Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Possible New Sasser Variant

from [Nick FitzGerald] Network Security [Permanent Link]
Subject: Re: Possible New Sasser Variant
Date: Thu, 24 Mar 2005 17:48:03 +1200 
Syklops wrote:


I work in Technical support for BT Yahoo Broadband and had a call from a =
guy who appeared to have the sasser, the system was shutting down when =
trying to access websites, and I attempted to fix the problem using =
CTRL+ALT+DEL and kill the lsasss process, however, when I do that, Task =
Manager does not appear. I get an egg-timer for about a second and it =
disappears. A quick google did not find me mention of a variant of =
sasser which killer Task Manager.=20


This is far too little information to make a Sasser (or any other!) 
diagnosis from.

Some adware/spyware is taking to task-killing much as most successful 
viruses do.  Of course, Task Manager and like programs are usally on 
the lists such functions use (Task Manager can also be prevented from 
running via policies but I believe you normally get a distinctive 
warning message if this is the reason Task Manager doesn't run).

Adware/spyware can also explain all manner of web-browser (at least IE) 
weirdness.

What you have described could be caused by all manner of (combination 
of) things.  Do more diagnosis (I realize that is hard over the phone, 
especially when the tools you want to use apparently can't be run).


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3267092
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Possible New Sasser Variant, Jefferies, Darren
Next by Date:  strange behavior from TrojanHunter, Nuno Costa
Previous by Thread:  Re: Possible New Sasser Variant, tenty
Next by Thread:  Re: Possible New Sasser Variant, Mike Wissa
Indexes:  [Date] [Thread] [Top] [All Lists]