Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
General
GeneralPortable MacsHardwareNetworking
Applications
Mac ApplicationsEudoraFirefox / MozillaInternet ExplorerOutlook ExpressMS OfficeEntourageExcelPowerPointWordVirtual PCMedia PlayerOther MS Products
Programming
Mac ProgrammingCodeWarriorPerl
Country Specific
Australian Mac GroupUK Mac Group

Mac Forum / Applications / Virtual PC / August 2005


Tip: Looking for answers? Try searching our database.

sasser worm

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
SeanC - 29 Aug 2005 14:25 GMT
What do I do if I have been infected by the sasser worm?
Reply to this Message
Paul Ballou - 29 Aug 2005 17:03 GMT
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html
see if you use the removal tool here
Signature

Paul Ballou
MVP Office
http://office.microsoft.com/home
http://www.freeserifsoftware.com/
http://www.ballousgiftshop.com

Life would be easier if we could view the source code

> What do I do if I have been infected by the sasser worm?
Reply to this Message
SeanC - 29 Aug 2005 16:17 GMT
The full message is  "lsass.exe - System Error: When trying to update a
password, this return status indicates that the value provided as the
current password is not correct" and I am running virtual pc 5 on a mac
G4.  Are the abovew listed removal tools still applicable? If so, which
one should I download?

Thank you so much for trying to help me out.  I have been grappling
with this for almost a week.  I bought the software used.  Is it
possilbe that it came infected?
Reply to this Message
Paul Power - 29 Aug 2005 17:01 GMT
This is NOT the Sasser worm.

The description of the Sasser worm is:

"Stack-based buffer overflow in certain Active Directory service
functions in LSASRV.DLL of the Local Security Authority Subsystem
Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4,
XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows
remote attackers to execute arbitrary code via a packet that causes the
DsRolerUpgradeDownlevelServer function to create long debug entries for
the DCPROMO.LOG log file, as exploited by the Sasser worm. "

Your problem uses the the same Local Security Service (LSASS), but is a
local password issue only. When you are trying to change your password,
the system is reporting that the existing password that you have
entered (the one that to want to change) is incorrect. Perhaps you have
the CapsLock key on OR you are trying to use the number pad without the
Clear key on. In any event, this is certainly not the Sasser worm
infecting your system
Reply to this Message
Steve Jain - 29 Aug 2005 22:04 GMT
>The full message is  "lsass.exe - System Error: When trying to update a
>password, this return status indicates that the value provided as the
[quoted text clipped - 5 lines]
>with this for almost a week.  I bought the software used.  Is it
>possilbe that it came infected?

Since VPC with Windows is on a CD it would not be infected by a virus,
unless its an illegal copy.

Signature

Cheers,
Steve Jain, Virtual Machine MVP
Website: http://www.essjae.com
"This posting is provided "AS IS" with
no warranties, and confers no rights.
You assume all risk for your use.
I am not am employee of Microsoft."

Reply to this Message
Tony Kavadias - 30 Aug 2005 05:41 GMT
Umm...

>>The full message is  "lsass.exe - System Error: When trying to update a
>>password, this return status indicates that the value provided as the
[quoted text clipped - 8 lines]
> Since VPC with Windows is on a CD it would not be infected by a virus,
> unless its an illegal copy.

... why?  Are illegal CDs writable?!

 ;-D  <joke!>

--
-- tonza
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.