FINDING A HIDDEN SASSER IN MY 600

Older ThinkPads.. from the 600, the 7xx, the iSeries, 300, 500, the Transnote and, of course, the 701
Post Reply
Message
Author
don

FINDING A HIDDEN SASSER IN MY 600

#1 Post by don » Sat Dec 11, 2004 8:18 pm

Greetings,
I am trying to get my old 600 set up to travel and do some email. I can connect it wirelessly here at home and it is fine. When I connect via dial-up, the sasser shows its head. It does the"LSA Shield" thing, gives me the process of C\Windows\System32\SASS.exe....then I get the status code 1073741819...then the "countdown to darkness".

Using my wireless connection I have downloaded every sasser removal tool on the web and I have the latest updates in Norton...and I turned off the restore long ago.

Could this critter have gotten itself embedded in my modem code??? and in some way not be scanned by all the removal tools??

I am not a computer guru so please keep it simple. I am running XP-Pro and using the 600 right now on the wireless router.

Any ideas???

thanks, Don

MadeInJapan
Senior Member
Senior Member
Posts: 936
Joined: Wed Jul 07, 2004 11:02 pm
Location: Knoxville, TN

#2 Post by MadeInJapan » Sat Dec 11, 2004 8:38 pm

Have you been to www.symantec.com (Norton's site) and seen what they offer for removal? Don't know about modem code, but I know it can reside in RAM.

don

worming out the worm

#3 Post by don » Sat Dec 11, 2004 9:22 pm

Yes I did that about 2 weeks ago but I will look again now that I know more about when it shows up. thanks, Don

ian
**SENIOR** Member
**SENIOR** Member
Posts: 765
Joined: Sun Apr 25, 2004 1:18 am
Location: Auch, SW France
Contact:

#4 Post by ian » Sun Dec 12, 2004 4:42 am

Just a thought - have you tried starting in test mode (press F8 when you start-up) - many of these Sasser/sasser clones are loaded directly into memory and won't be easy to delete if you startup normally. This mode loads just a basic set of pilots for the screen etc (no CD for example) which lets you do much more when it comes to debugging.

Also, after having started up in this mode, run MSCONFIG (Start, Run, type MSCONFIG and press Enter) and select the Startup menu - from there you can disable a whole bunch of nasties that will automatically load when you start the system.
Ian at thinkpads dot com

Post Reply
  • Similar Topics
    Replies
    Views
    Last post

Return to “ThinkPad Legacy Hardware”

Who is online

Users browsing this forum: No registered users and 15 guests