sasser worm

Discussion in 'ESET NOD32 Antivirus' started by nopieees, Dec 31, 2009.

Thread Status:
Not open for further replies.
  1. nopieees

    nopieees Registered Member

    Joined:
    Jul 30, 2009
    Posts:
    13
    i ve 2000 server infected by something similar to sasser worm .
    when ever i plug the network cable the server shows me a pop up telling me that the server will restart after one minute .
    when i unplug the cable out it works fine .

    here is the pop up text
    system shutdown

    this system is shutting down please save all works in progress and logoff.any unsaved changes will be lost.this shutdown was initiated by autority\system.

    time

    the system process
    C:\wintnt\system32\services.exe terminated unexpectly with status code 128.
    the system will shutdown now and restart.

    i searched the web for this text and i found this page http://www.pchell.com/virus/sasser.shtml which is giving same details but i couldnot find the .exe files so i think this is a new threat.
    please if anyone faced the problem before advise me .
     
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Sasser is a pretty old worm. It's crucial to install the appropriate hotfix issued by MS to prevent it from spreading over network. However, rather than installing only that particular hotfix you'd better install Windows 2000 SP4 and ALL available hotfixes as they are vital for malware prevention.
     
  4. PaulB2005

    PaulB2005 Registered Member

    Joined:
    Apr 19, 2005
    Posts:
    525
    Not always caused by Sasser worm.

    See also here
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Agreed, Marcos, that Sasser is quite the old worm.
    My thinking is that the OP should clean his/her current installation before going forward and upgrading the OS.
     
Thread Status:
Not open for further replies.