Hey folks. I booted my comp the other day and found i had forgotten to allow AVG free edition to update. SO that swhen it all began. At startup, the first message that shows is that avg.something wont open as it cant load into memory???? Then stupid little popups keep coming up saying AVG has found a virus named I-worm.sasser.C and .A So i run AVG and get rid of them. And then i reinstalled AVG with all the updates and ran a scan again. Everything was all good, but now AVG's control centre wont run, it always crashes on startup. (i think its that avg file). Any ideas on how i can get rid of this reoccuring worm, and any ways on fixing AVG?<BR><BR>Ps thanks

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html<BR><BR>hope this helps

thanks for fast reply ill try it now<BR>

<img src="i/expressions/face-icon-small-smile.gif" border="0"> np hope it works

it didnt, and now this popup sayin my machine iwll shutdown in 60 seconeds comes up every now and then? wtf ahh help someone please

hmm damn urs is sasser c that program is for sasser b i guess best ting to do now is w8 for sasser c to come out i can't really suggest anything except for telling your parents to stop using e-mail for a while

<br><br><< <i>it didnt, and now this popup sayin my machine iwll shutdown in 60 seconeds comes up every now and then? wtf ahh help someone please </i> >><br><br>that would be the good 'ole blaster worm...do a google search and you'll be able to find the fix straight away

Stevo, first of all, please don't post the exact same thread in numberous forums. That's called Spamming, and can become incredibly confusing to anyone else trying to follow the topic. Thanks. I've cut the rest of this from your other thread, which I have also deleted.<BR><BR>>Symantec has a removal tool on their front page for the W32.sasser.B worm. Nothing for the sasser.C Are you sure it's C, because Symantec (Norton) is always up to date on their virus stuff.<BR>This worm takes advantage of the LSASS vulnerability in Windows, so I advise you to update that ASAP as well. It might do you good to pick up a firewall router too, because they are very effective at blocking Trojans scanning these open ports.<BR><a target=new class=ftalternatingbarlinklarge href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html">Symantec</a> even gives you the ports you need to block in order to be able to get back online to download the MS Updates for this vulnerability.<BR>They even have instructions in the technical details that explain what registry entry it creates to allow it to run every single time you boot into Windows.<img src="i/expressions/face-icon-small-smile.gif" border="0"> <BR><a target=new class=ftalternatingbarlinklarge href="http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=125007">McAfee</a> has a guide on the Sasser.A variant for the more visual learners. You can either use their Stinger tool, or manually delete it by rebooting into safe mode (f8 during startup). <

<br><br><< <i><< <i>it didnt, and now this popup sayin my machine iwll shutdown in 60 seconeds comes up every now and then? wtf ahh help someone please </i> >><BR><BR>that would be the good 'ole blaster worm...do a google search and you'll be able to find the fix straight away</i> >><br><br>oops my mistake - only just found out about the sasser worm! loads of people at my uni campus have got it...the moral - always update windows and your virus defs

i was reading what it does on the trendmicro site, like how it works, its so ridiculous. it was like it sends thru port 9999 and opens port 21 and uses ftp command such and such and takes control of your comp, im like wow who figured this stuff out lol

It hasn't got me , I must have enough firwall protection to keep my system safe, i checked the microsoft web site out and used their online detectio tool and my system came up clean. it also says there are about 4 different versions out there on the loose. <a target=new class=ftalternatingbarlinklarge href="http://www.microsoft.com/security/incident/sasser.asp">click here for the detection tool website</a><BR><BR>hope this is of some help to somebody<img src="i/expressions/face-icon-small-wink.gif" border="0">

<BR>I have an even stranger problem. My PC is showing all the symptoms of having the Sasser worm but I can find no trace of the worm on my PC.<BR><BR>My PC keeps complaining about a problem with LSASS.EXE and rebooting which is a classic sign yet the detection programs from Microsoft and Symantec tell me I dont have the virus. I have looked at the registry and there are no strange entries where Sasser is supposed to put them, there are no strange programs in Task Manager and the file that Sasser is supposed to put on the PC is not anywhere on my PC. I have checked the details for Sasser A through to D and can find none of the things described. I wonder if there is a new version that hides itself better?