W32.Sasser

W32.Sasser HELP

I run the symantec fix tool but im 100% sure it didnt delete all of it and also installed the microsoft patch.

Heres my log:

Help

 

Hi LukaszJ

I moved your thread to the hijack cleaning forums for better attention.



snowbound

 

Thank you. Still need help though .

 

I understand.

One of the experts will be along to help u.


snowbound

 

Check this out for a fix:
http://www.microsoft.com/security/incident/sasser.asp

Then post the entire log, looks like you cut the bottom off.

 

Here it is:

 

Great! Please go do the M$ fix and then in control panel, add/remove programs remove new.net

Reboot and post another log.

 

I also scanned all with AVirus and it got like 40 sasser infected files... WTF!

Heres the log:

 

O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe

There is no file like this on the HD or in the processes, wth

 

The file could be hidden.

Please download TheKillbox from here: http://download.broadbandmedic.com/VbStuff/KillBox.zip

Unzip the files to a folder, then double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\lsasss.exe

Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". On the next screen, click on the File menu and choose "Add File". The filenameand path should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to reboot, do so.

Regards,

Pieter

 

Done.

 

Hi LukaszJ,

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [msbb] c:\program files\n-case\msbb.exe
O4 - HKLM\..\Run: [vuryf] C:\WINDOWS\vuryf.exe
O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe

Then reboot into safe mode and delete:
c:\program files\n-case <= entire folder
C:\WINDOWS\vuryf.exe
C:\Program Files\MyWay <= entire folder

Then run HijackThis again and post a new log.

Regards,

Pieter

 

Here it is:

 

Good job, LukaszJ

Please read:
https://www.wilderssecurity.com/showthread.php?t=27971

And can you find a foplder C:\!Submit\[date]
If everything worked as it should there will be a copy of lsasss.exe in there.
Upload that at http://www.kaspersky.com/scanforvirus.html and let us know the results please.

Regards,

Pieter

 

No such folder, sorry.

 

Ah well. Curiosity....

Pieter

 

How was this fodler sopossed to be created ? with the killbox ?

 

Yes. The Killbox creates a folder if you use the backup option which is checked by default.

Regards,

Pieter