W32.Sasser

Discussion in 'adware, spyware & hijack cleaning' started by LukaszJ, May 9, 2004.

Thread Status:
Not open for further replies.
  1. LukaszJ

    LukaszJ Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    57
    W32.Sasser HELP

    I run the symantec fix tool but im 100% sure it didnt delete all of it and also installed the microsoft patch.

    Heres my log:
    Help :(
     
    Last edited: May 9, 2004
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi LukaszJ :)

    I moved your thread to the hijack cleaning forums for better attention. ;)



    snowbound
     
  3. LukaszJ

    LukaszJ Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    57
    Thank you. Still need help though :(.
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    I understand. ;)

    One of the experts will be along to help u. :)


    snowbound
     
  5. cybertech

    cybertech Spyware Fighter

    Joined:
    Apr 28, 2004
    Posts:
    4
    Location:
    Washington State
  6. LukaszJ

    LukaszJ Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    57
    Here it is:

     
  7. cybertech

    cybertech Spyware Fighter

    Joined:
    Apr 28, 2004
    Posts:
    4
    Location:
    Washington State
    Great! Please go do the M$ fix and then in control panel, add/remove programs remove new.net

    Reboot and post another log.
     
  8. LukaszJ

    LukaszJ Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    57
    I also scanned all with AVirus and it got like 40 sasser infected files... WTF!

    Heres the log:
     
  9. LukaszJ

    LukaszJ Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    57
    O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe

    There is no file like this on the HD or in the processes, wth o_O
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    The file could be hidden.

    Please download TheKillbox from here: http://download.broadbandmedic.com/VbStuff/KillBox.zip

    Unzip the files to a folder, then double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

    C:\WINDOWS\lsasss.exe

    Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot". On the next screen, click on the File menu and choose "Add File". The filenameand path should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to reboot, do so.

    Regards,

    Pieter
     
  11. LukaszJ

    LukaszJ Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    57
    Done.

     
  12. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi LukaszJ,

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL

    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

    O4 - HKLM\..\Run: [msbb] c:\program files\n-case\msbb.exe
    O4 - HKLM\..\Run: [vuryf] C:\WINDOWS\vuryf.exe
    O4 - HKLM\..\Run: [lsasss.exe] C:\WINDOWS\lsasss.exe

    Then reboot into safe mode and delete:
    c:\program files\n-case <= entire folder
    C:\WINDOWS\vuryf.exe
    C:\Program Files\MyWay <= entire folder

    Then run HijackThis again and post a new log.

    Regards,

    Pieter
     
  13. LukaszJ

    LukaszJ Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    57
    Here it is:
     
  14. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
  15. LukaszJ

    LukaszJ Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    57
    No such folder, sorry.
     
  16. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Ah well. Curiosity.... ;)

    Pieter
     
  17. LukaszJ

    LukaszJ Registered Member

    Joined:
    Dec 31, 2003
    Posts:
    57
    How was this fodler sopossed to be created ? with the killbox ?
     
  18. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Yes. The Killbox creates a folder if you use the backup option which is checked by default.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.