Virus alert

The Rocketry Forum

Help Support The Rocketry Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.


Well-Known Member
Dec 5, 2003
Reaction score
I received this Email from my antivirus software company today.

As of May 2, 2004 10:07 PM (PST), TrendLabs has declared a High Risk Virus alert to control the spread of WORM_SASSER.B. Several infection reports have been received indicating that this worm is spreading in the Latin American region.

This variant of WORM_SASSER.A similarly exploits the Windows "Local Security Authority Subsystem Service" (LSASS) vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system.


To propagate, this worm scans random IP addresses for vulnerable systems. When a vulnerable system is found, the malware sends a specially crafted packet to produce a buffer overrun on LSASS.EXE, which causes the program to crash and eventually require Windows to reboot
Yeah, I'm in the process of helping a remote user here at work remove that bugger. Symantec has a fix on their website. It's a doozy. It makes your computer restart over and over and over....:rolleyes:
I've been hearing about this worm.

Right Royal Pain in the Posterior by all accounts.

Netsky has become a bain of my life ... the amount of pcs I've had to clean up from that has been unbelieveable. Just hope Sasser doesn't become so annoying.
IS this a thing that is sent by email, or does it just slip onto your computer if you are connected to the Internet and it gets your IP?

From my understanding, this virus does not come via e-mail or an attachment. If you are hooked up to the internet, it can get you. It doesn't require you to click on anything. It just arrives.

yeah they are trying to block this at school, I guess it has crushed a few college campuses. they are afriad someone is going to bring it in through the they are trying to get everyone to download the patch. the username
Ahh, the joy of having a hardware firewall. Blocks all incoming data except what I specify. If you ever had a virus destroy data, hardware firewalls seem to be a viable solution (along with not opening attachments, clicking on .exe files from the internet, clicking blindly on 'yes' in internet exploret, etc.) I have a linksys wireles DSL/cable router with a built in firewall. It shares my internet connection to my labtop, and acts as a hardware firewall! All for about $100 when I got it,..with the prices today, its cheaper (to lazy to do a froogle search).

Cool. Im totally protected from all viru ##SIGNAL LOST##
Cool. Im totally protected from all viru ##SIGNAL LOST##

I am probably the LEAST computer literate person here but, sol, those sound like famous last words to me!:D

I depend on McAfee Security to keep me virus free. So far they have done a first rate job. There has been a lot of update activity lately. Hopefully they have this one under control also.
Here are some simple steps you can do to prevent this:\

1) This one is easily prevented make sure you have all critical updates from the Windows update site. The one you need in this case is MS04-011.

2) If you fo get infected, there is a removal tool available at WWW.SARC.COM

Here is some good reading:

As of the present, there is no payload. It is a worm that looks like some twit thought would be fun ro release

There are multiple variants.

And before you hit send, I know, it does not affect LINUX, MAC, OS390, VMS, OS/2, or any number of other operating systems.
But I just bought a new 3.4Ghz Computer.....It can outrun all the new virui, right?

anyway, don't be cheap. Go out and buy a cheap router/gateway/firewall for $40. Stops many virui in their tracks. Espically (sp.) is you are in business over the net/hold sensitive data on your computer. Its just like having your computer drink an invisible potion (with no weird aftertastes/side effects!), and makes your computer nearly invisiblehackers/crackers/n00bs/script kiddies who want to take your data for fun.

Note: do NOT pour an invisible potion on your computer: it would be bad.

Note #2: I really hope you didn't have to consider note #1.