Warning message... Link to action
Read about our in-depth analysis of a new high-volume campaign that marked the resurgence of notorious malware-as-a-service Hawkeye Keylogger. Read the blog post
Aliases: W32/Sasser.worm (McAfee) W32.Sasser.Worm (Symantec) WORM_SASSER (Trend Micro) Win32.Sasser (CA) Sasser (F-secure) Sasser (Panda) W32/Sasser (Sophos) W32/Sasser (Norman)
Recovering from recurring infections on a network
Ensure that an antivirus product is installed on ALL computers connected to the network that can access or host shares.
Ensure that all available network shares are scanned with an up-to-date antivirus product.
Restrict permissions as appropriate for network shares on your network. For more information on simple access control, please see: http://technet.microsoft.com/library/bb456977.aspx.
Remove any unnecessary network shares or mapped drives.
Removing this threat
Take the following steps to help prevent infection on your computer:
Enable a firewall on your computer.
Get the latest computer updates for all your installed software.
Use up-to-date antivirus software.
Limit user privileges on the computer.
Use caution when opening attachments and accepting file transfers.
Use caution when clicking on links to Web pages.
Avoid downloading pirated software.
Protect yourself against social engineering attacks.
Use strong passwords.
Enable a firewall on your computer
Get the latest computer updates
Use up-to-date antivirus software
Limit user privileges on the computer
Use caution when opening attachments and accepting file transfers
Use caution when clicking on links to Web pages
Avoid downloading pirated software
Protect yourself from social engineering attacks
Use strong passwords
- You see an LSA Shell crash dialog box similar to the following screenshot:
- Your computer restarts every few minutes without user interaction. You may see a system shutdown dialog box, similar to the following screenshot:
Your computer performance is decreased or your network connection is slow.