FINDING A HIDDEN SASSER IN MY 600

[don]

Greetings,
I am trying to get my old 600 set up to travel and do some email. I can connect it wirelessly here at home and it is fine. When I connect via dial-up, the sasser shows its head. It does the"LSA Shield" thing, gives me the process of C\Windows\System32\SASS.exe....then I get the status code 1073741819...then the "countdown to darkness".

Using my wireless connection I have downloaded every sasser removal tool on the web and I have the latest updates in Norton...and I turned off the restore long ago.

Could this critter have gotten itself embedded in my modem code??? and in some way not be scanned by all the removal tools??

I am not a computer guru so please keep it simple. I am running XP-Pro and using the 600 right now on the wireless router.

Any ideas???

thanks, Don

[MadeInJapan]

Have you been to www.symantec.com (Norton's site) and seen what they offer for removal? Don't know about modem code, but I know it can reside in RAM.

[don]

Yes I did that about 2 weeks ago but I will look again now that I know more about when it shows up. thanks, Don

[ian]

Just a thought - have you tried starting in test mode (press F8 when you start-up) - many of these Sasser/sasser clones are loaded directly into memory and won't be easy to delete if you startup normally. This mode loads just a basic set of pilots for the screen etc (no CD for example) which lets you do much more when it comes to debugging.

Also, after having started up in this mode, run MSCONFIG (Start, Run, type MSCONFIG and press Enter) and select the Startup menu - from there you can disable a whole bunch of nasties that will automatically load when you start the system.