Security Basics mailing list archives
Re: Interesting problem
From: "Maktub...it is written" <kirpagulati () hotmail com>
Date: Wed, 9 Jun 2004 01:22:35 +0530
This is definitely a sasser. Just fixed a ditto system of one of my friends. Get a sasser removal tool and like Roger said, search the memory for unregistered processes. One system I looked up had a weird "technically named" process running that consumed about 98% of the computer resources while it was idle!!! and thats not a pretty sight for someone who has just bought a 3.2GHz HT P4. ;-) All I did was delete that particular file and whoa...no more shutdowns and no more problems with lsass. BTW Norton is seemingly becoming more ad more incapable of picking up viruses and/or fixing it and its regularly sent patches dont seem to be helping a lot. I had a lot of problems with my computer too. Ran an AV scan on the entire computer.not one found. Then someone suggested AVG(which is infact freeware) and guess what? 43 viruses were picked up!!! And THAT is no joke. Out of those 7 were backdoors. My system was completely open to whomever managed to put it there and I didnt even know. Please note that this is only my experience with Norton and is in no manner being opiniated on in either a positive or negative manner. I hope this information was useful to you. -(FaithNEVERholds...you always get deserted along the way.) Kirpa Singh Gulati I'm a thief. I am the will of independence; I am the power of persona. I am the creation of my environment. I am the pursuit of more. I know this, because I thrive on intelligence. ----- Original Message ----- From: "Roger A. Grimes" <roger () banneretcs com> To: "bob martin" <bobmartin_613 () hotmail com>; <security-basics () securityfocus com> Sent: Saturday, June 05, 2004 8:14 AM Subject: RE: Interesting problem I'd still be thinking sasser-variant. Look for the unauthorized executable in memory, and delete. Review your Run registry keys and delete the malware. Roger ************************************************************************ *** *Roger A. Grimes, Computer Security Consultant *CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), A+ *email: roger () banneretcs com *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode *Author of upcoming Honeypots for Windows (Apress) ************************************************************************ **** -----Original Message----- From: bob martin [mailto:bobmartin_613 () hotmail com] Sent: Friday, June 04, 2004 1:22 PM To: security-basics () securityfocus com Subject: Interesting problem Hello all, We're experiencing an odd problem and I was hoping someone may be able to give some advice. Many of our computers are popping up lsass errors and reboot 45 seconds later. I immediately thought of sasser, but the windows patch is installed and our virus definitions are up to date. Norton doesn't pick up anything when running a full scan. Any ideas on this? Thank you in advance. _________________________________________________________________ MSN Toolbar provides one-click access to Hotmail from any Web page - FREE download! http://toolbar.msn.click-url.com/go/onm00200413ave/direct/01/ ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Interesting problem bob martin (Jun 04)
- Re: Interesting problem Marcos E. Rodriguez (Jun 07)
- Re: Interesting problem RBabb (Jun 07)
- <Possible follow-ups>
- RE: Interesting problem Roger A. Grimes (Jun 07)
- Re: Interesting problem Maktub...it is written (Jun 11)