Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Piezo

Sasser Worm Detected!

Recommended Posts

I got this pop-up last night when I never get random pop-ups, and it was when I had an Internet Explorer window open, though that page (Accuradio player) donesn't have pop-ups. It read that it has been detected and I need to download this utility to scan my system and remove it and oh by the way, that'll be $39.95. I thought this to be a cheap crock so I went to the Microsoft website and there was a page posted that read how to "deal" with the worm. It also read that it causes your PC to show error messages and that it will shut down unexpectedly, which my PC hasn't done. It also read that it will cause your PC to be slow on the internet, and the only place I had trouble was on Road Runner Webmail, and it was extremely slow. The page referred to several processes that are related to it that I didn't have running. Today I was a little worried about it, and I got the pop-up again on a page that never has pop-ups. I closed it and moved on and was watching a flash animation when I got an error message that read "sysupd.exe could not read some memory" or something and that pop-up came back right after that again. As I remember from watching the news the sasser worm doesn't really do anything and I can't find anywhere that describes what it does, or looked very hard for it. You think I have the worm or is this just really sneaky marketing?

Share this post


Link to post

Uh, I just found a file called dpusys.ini on my desktop that I did not put there. I think I'm in trouble...should I try to delete it?

Share this post


Link to post

Well, I just ran AVG 6 Free Edition and all it finds (and it keeps finding this) is PSW.Agent.H in a file called _update.dat in my documents and settings/local settings/temp folder. It can't delete it and I can't delete it using Windows Explorer because it claims "it is being used by another person or process." I have to boot into MS-DOS or Windows 98 to delete it. I use IE 6 and Netscape 7.1 and windows XP firewall. Does this help?

Share this post


Link to post

Well when you do fix it upgrade your firewall

Perhaps if you look in your process menu (CtrlAltDel and Processes tab in XP) and see if it's running. If it is, kill the process then try deleting it. Just a thought, sorry I can't be of more help :P

Share this post


Link to post

My firewall must be really good because I haven't gotten a single worm, virus, or trojan, heh.

Share this post


Link to post

The sasser worm has been giving me a bit of grief lately. Looks like it've gotten rid of it by updating Windows XP though.

Share this post


Link to post

Is that what LSASS.EXE is? If that's the case, it's been on my computer for a while and Ad-Aware is a worthless piece of shit.

Share this post


Link to post
Piezo said:

Well, I just ran AVG 6 Free Edition and all it finds (and it keeps finding this) is PSW.Agent.H in a file called _update.dat in my documents and settings/local settings/temp folder. It can't delete it and I can't delete it using Windows Explorer because it claims "it is being used by another person or process." I have to boot into MS-DOS or Windows 98 to delete it. I use IE 6 and Netscape 7.1 and windows XP firewall. Does this help?


Turn off system restore. Then you'll be able to delete it. I just went through this with a friend of mine. He had TONS of viruses and they were all in the temp folder. The only way to get rid of them was to disable system restore, then delete the files manually. Run AVG after the fact still to make sure you got them all. Hope this works for you too.

Share this post


Link to post

Last night really late I went to http://www.microsoft.com/security/incident/sasser_printxp.asp and followed the directions. It read that if I downloaded all of the critical updates before April 30, 2004 then I shouldn't have the sasser worm. I checked my update history and I performed all of my updates by the 21st. I downloaded the utility from there that will scan the hard drive and remove all three of the sasser variants (sasser.a, sasser.b, sasser.c) for free. I ran it and it didn't find anything.
I think what happened with the sysudp.exe is that I somehow skipped some AVG 6 updates a while back because it wouldn't download them automatically so I went to the grisoft website and downloaded a couple of updates manually and tried to auto-update it again and it worked. I thought that was odd and moved on. AVG 6 never found sysudp.exe but it was there running in the taskbar. Now I've got sysupd.exe, is that the same thing? This is messed up...

Share this post


Link to post
Fredrik said:

LSASS.EXE is a Windows service.

Microsoft's wonder of architecture; the security engine!

Share this post


Link to post

I fought with it some more last night. I installed the newest AVG 6 updates and scanned my hard drive and it finally noticed sysudp.exe had the trojan horse PSW.Agent.J in it, as well as _UPDATE.DAT with it's PSW.Agent.H. Sysudp.exe apparently kept making _UPDATE.DAT and had been on my hard drive since April 13, so I'm a little dissapointed AVG didn't find it sooner. It could not remove them however, so I tried turning off system restore and it wouldn't let me, so I just booted into Windows 98 on my second hard drive and deleted both of the files.
About the sasser worm, I ran three different scanners: the downloadable Microsoft one, the one on a Microsoft web page, and the one on the Grisoft website and they didn't find anything. I tell you that pop-up had to have been the cheapest dirtiest pop-up I have ever seen.
Everything seems to be fine now, I want to thank you guys for all the help, the links and particularly that task list was very useful.

Share this post


Link to post

AVG has worked well for me. seems to get a lot of shit other ones, like Mcgaffe (SP?) and norton, miss. Also doesn't seem to eat up as much resoucses.

keep your operating systems up to date! as well as firewall and anti-virus programs

sorry AOL users, i am not sure how well, if at all, most anti-virus programs work with AOL. same with firewalls. however maybe they do work on newer AOL. I do remember this being a big deal a while ago. most of my tech friends still say AOL is just as bad if not worse.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×