If it IS Sasser, here's what to do. (This is straight from my playbook.)
Cold-boot the machine. Open up task manager via ctrl-alt-del, ctrl-shift-esc, or by typing taskmgr into a Run box. Look for the following processes. One or more may be present:
avserve.exe avserve2.exe hkey.exe lsasss.exe (NOTE THE EXTRA 's'. lsass.exe is a valid Windows system file!) skynet.exe skynetave.exe
And anything taking up large quantities of CPU time. (Note that if there are two or more processes battling for CPU, end the one that looks the most suspicious. Sometimes valid system processes will fight over something with, say, antivirus software, and when you kill one the other finishes what it needed and behaves.)
If a Windows NT Authority shutdown kicks in, telling you you have 60 seconds and the computer will shut down, go to Run in the start menu and type shutdown -a. That'll abort a shutdown. Repeat as necessary.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
timeasmymeasure
no subject
Date: 2004-05-15 09:09 am (UTC)Cold-boot the machine. Open up task manager via ctrl-alt-del, ctrl-shift-esc, or by typing taskmgr into a Run box. Look for the following processes. One or more may be present:
avserve.exe
avserve2.exe
hkey.exe
lsasss.exe (NOTE THE EXTRA 's'. lsass.exe is a valid Windows system file!)
skynet.exe
skynetave.exe
And anything taking up large quantities of CPU time. (Note that if there are two or more processes battling for CPU, end the one that looks the most suspicious. Sometimes valid system processes will fight over something with, say, antivirus software, and when you kill one the other finishes what it needed and behaves.)
Once the processes are killed, go get the patch and removal tool from Microsoft Download Center. Specifically, you want Security Update for Windows XP (KB835732) and Sasser (A-F) Worm Removal Tool (KB841720). Install the patch, run the removal tool, and you're set. If necessary, download the files on a different computer and burn them to CD.
If a Windows NT Authority shutdown kicks in, telling you you have 60 seconds and the computer will shut down, go to Run in the start menu and type shutdown -a. That'll abort a shutdown. Repeat as necessary.
Good luck, dollie.