Archived from groups: microsoft.public.win2000.file_system (
More info?)
Hi - sorry, no e-mail replies...
You've been infected by the Sasser worm. This means you didn't apply Windows
Updates (at least not very recently - patch for this came out April 13) and
don't have a firewall enabled....
For WinXP: If you can't stop your computer from restarting:
As soon as your computer reboots and Windows loads, click Start, then Run.
In the box, type the following:
shutdown -a (then click OK)
[for Win2k, shutdown.exe is part of the resource kit and the correct syntax
is
shutdown /a]
Then see
http://www.microsoft.com/security/incident/sasser.asp and
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
McAfee's Stinger tool to remove Sasser: http://vil.nai.com/vil/stinger/
MS removal tool for Windows 2000 SP2 and up, or Windows XP:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720
Enable your XP firewall (or get a third party one if not on XP or even if
so - www.zonealarm.com has a free one) and run Windows Update regularly to
keep your OS patched to the gills. You also need good antivirus software and
need to keep it updated regularly. As mentioned, the patch for this exploit
was released April 13th...but there are plenty you do need. Perhaps want to
enable the autoupdate feature of Windows Update and subscribe to the
security bulletin announcements at www.microsoft.com/security.
Edward Grovenor wrote:
> When i log onto the internet my pc loads a litle box that
> says System shutdown, you now have 1 min to save any work
> in progress, it says its due to C:WINNT/system32/lsass.exe
> anyone know what i should do?
> Send me an E-mail with any support,
> thanx Ed =)