You may have seen a news bulletin about the SASSER virus.  It was responsible for shutting down Delta Airlines for several hours over the weekend.  The only "cure" for this virus is installation of a system patch from Microsoft.  To determine if the patch has already been applied to your system, do the following:

For Windows 2000 users, click Start then Settings then Control Panel
For Windows XP users, click Start then Control Panel

On the Control Panel, click Add or Remove Programs.

A list of "Currently installed programs:" will be presented.  Scroll down and look for one of the following:

For Windows 2000 users, look for "Windows 2000 Hotfix - KB835732".
For Windows XP users, look for "Windows XP Hotfix - KB835732".

If you see this in the list, YOU ARE OK and can log onto the Internet.

If you do not see this in the list, YOU ARE NOT PROTECTED AND SHOULD NOT LOG ONTO THE INTERNET.  CONNECTING TO THE INTERNET WITHOUT THE PATCH COULD SERIOUSLY JEOPARDIZE ALL USERS OF THE NETWORK!!  


At this point you can take one of two actions.  You can email the Help Desk and we will take care of the problem.  However, you should not get on the Internet until your PC has been cleared.

Or you can log onto the Microsoft sight and install the patch yourself.  (I know this involves logging onto the Internet, but it is the only solution!)  To do this, follow these instructions.

1.  Close any programs you have running and save data if necessary.
2.  Click the link>> http://v4.windowsupdate.microsoft.com/en/default.asp
3.  A green arrow button labeled "Scan for updates" should appear and you should click it.  This will initiate a scan of your computer of patches.
4.  When the scan is completed, you will see an entry in the lefthand column of "Critical Updates and Service Packs (xx)" with a number in place of xx.  If the number is 0, the patch has already been installed and you can close the Internet window and cancel the update, your PC is clear.
5.  Click on "Critical Updates and Service Packs (xx)" and a list should appear in the righthand side showing all of the critical updates to be applied.
6.  Click Add by all of the critical updates (one of them should be KB835732).
7.  Click Review and install updates and follow the instructions.

You may be prompted to reboot after this operation and you should do so.

If you have any questions, please call the Help Line at xxxxxxx.

If you have not verified that your PC contains the patch, YOU SHOULD NOT CONNECT TO THE INTERNET.  If your work requires that you connect to the Internet, call the Help Line and we will respond ASAP.  Connecting to the Internet without the patch could seriously jeopardize all users of the Network.

I got it . Cool thanx for the info .:)

I shoul have 3 copies of the virus when I get to work today.

I got the fix too, but check this out:
=============================================================
cbs2.com/topstories/topstories_story_124122216.html

New Virus Races Around The World
Takes Advantage Of Known Flaw With Windows Operating System

May 4, 2004 10:22 am US/Pacific

NEW YORK (AP)
The fast-spreading "Sasser" worm ravaged 1,600 computers in Taiwan's postal service and infected hundreds more in Hong Kong, but the virus-like global attack might have been temporarily delayed Tuesday in other parts of Asia as companies and homes left their computers switched off during long holidays.

Sasser ? which also struck large U.S., German and British firms ? infects computers by exploiting a flaw in Microsoft Corp.'s Windows operating system. Once inside, the worm scans the Internet for others to attack, causing some computers to continually crash and reboot.

"It doesn't have to come through e-mail, it doesn't have to do anything visible, you don't have to click anything. It finds your machine and it clicks it," David Perry, a computer security expert from Trend Micro told CBS Radio News.

So far, Taiwan has reported the most damage in Asia. The worm snarled the postal service's computer system Monday, forcing about 430 ? or one-third ? of the branch offices to shift to manual service.

The island's postal service ? which also offers banking services ? said the worm hit 1,600, or 12 percent, of its computers, disrupting postal account transfers, remittances and withdrawals. But automated teller machines worked normally, and there was no danger of private information being leaked in the attack, the company's Web site said.

By Tuesday, the state-run firm said that service has returned to normal.

Sasser spreads faster than most viruses because it does not require users to click on an e-mail attachment to activate it. But there have been no reports of Sasser causing any permanent damage to files or machines.

In Hong Kong, Sasser wormed its way into two government departments, said Amy Tam, spokeswoman of the Information Technology Services Department. Tam, who declined to identify the infected departments, said the virus has been contained.

Computer systems at some public hospitals in Hong Kong were also affected, but most have recovered, Hospital Authority Connie Lau said. Patients' records and other data were not affected, she added.

Roy Ko, head of the government-funded Hong Kong Computer Emergency Response Team Coordination Center, said his center received 389 reports of infection between Saturday and Tuesday morning.

Individual users were worse hit than companies, which constitute about a third of the infections reported, Ko said.

Several major computer-using nations ? like Japan, Thailand and India ? reported little or no damage as people celebrated national holidays and left their computers off.

Japan's National Police Agency posted a warning on its Web site, expressing concern that Sasser might spread after the "golden week" holiday, which began last Saturday and ends Wednesday.

The agency urged computer users to install antivirus software and take other precautions. Computer software companies, such as Symantec, Trend Micro and Network Associates, also issued a warning.

Thailand and India were also celebrating a national holiday ? the Buddha's birth ? so the extent of any attack was not clear.

"We have received reports from some of our customer companies that they have been hit by the Sasser worm. But we don't know the intensity and spread of the attack in the country," said Niraj Kaushik, country manager for Trend Micro India, a subsidiary of the Tokyo-based antivirus company Trend Micro.

In Singapore, Charles Cousins, managing director of Sophos Antivirus Asia, doubted that Sasser would hit corporations as hard as the Blaster virus did last August.

Both viruses infect computers by e-mail, and Cousins said last year's experience with Blaster has made companies more cautious.

He added, "Sasser will be very frustrating for home users but unless corporations are very, very lax, it will not have an effect on them."

©MMIV, CBS Broadcasting Inc. All Rights Reserved.

© 2004 The Associated Press.

You can also go to the Symatec web site for FXSasser.exe.  The worm replicates itself so quickly that it can shut down your system or make it impossible to get on the net to upgrade your system.  My dad's computer got it, and I had to install the fix from a CD to get him back online to download the patch.  My daughter's computer had it as well.  She's still off line.  It seems to affect those with a dial up connection or a DSL line.  We have cable internet and a router.  So far, so good.  I updated just in case.  

 Yeah, I got Sasser and Gaobot the other night....all over Cate Blanchette....if you guys remember the "which celebrity would you like to date" thread I went looking for a publicity photo of Cate for the thread.... not a minute after I picked up that picture everything went to shit...took me about eight hours to get everything settled....IT SUCKED.  But for Cate, hell, it was still worth it.....even if she is married....................................................damn it.

Got the fix. Thanks for the heads-up.

eEye has a network scanner also:

www.eeye.com/html/Research/Tools/Sasser.html

Got it (KB835732)

Thanks for the 411.

Sounds like a vast Bill Gates conspiracy.  Microsoft engineered this virus so that you would be forced to get a patch from them.  I'm sure it has all sorts of spyware and tracking progs in it.  It reports all your habits to Microsoft more so than your comp already does.

Great.  SKYNET all over again.

We're fucked.

Quoted: Sounds like a vast Bill Gates conspiracy.  Microsoft engineered this virus so that you would be forced to get a patch from them.  I'm sure it has all sorts of spyware and tracking progs in it.  It reports all your habits to Microsoft more so than your comp already does. Great.  SKYNET all over again. We're fucked.

My employer got hammered last october by Sobig...took them probably 24-36 hrs to get all extraneous network traffic killed.  Now they have some sort of automated patch server.  It really isn't possible to keep a large organizations windows PC's current without some autonomy.

Great bit of info for removing this virus if you happen to get it

Here is a link to the M$ patch

Another M$ page regarding the virus

Anybody else like the irony of finding all this info online?

Dang, they left Windows 98 off the list again.  I never have no fun.

SB-Yahoo sent out a mandatory  get the patch E-mail the other day.  If your machine gets infected and passes it on they would cut your servie.  (I doubt that but ) it looks like they are pretty worried about it screwing things up.

Quoted: Anybody else like the irony of finding all this info online?

Yes. It's also worth noting that I posted this before getting the patch. It's crazy.

Quoted: Sounds like a vast Bill Gates conspiracy.  Microsoft engineered this virus so that you would be forced to get a patch from them.  I'm sure it has all sorts of spyware and tracking progs in it.  It reports all your habits to Microsoft more so than your comp already does. Great.  SKYNET all over again. We're fucked.

Should we start loading extra mags?