egafd.com

I was infected with the LSASSS.exe Worm yesterday, I was watching a promo video I downloaded, & got notified of a hidden file which had been already activated. I deleted the Movie, & ALL files from the Temp & Internet Temp folders.

I've checked & the Anti-Virus Software didn't do anything, as it didn't see it as a threat (Grisoft AVG). I manually deleted the file from my System32 folder, as well as the Prefetch folder.

Reading from the Microsoft site, it says that if Win32/Sasser (LSASSS.exe) Worm has infected your computer, it exploits the Local Security Authority Subsystem Service (LSASS), however, this problem was fixed, with Microsoft Security Update MS04-011.

If need be, I was thinking of doing a System Restore to a couple of days ago, then completely removing all Backups/System restores, to clean any possible stores of the worm.

How do I tell if my System is clean from this threat, how do I tell if I have Microsoft Security Update MS04-011 installed (all I can find in Add/Remove Programs is security Updates starting with KP#####)?

You won't find anything begining with MS, look for Security Update for Windows XP (KB835732)

Start > Control Panel > Add or Remove Programs

Check the 'Show Updates' box

And you should find it if it is installed.



Turn off System Restore

Run the online Panda Active Scan and the Trend Micro online scan.

Create a Restore Point when/if clean.

Delete all Restore Points except this one.

Thanks Jacques.

However, when I try to run the Panda or Trend Online Scans, it crashes my Web Browser. I've tried like 5 times each, no success.

I checked in my Add/Remove, that Patch is not listed there, I don't know how to tell if a Newer update I have, includes that patch. I've done subsequent tests & searches with no evidence of that Worm on my system any more. I have done a restore to a previous time, rebooted, killed ALL System Restores, rebooted, tested, initialized & restarted a System Restore Checkpoint. Still no sign of that worm, so hopefully, I'm clear.

I very rarely have any problems with virus's, worms, or Trojans, etc... but one sneaks by every year or two, LOL. It must be about 12-15 months ago I was last infected.

Thanks again for your help, Jac.

Try this place, a do a search!