Release Date: May 4, 2004
Print this page immediately and provide you with your own instructions (if your computer continues to shut down), or to help your friends.
If you are using Microsoft? Windows® XP or Windows XP Service Pack 1 (SP1) and your computer infects the oscillating worm virus, you can take these steps to update your software, remove worm viruses and make you free It is later infected.
Step 1: Disconnect Internet Connections To avoid more problems, disconnect the Internet connection:
Broadband Connection User: Determine the cable position to which the external DSL or cable modem is connected, then unplug the cable from the modem or phone line jack. Dial-up user: Determine the cable position to connect to the computer's built-in modem and telephone line jack, then unplug the cable from the phone line jack or from the computer.
Step 2: Termination The shutdown period This worm causes lsass.exe to stop responding, this program enables the operating system to force the operating system to shut down after 60 seconds. If your computer starts to shut down, follow these steps to interrupt any system shutdown process that may be in a running state.
On the taskbar at the bottom of the screen, click Start, and then click Run. Type "CMD" and click OK. Type "Shutdown.exe -a" on the command prompt, then press ENTER. Step 3: Reduce vulnerability hidden dangers You can temporarily eliminate the worm virus by creating a log file.
Create a log file
On the taskbar at the bottom of the screen, click Start, and then click Run. Type "CMD" and click OK. Type "Echo Dcpromo>% SystemRoot% / Debug / DcPromo.log" at the command prompt, then press Enter. Set the log file to read-only properties
Type "Attrib R% SystemRoot% / Debug / DcPromo.log" at the command prompt, then press Enter. Step 4: Improve system performance If your computer is slow or the Internet connection is too slow, the worm may have spread within your local area network connection. This will make you unable to download and install the software updates you need. To improve system performance:
Press CTRL Alt Delete and click Task Manager. For each task that may be listed below, click and select the task, and then click the End Tasks button to end. Any task ending with _up.exe (for example, 12345_up.exe). Any task starting with AVserve (for example, avserve.exe). Any task starting with AVSERVE2 (such as avServe2.exe). Any task starting with SkyNetave (such as SkyNetAve.exe). HKEY.EXE MSIWIN84.EXE WMIPRVSW.EXE
Note: Do not end the WMIPRVSE.exe task; this is a legal system task.
Step 5: Enable the firewall firewall is a software or hardware that can build a protection barrier between the computer and the Internet. If your computer has been infected with viruses, the firewall will help to limit the impact of worms. Windows XP contains Internet Connection Firewall (ICF). To open ICF:
On the taskbar at the bottom of the screen, click Start, and then click Control Panel. Click Network and Internet Connections. (If you do not display Network and Internet Connections, click "Switch to Sorting View" in the Control Panel on the left side of the Control Panel window.) Click Network Connection. Right-click the Dial, LAN, or High Speed Internet connection used to connect to the Internet, and then click Properties in the shortcut menu. On the "Advanced" tab of the Internet Connection Firewall, select Protect My Computer and Network, and then click OK. Now, you have started to enable Windows XP firewall. Step 6: Reconnect the Internet to reconnect the cable back to your computer, telephone line jack or modem. Step 7: Install the update required to make your computer infected with this worm, you must download and install security updates 835732, this update is published in Microsoft Security Announcement MS04-011. To download the security update 835732, please go http://go.microsoft.com/?linkid=526067
Step 8: Check and remove the oscillating worm After completing the installation update and restart your computer, go to the web page http://www.microsoft.com/china/security/incident/sasser.asp "What you shop Know About The Sasser Worm and Its Variants (for oscillating worms and their variants you should understand). Use the Swift Worm Remove Tool to search for your hard drive and remove Sasser.a, Sasser.b, Sasser.c, and Sasser.d.
About Internet Connection Firewall Windows XP Internet Connection The firewall can mask useful tasks, such as through network sharing files or printers, transfer files or multiplayers in the application. Nonetheless, Microsoft recommends that you use the firewall to protect your computer.
If you open the Internet connection firewall, but find that you cannot perform some tasks that need to be executed, read http://www.microsoft.com/china/security/protect/ports.asp "How to open ports in the" How to Open Ports in The Windows XP Internet Connection FireWall (how to open the port in the Windows XP Internet Connect to the firewall).
If you have multiple computers, you need more technical information or you want to learn more about the firewall, read http://www.microsoft.com/china/security/protect/firewall.asp "Frequently asked Questions About FireWalls "(FAQ) About the FAQ). Windows 2000 users: Measures to be taken when computer infection oscillation (SASSER) worms Release Date: May 7, 2004
Print this page immediately and provide you with your own instructions (if your computer continues to shut down), or to help your friends.
If you are using Microsoft? Windows 2000 Service Pack 2 (SP2), Windows 2000 SP3 or Windows 2000 SP4 and your computer is infected with oscillating worm viruses, you can take these steps to update your software, remove worms and Make you free from later infection.
Step 1: Disconnect Internet Connections To avoid more problems, disconnect Internet Connections: Broadband Connection User: Determine the cable position to connect to the external DSL or cable modem, then unplug the cable from the modem or phone line jack . Dial-up user: Determine the cable position to connect to the computer's built-in modem and telephone line jack, then unplug the cable from the phone line jack or from the computer.
Step 2: Reduce vulnerability hidden dangers You can temporarily eliminate the worm virus by creating a log file.
Create a log file
On the taskbar at the bottom of the screen, click Start, and then click Run. Type "CMD" and click OK. Type "Echo Dcpromo>% SystemRoot% / Debug / DcPromo.log" at the command prompt, then press Enter. Set the log file to read-only properties
Type "Attrib R% SystemRoot% / Debug / DcPromo.log" at the command prompt, then press Enter. Step 3: Improve system performance If your computer is slow or the Internet connection is too slow, the worm may already spread within your LAN. This will make you unable to download and install the software updates you need. To improve system performance:
Press CTRL Alt Delete and click Task Manager. For each task that may be listed below, click and select the task, and then click the End Tasks button to end. Any task ending with _up.exe (for example, 12345_up.exe). Any task starting with AVserve (for example, avserve.exe). Any task starting with AVSERVE2 (such as avServe2.exe). Any task starting with SkyNetave (such as SkyNetAve.exe). HKEY.EXE MSIWIN84.EXE WMIPRVSW.EXE
Note: Do not end the WMIPRVSE.exe task; this is a legal system
Step 4: Enable firewall firewalls is a software or hardware that can build a protective barrier between the computer and the Internet. Microsoft does not manufacture software firewalls that are independent of the operating system. The following resources provide details about some firewall options.
The hardware firewall hardware firewall is ideal for Windows operating system versions before Windows XP. Some home network hardware, such as wireless access points and broadband routers, including embedded hardware firewalls. These firewalls help protect most home networks.
Software firewall Microsoft strongly recommends that all users, be sure to get and install the firewall before connecting the Internet. However, we also realize that some users will find that downloading software is their only choice. If you choose to reconnect the Internet to get the software firewall, some choices are available at this point:
Blackice PC Protection - Save 25% (http://blackice.iss.net/Microsoft.php) Computer Associates-12 months Free trial period (http://www.my-trust.com/microsoft/) F-Secure -6 months Free trial period (http://www.f-secure.com/protectyourpc/) McAfee Security - save up to 35% (http://us.mcafee.com/root/campaign.asp?cid= 8437) Panda Software-90 days free trial period (http://www.pandasoftware.com/microsoft/) Symantec / Norton-90-day free trial period (http://www.symantecstore.com/dr/v2/ec_dynamic. Main? sp = 1 & pn = 46 & SID = 27674) Tiny Software: Tiny Personal Firewall (http://www.tinysoftware.com) ZoneAlarm - save $ 20 (http://download.zonelabs.com/bin/promotions/microsoftsecurity/) Step 5: Reconnect the Internet to reconnect the cable back to your computer, telephone line jack or modem. Step 6: Install the update required to make your computer infected with this worm, you must download and install security updates 835732, this update is released in Microsoft Security Announcement MS04-011. To download the security update 835732, please go http://go.microsoft.com/?LinkId=526386
Step 7: Check and remove the oscillating worm After completing the installation update and restart your computer, go to the web page http://www.microsoft.com/china/security/incident/sasser.asp "What you shop Know About The Sasser Worm and Its Variants (for oscillating worms and their variants you should understand). Use the Swift Worm Remove Tool to search for your hard drive and remove Sasser.a, Sasser.b, Sasser.c, and Sasser.d.
For more information about the firewall, hardware firewall and network router, hardware firewall, and network router for other companies, and select the firewall corresponding to your computer, see http://www.microsoft.com/security/articles/firewall.asp "Why You Should Use a Computer FireWall" (why you should use a computer firewall). If you have other configurations such as small networks, or learn more about firewalls, read http://www.microsoft.com/china/security/protect/firewall.asp (FAQ for Internet Firewall).
