my computer has been infected by the sasser worm. whenever i connect to the internet i am immediately told taht the computer will shut down. what do i need to do to delete the worm?

I take it you have XP or 2000 cus sasser only effetc them...

First you have to apply this patch http://www.microsoft.com/technet/security/...n/MS04-011.mspx

Notes:

• You may have to try this several times, as you only have about 20 seconds to do steps 3 to 6.
• This will not work on Windows 2000.

To prevent the shut down, do the following:

Disconnect the computer from the network/Internet connection. (Disconnect the cable if necessary.)
Restart the computer.
As soon as Windows opens and you see the Windows desktop, click Start > Run.
Type:
cmd
and press Enter.

Type:
shutdown -i
and press Enter.

In the Remote Shutdown Dialog that opens, do the following:

Click Add, type your computer name into the Add Computers dialog box, and then click OK.
In the "Display warning for" field, type 9999.
Type the following text in the Comment box:
Delay Lsass.exe shutdown.
Click OK.

Reconnect the network/Internet connection.
Connect to the Internet, and get the patch. Then continue with the steps described below.

When you have patched your computer and removed the threat, you can re-enable the 20 second default warning if you wish.

Use this to removal the infections of W32.Sasser.Worm
http://securityresponse.symantec.com/avcen...moval.tool.html


~~~~~~~~~~~~~~
http://securityresponse.symantec.com/avcen...asser.worm.html

I got nailed by that Sasser worm and I heard of people getting 'forced to shut down' but I guess it never got that far with me. I just happened to notice the
other LSAS.EXE service running in my taskmanager and realized that it was something new. Did a little investigative work and found out what it was and quickly removed the bugger.

get the sasser removal tool from symantec for free and copy it onto a cd.

then boot the infected machine with no cables attached to the NIC

run the removal tool

get a firewall or use XP's built in firewall and get ALL the MS pathces

I use Tiny Personal Firewall, you can too for a free 30 day trial... or even ZoneAlarm free edition.

If everyone patched their PC's as they are supposed to do you would not be infected as the vulnerability was not exploited until the patch was made (reverse engineering).

Anyway their is no excuse not to install XP SP2 when released, public version of RC2 out this coming Wednseday for the brave or foolish to try

How to Protect Yourself from the Sasser Worm and Other Attacks
If your computer is running one of the following operating systems, you can help protect it from the Sasser worm and its variants by installing the appropriate update:

- For Windows 2000 Service Pack 2 or later, install "Security Update for Windows 2000 (KB835732)"
- For Windows XP, install "Security Update for Windows XP (KB835732)"