin" <justin1138@REMOVEnet> wrote in message
    > news:Xns958186E5D87ACjustin1138REMOVEzoom@216.65.98.75...
    >> "HF" <21.co.uk> wrote in
    >> news:416d885c$:
    >>> Stop - think- anti virus will remove it. Does your friend want to
    >>> lose all her stuff on the laptop.

    >>
    >> It's a desktop PC. I brought it home to fix it. She doesn't have an
    >> anti-virus program like Norton or McAfee. I have Norton on CD.
    >> Maybe I'll install it on her PC (if it'll let me). But my
    >> overarching question is: shouldn't a restoration of the OS wiped the
    >> worm/virus off of the HD?

    >
    > No, not necessarily. Often, recovery programs supplied with brand-name
    > machines give you a choice between a destructive recovery and a
    > non-destructive recovery. A non-destructive recovery would not
    > necessarily get rid of a virus. Secondly, Sasser, if memory serves me,
    > is spread primarily via internet connectivity alone, and not via
    > email. Even if you did a destructive recovery and wiped out the sasser
    > worm on that machine, it could have been re-infected almost
    > immediately after re-establishing an internet connection. To prevent
    > Sasser, and some others like "Mydoom" etc from getting back on the PC,
    > you need to start the PC turn on the windows firewall for the internet
    > connection, and immediately go to windows update, and download the
    > critical patches from Microsoft which plug the vulnerabilities that
    > those worms used to infect the PC. SP2 will also have these fixes
    > included, should you choose to install that instead.
    >
    >>Or do I have to format the HD and then reinstall the OS?
    >> She doesn't have any data on the PC. She had no files, pics, media,
    >> etc. saved on the HD (I asked 3 times). She's very PC illiterate and
    >> mainly used it for email/web surfing/games. I'd like to install XP
    >> service pack 2 on it (with built in virus/firewall),

    >
    > SP2 doesn't have built-in antivirus protection. It merely monitors
    > your PC to make sure you have a functioning antivirus product
    > installed, and will alert you if you don't, or if it is
    > malfunctioning.
    >
    >> but she has no
    >> ethernet card to hook it to my cable modem. I might install one in
    >> her PC (I have a few lying around) and then install XP SP2.

    >
    > If you have a cable modem, and a cd burner, then download the full SP2
    > package from Microsoft Technet (~260MB) and burn it onto a CD for
    > installation on her PC.
    > http://tinyurl.com/5bobl
    >
    >
    >
    >
    >


    That's a great idea. Thanks. I didn't think of that. I have a cable
    moden and CD-Burner. That way she'd have all the citical updates and
    the firewall. I was thinking I'd have to install an ethernet card in
    her PC and hook it to my cable modem.


    ----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
    ---= East/West-Coast Server Farms - Total Privacy via Encryption =---
    Justin, Oct 13, 2004
    #5
  6. Justin

    Trent© Guest

    On Wed, 13 Oct 2004 14:32:35 -0700, "ToMh" <> wrote:

    >Personally, in this case, I'd reformat and re-install and give
    >her back a clean system.


    There are many virii that will not be removed simply by reformatting.
    Its best to repartition...or simply to remove the virus with the
    proper anti-virus program.


    Have a nice one...

    Trent

    Budweiser: Helping ugly people have sex since 1876!
    Trent©, Oct 14, 2004
    #6
  7. Justin

    Trent© Guest

    On 13 Oct 2004 13:46:39 -0500, Justin <justin1138@REMOVEnet> wrote:

    >That's a great idea. Thanks. I didn't think of that. I have a cable
    >moden and CD-Burner. That way she'd have all the citical updates and
    >the firewall. I was thinking I'd have to install an ethernet card in
    >her PC and hook it to my cable modem.


    Just be aware that sp2 has its OWN set of problems. What if you can't
    connect to the Internet at all after this upgrade? At the very least,
    do a Google for the published list of programs that are havin' a
    problem with sp2.

    Personally, I'd just get rid of the virii/trojans...then install some
    programs that will protect her from all this in the future.

    The easiest way...

    Make sure YOUR computer has all the latest updates for any firewall
    and anti-virus programs that you run. Then connect her drive to your
    machine on the secondary controller. Then run a complete virus and
    trojan check. When done, put the drive back into her machine.

    My favorite programs right now...

    Housecalls...an online check at www.trendmicro.com

    And Pest Patrol...the install version...at CA (Computer Associates).

    Good luck.


    Have a nice one...

    Trent

    Budweiser: Helping ugly people have sex since 1876!
    Trent©, Oct 14, 2004
    #7
  8. Justin

    ToMh Guest

    "Trent©" <> wrote in message
    news:...
    > On Wed, 13 Oct 2004 14:32:35 -0700, "ToMh" <> wrote:
    >
    > >Personally, in this case, I'd reformat and re-install and give
    > >her back a clean system.

    >
    > There are many virii that will not be removed simply by reformatting.
    > Its best to repartition...or simply to remove the virus with the
    > proper anti-virus program.
    >


    That's true, and probably a good idea, but running the virus SW afterwards would catch it.
    ToMh, Oct 15, 2004
    #8
  9. Justin

    Trent© Guest

    On Thu, 14 Oct 2004 16:30:15 -0700, "ToMh" <> wrote:

    >
    >"Trent©" <> wrote in message
    >news:...
    >> On Wed, 13 Oct 2004 14:32:35 -0700, "ToMh" <> wrote:
    >>
    >> >Personally, in this case, I'd reformat and re-install and give
    >> >her back a clean system.

    >>
    >> There are many virii that will not be removed simply by reformatting.
    >> Its best to repartition...or simply to remove the virus with the
    >> proper anti-virus program.
    >>

    >
    >That's true, and probably a good idea, but running the virus SW afterwards would catch it.
    >


    Then what's the purpose of reformatting? Why not just run the
    anti-virus software?


    Have a nice one...

    Trent

    Budweiser: Helping ugly people have sex since 1876!
    Trent©, Oct 15, 2004
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Gareth not NLL or anybody else.

    Sasser worm

    Gareth not NLL or anybody else., May 1, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    499
    Gareth not NLL or anybody else.
    May 1, 2004
  2. Alasdair Baxter

    Sasser Worm.

    Alasdair Baxter, May 2, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    521
    Alasdair Baxter
    May 3, 2004
  3. Pistol Pete

    Worm/Sasser.C

    Pistol Pete, May 4, 2004, in forum: Computer Support
    Replies:
    12
    Views:
    892
    °Mike°
    May 4, 2004
  4. billybronco
    Replies:
    4
    Views:
    467
  5. Brett Roberts

    Removal tool for Sasser.A & Sasser.B

    Brett Roberts, May 2, 2004, in forum: NZ Computing
    Replies:
    2
    Views:
    313
    MikeN
    May 14, 2004
Loading...

Share This Page