Something I received on Sasser. Step 3 cleans it off your system if you have it. Steps 1 and 2 prevent you from getting it. They should be done in order. Hope it helps....
For those of you who don't know, there is an internet worm circulating which is slowing down the internet lately and causing numerous problems. If you have Windows XP, Windows NT or Windows 2000 this affects you. (If not, you can disregard this notice as the worm cannot harm machines running Windows 95 or 98 - although I do believe it is still capable of spreading the worm to other computers). If this worm gets into your computer, it will gradually use up all of it's resources until your computer crashes. Upon rebooting, it will send itself to other computers on the internet, then crash again, etc etc. It doesn't forward any private information from your computer, but it is a huge nuisance nonetheless. You can get this worm simply by having a computer that is connected to the internet. It is not spread via email or a web browser and you'll have no knowledge of when you get it (aside from your computer performing much more poorly), so anybody can get it any time their computer is simply on and connected to the internet.
To protect yourself from this worm you must do 3 things: 1) Update your Windows software, 2) Have a firewall updated and running at all times, and 3) Run the Sasser removal tool. Virus software is not enough...it's the firewall that stops worms. To make the process a little easier, I've summarized here what you need to do to protect your computer. This may look very complicated, long and difficult, but it's really not if you just follow along exactly as written. You SHOULD buy firewall software if you do not have it...but at the very least do Steps 1 and 3 as everyone with Windows XP/NT/ME can do that. Much better to do all three though.
=========================================================================================
1) Update Windows - The regular Microsoft website has been flooded since this worm first appeared, so getting an update at the usual address (windowsupdate.microsoft.com) may not be possible. To save you the hassle of waiting through what will likely be a very long (and possibly endless) wait there, I have found a backup site which is much less busy where you can do this. Go here:
http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx . Scroll down to the "Affected Software" section, and pick the one for the version of Windows you are running. In most cases if you are running Windows XP the correct version is the one that reads: Microsoft Windows XP and Microsoft Windows XP Service Pack 1 (not the 64-bit version). Click on "Download the Update", and when promted choose "Open" or "Run" (not "Save"). Let it install. When it's done, reboot your computer.
=========================================================================================
2) Update your firewall - Hopefully you've got a firewall running! I am only really familiar with Norton Security, so I'll give you the quick summary for it. If you're running another type of firewall you'll have to figure it out on your own I guess. If you have Norton Security, on the taskbar down by the clock there should be an icon for it (usually looks like a green globe - not the Norton Anti-Virus icon, that one looks like a computer with a yellow screen). Double-click it, and then click on Live Update, and then Next. Like the Microsoft website, Live Update has been overloaded since this worm came out. You MAY get an error saying "Live Update failed while getting your updates". If this is the case, read on, as I have a backup solution. If you did not get an error, simply let it install, and then reboot your computer. If you did get the error, close Norton Security and go here:
http://securityresponse.symantec.com/avcenter/defs.download.html . Click on "Download Updates", and then click on the first file listed (the one that ends in "-i32.exe"). When promted choose "Open" or "Run" (not "Save"). Let it update your software, and then reboot.
=========================================================================================
(Optional section)
2a) You should now be protected from the Sasser worm infecting your system (if you are not already infected). If you want to be absolutely sure and you're feeling curious/adventurous, then do the following (otherwise proceed to Step 3) :
Double-click on the Norton Security icon on your taskbar.
Double-click on the words Personal Firewall.
Click on the Advanced tab at the top, and then on the button labeled General.
Scroll down the list and look for an item labeled "Default Block Microsoft Windows 2000 SMB". The word "Block" should appear on the next line in red.
Double-click on this section. DO NOT uncheck the check box while doing this.
Click on the Communications tab.
In the box at the bottom of this window you should see the words "Port 445". If you can see this, you are protected from the worm.
"X" or "Cancel" your way out of these menus, changing nothing.
Again, if you are running some other firewall you'll have to figure out how to get into that yourself...but the key thing is to ensure access to Port 445 is blocked.
=========================================================================================
3) Finally, to make absolutely sure you don't have it lingering on your system from before you made these changes, there is a removal tool you can quickly download. Download the FxSasser.exe file from:
http://securityresponse.symantec.com/avcenter/FxSasser.exe. Click on "Save", save it to your desktop, then double-click it on the desktop and let it do it's thing. If you have the worm already on your system it will clean it off. Once complete you can delete the 2 icons it places on your desktop if you wish.
