Recent Posts

Community

Email Notifications

Personal Links

Archives

Harry Waldron - IT Security

Security Developments, Software Updates and Best Practices

MS04-011: Sasser "A" and "B" Removal Tools

While I hope no one needs this, here are several tools and techniques for removing the Sasser worm.    All of these tools are excellent.  I prefer the Microsoft Removal Tool instructions (listed first), which includes the MS04-011 security patch required to avoid reinfections.


Microsoft Removal Tool

http://support.microsoft.com/?kbid=841720


McAfee Stinger

http://vil.nai.com/vil/stinger/


Symantec Removal Tools

http://www.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html


F-Secure Removal Tools 

ftp://ftp.f-secure.com/anti-virus/tools/f-sasser.zip
ftp://ftp.f-secure.com/anti-virus/tools/f-sasser.exe
ftp://ftp.f-secure.com/anti-virus/tools/f-sasser.txt

Before using the tool please read the disinfection instructions from 'f-sasser.txt'.


Trend Micro Removal Tools

http://www.trendmicro.com/download/dcs.asp

 

Microsoft - Manual Disinfection

To manually disinfect an infected system, first apply the Microsoft patch MS04-011, then use Task Manager to kill the "avserve2.exe" process, then delete the file AVSERVE2.EXE from your Windows directory and reboot.

Steps from Microsoft's site (includes test button and tools):
http://www.microsoft.com/security/incident/sasser.asp

Manual Removal steps for Technical Users
http://www.microsoft.com/technet/Security/alerts/sasser.mspx

Posted: May 02 2004, 10:17 AM by Harry Waldron | with 2 comment(s)

Comments

TrackBack said:

# May 2, 2004 2:40 PM

TrackBack said:

# May 3, 2004 9:54 AM