I've spent last 5 days trying to fix a sasser worm on an IQON PC with
WinXP. The PC hasn't been on the iternet and all the software was
prepackaged kids games from PC World.

Any one aware of a prblem with these PCS?

Anyone know how to clear this virus cos I've tried everything and it
seems to know what I'm going to do and stops me.

Anyone successfully removed the virus ?

HEEEEEEEEEEEEEELP Its drivin me mad...

Charlie.

From:	das twit
Subject:	Re: iqon pc with sasser virus
Date:	Mon, 3 Jan 2005 02:14:23 -0000

X-No-Archive: yes

"Charlie" wrote in message
news:15d94637.0501021801.26de697c@posting.google.com...
> I've spent last 5 days trying to fix a sasser worm on an IQON PC with
> WinXP. The PC hasn't been on the iternet and all the software was
> prepackaged kids games from PC World.
>
> Any one aware of a prblem with these PCS?
>
> Anyone know how to clear this virus cos I've tried everything and it
> seems to know what I'm going to do and stops me.
>
> Anyone successfully removed the virus ?
>
> HEEEEEEEEEEEEEELP Its drivin me mad...
>
> Charlie.

http://www.symantec.com/search/

removal tools and details can be found here, there's variations on that worm
so check which one you have.

From:	Just Passing Through
Subject:	Re: iqon pc with sasser virus
Date:	3 Jan 2005 12:17:25 GMT

"das twit" wrote:
>X-No-Archive: yes

What sort of a gobshite tries to x-no-archive posts to a technical group?
If you've anything worth saying, then it's worth archiving, so that people
can benefit from your wisdom if they're ever trying to solve a similiar
problem themselves in teh future.

If what you've got to say isn't worth archiving, it's not worth posting -

don't waste your time, or anyone elses for that matter.

From:	das twit
Subject:	Re: iqon pc with sasser virus
Date:	Mon, 3 Jan 2005 12:32:55 -0000

X-No-Archive: yes

"Just Passing Through" wrote in message
news:41d937d5$1@news.boards.ie...
>
> "das twit" wrote:
>>X-No-Archive: yes
>
> What sort of a gobshite tries to x-no-archive posts to a technical group?
> If you've anything worth saying, then it's worth archiving, so that people
> can benefit from your wisdom if they're ever trying to solve a similiar
> problem themselves in teh future.
>
> If what you've got to say isn't worth archiving, it's not worth posting -
>
> don't waste your time, or anyone elses for that matter.

your post is not worth archiving.

i have wasted my time reading and replying.

i bid you good day stout yeoman.

From:	Civilian_Target
Subject:	Re: iqon pc with sasser virus
Date:	Mon, 03 Jan 2005 16:58:36 +0000

In the times of Yore, approximately 3 moons after Mon, 3 Jan 2005 12:32:55 -0000, there was a signal from
the heavens from where the angel "das twit" emblazoned
these words across the heavens:

>your post is not worth archiving.

It probably is, just because he quoted your original post that won't be archived but may be of future use
: p

Civilian_Target
---
"The great thing about pessimism is that you are either 'right as usual' or 'pleasently surprised'

From:	James
Subject:	Re: iqon pc with sasser virus
Date:	Mon, 3 Jan 2005 10:58:42 -0000

"Charlie" wrote
> I've spent last 5 days trying to fix a sasser worm on an IQON PC with
> WinXP. The PC hasn't been on the iternet and all the software was
> prepackaged kids games from PC World.

It would help if you would describe what you have done so we could move on
from there (rather than suggesting things you have already tried). I
assume you have a reputable virus scanning program running on the PC with
the latest virus definitions loaded and if so it is concerning that it has
not cleaned this virus for you.

Anyway, some thoughts:

Which virus scanner are you running and how up to date are the virus
definitions?

How do you know it's the sasser worm? (What is it visibly doing?).

Have you tried McAfee's Stinger program to remove it?
http://vil.nai.com/vil/stinger/

If you have correctly identified the virus, have you tried any of Symantec
removal tools specific to that virus'?
http://securityresponse.symantec.com/avcenter/tools.list.html

Microsoft have a page on the Sasser and a removal tool:
http://www.microsoft.com/security/incident/sasser.mspx

From:	Just Passing Through
Subject:	Re: iqon pc with sasser virus
Date:	3 Jan 2005 12:35:50 GMT

"James" wrote:
>"Charlie" wrote
>> I've spent last 5 days trying to fix a sasser worm on an IQON PC with
>> WinXP. The PC hasn't been on the iternet and all the software was
>> prepackaged kids games from PC World.
>
>It would help if you would describe what you have done so we could move

>on from there (rather than suggesting things you have already tried).

>I assume you have a reputable virus scanning program running on the PC
>with the latest virus definitions loaded and if so it is concerning that
>it has not cleaned this virus for you.
>
>Anyway, some thoughts:
>
>Which virus scanner are you running and how up to date are the virus
>definitions?
>
>How do you know it's the sasser worm? (What is it visibly doing?).
>
>Have you tried McAfee's Stinger program to remove it?
>http://vil.nai.com/vil/stinger/

I got a call from a neighbour over the Christmas, saying that her PC
kept rebooting when she was online. The first thing I did was download
Stinger, and bring it over. It found 4 different viruses, but when I
eventually got updated virus definitions installed, there were another
6 viruses and trojans that Stinger hadn't found - I know that Stinger
is specifically designed to be small and only deal with the most common
viruses, but I was surprised that it missed so much.

(She had a paid up copy of Norton AV 2002, subscribed up to May 2005,
but didn't know that that she had to run LiveUpdate to get updated
definitions. So her definitions were almost 3 years old. When we did
run LiveUpdate, it wanted to download 5MB of updates!!!! So I brought
the machine home with me to download them on a DSL link, and get all
the various Windows Updates. I got everyuthing cleaned off, made sure
that it passed the TrendMicro scan as well as the Symantec one, and
returned the machine. I showed her how to run LiveUpdate - and the very
first time it ran it wanted to download another 6MB over the dialup
connection! Is it any wonder people don't keep their definitions up to
date!!!!!)

>If you have correctly identified the virus, have you tried any of Symantec

>removal tools specific to that virus'?
>http://securityresponse.symantec.com/avcenter/tools.list.html
>
>Microsoft have a page on the Sasser and a removal tool:
>http://www.microsoft.com/security/incident/sasser.mspx

One of the many viruses on the machnie I was dealing with edited the HOSTS
file to make it impossible to access various well known AV websites.
If you have difficulty accessing AV websites, use Notepad to read
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

If there's a list of AV websites listed there with 127.0.0.1 next to
them, delete them.

From:	James
Subject:	Re: iqon pc with sasser virus
Date:	Mon, 3 Jan 2005 13:12:32 -0000

"Just Passing Through" wrote
> I got a call from a neighbour over the Christmas, saying that her PC
> kept rebooting when she was online. The first thing I did was download
> Stinger, and bring it over. It found 4 different viruses, but when I
> eventually got updated virus definitions installed, there were another
> 6 viruses and trojans that Stinger hadn't found.

Stinger does have it's limitations, McAfee would prefer you buy their full
product:after all :-) However if you know the exact virus you want to
clean and it's on Stinger's list it can be a very simple and effective
solution.

> (She had a paid up copy of Norton AV 2002, subscribed up to May 2005,
> but didn't know that that she had to run LiveUpdate to get updated
> definitions. So her definitions were almost 3 years old.

Yes, you have to keep anti-virus programs up to date constantly and it can
be demanding on dial-up although Norton seems to be one of the worst in that
respect.

> One of the many viruses on the machnie I was dealing with edited the HOSTS
> file to make it impossible to access various well known AV websites.

The OP really needs to explain what they tried and any difficulties
experienced might then help pinpoint the problem/solution.

From:	gp
Subject:	Re: iqon pc with sasser virus
Date:	Mon, 3 Jan 2005 02:16:05 +0000

Charlie wrote:

> HEEEEEEEEEEEEEELP Its drivin me mad...
>
> Charlie.

1. throw it in the bin
2. get a mac