Wednesday: 05.May.2004

Cinco de Mayo & Sasser worm

Been out-of-town for a couple of weeks. Good to be back. Noticed there's a new nasty worm out, called W32.Sasser.B.Worm. I found it interesting that the worm "Copies itself as %Windir%\Avserve2.exe".

Then it says: "Note: %Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location." In the Windows XP Install guide, I recommend installing Windows to a partition OTHER THAN the C drive, because some viruses specifically target the C drive. But in this instance, my strategy would not have worked.

Make sure your virus definitions are up-to-date. It only affects WXP & W2K, not WMe or W9X. You can download a fix from Microsoft. You can also download a removal tool (FxSasser.exe) from Symantec. More Sasser info posted here. I downloaded both and checked my system. It said I'm clean. Also make sure you have a recent Ghost image and are protected behind a well-configured Firewall. See Ice Czar's link-farm for more in-depth info on Internet Security.

••• continued •••

I *have* however, been seeing lots of email viruses lately. Somebody sent me an email claiming to be from "management@radified.com". It said:

Hello user of Radified.com e-mail server,
Our antivirus software has detected a large amount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software. For details see the attached file.

Have a good day,
The Radified.com team

Well, that was a humorous email, cuz *I* am the "Radified.com team", and there is no email account named "management". They must think I'm stupid to open that attached file. NOD32 caught it right away: "Warning: NOD32 Antivirus System found the following infiltrations in the message: Info.pif - Win32/Bagle.J worm - deleted." But it was a good try. Made me chuckle.

I had a hard drive die today. Sux. It's been dying a slow death for a month now. Today it started making a wheezing noise, like a 90-year-old man with emphysema. Not long after, it took its last gasp. Fortunately, I had a recent Ghost image on hand and was able to restore all data after partitioning.

The failed drive was an IBM 120-GXP, several years old, with no active cooling. I replaced it with a Western Digital because the store didn't carry any Seagate drives, which I prefer.

At first, I couldn't see the new drive, cuz I set the jumpers wrong. I jumpered it for "Master with Slave present", when it was the only drive on the channel. After I figured that out, everything was hunky-dory.

PS - Happy Cinco de Mayo (a big deal here in SoCal).



Posted by Rad at May 5, 2004 07:07 AM

[RADIFIED HOME]

[Newest Rad Weblog]

[Rad Community Forums]

[Back-up your PC's hard drive with Norton Ghost]

[Back-up your PC's hard drive with Norton Ghost 12/14]

[Virtual Private Servers: Guide to VPS Web Hosting]

[Rip & Encode CD audio to high-quality MP3]

[Hard Drive Partitioning Strategies]

[Windows Installation guide]

[PC Computer Maintenance]

[Radify your Laptop (Notebook PC)]

[Favorite Rad Freeware]

[Magoo's BitTorrent Guide]

[Create Bootable CD/DVDs]

[Magoo's guide to Eliminating Spyware]

[Digital Camera Buyer's guide]

[Intro to Linux]

[Wireless Networking]

[Guide to eBay]

[ASPI Layer Drivers]

[Boot from a SCSI hard drive]