Hello Everyone , well yesterday i had the win32 sasser-D 12377.exe virus on my pc .
Very strange . yesterday afternoon i had no more internet on my pc. my router was on line and all i could see was deny , deny , reject .
I put on my tcpveiw program , and bascilly the virus was looking for othe machines. i could not get throw to the internet with my router , but when i changed the direct connection to my modem , i can get on line as you can see . well avast cleaned the sasser , i also had al microsoft updates. now the computer is still sending out and searching for other machines .
i can get round it by closing the connections its sending out.
service exe
isass.exe
W32.Bobax.A i think what i have is W32.Bobax.A apparently a total new THING. does anyone know of this ? or how it can be cleaned.
this has happened to more people i know , all at the same time yesterday afternoon.
are you sure the Spelling is right ? not
services.exe
LSASS.exe
does any virusscanner (like Trend & KAv below) find the BOBAX in those files or anywhere else?
where are they located (full path) ?
WHY do you think you got “bobax” ? please supply link with description
have you also applied MS04-011 ?
did you change all your passwords ?
Its just going crazy and sending out pings and stuff . and blocks me receiving any websites. Till I close it down manully. I can now get out through my router .
Trend Micro
Always says found WORM SDBOT.D
And says cleaned sucsessfull. But this is everytime I start windows and run the scanner.
Also found and cleaned
BAT_SASSER.A_cmd.ftp this is cleaned total.
This is doing my nut in .
Even my friend had this yesterday and formatted his hard drive. And guess what !! its still there!
This is ugly . maybe if i do a boot scan.
never had a thing like this before.
@1) these two are normal Windows files, if they are in the System32-folder!! they are suspicious, if anywhere else
@2)
Please be correct in your spelling: is it serviceS.exe or service.exe ?
and supply the full path/folder/filename for any file you consider suspicious, like c:\windows\system32\services.exe
you’ll find this info in the alert/log of your firewall, or in the Trendmicro-report after a scan
also scan every occurence of service(s).exe and lsass.exe on your PC with Trend AND KAV (see below) and report their findings;
set your Explorer to show all files before the search for the files: explorer-> Extras/View → folder options → set it to show all Files/folders, even system and hidden files
and CHECK!! for new windowsupdates, via IE->extras->Windowsupdates → search for updates
if you have/had Spybot on your PC, you need to change every password ever entered on the PC (admin, main user, users etc…) and also PIN’s, ebay/onlinebanking data
Also close/protect your shared folders
this also if you decide to format your PC !!
I’m not sure whether i have the bobax virus or not ???
in my windows/temp file folder there is a file which avast will not scan file is c:\windows\temp\zlt04c0e.tmp i’ve tried todelete this file but it tells me that the file is in use by another process and cannot be closed. i have no idea which process is using it and what to do about it
any ideas
there seems to be no major hassles but — i thought i would check
thanx
thank you for the suggestions
i tried them but no joy >:(
still can’t find what the hell this thing does and i can’t get rid of it
if anyone has any more ideas i’d appreciate it.
herewith the hijackthis file
it makes absolutly no sense to me
hope it helps and thanks again for all the help
Logfile of HijackThis v1.97.7
Scan saved at 23:05:42, on 20/05/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
check all (Startup-)entries in HJT-Log if they are malicious or useless,
and fix them if so…
→ with Log-file from Hijackthis http://www.spywareinfo.com/~merijn/htlogtutorial.html (english tutorial) in combination with: