sasser and Win 9x/ME

From this site;
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

"W32.Sasser.Worm can run on (but not infect) Win 95/98/ME computers. Although these OS cannot be infected, they can still be used to infect vulnerable systems that they are able to connect to. In this case, the worm will waste a lot of resources so that programs cannot run properly, including our removal tool. On Win 95/98/ME computers, the tool should be run in Safe mode."
I hope that my machine is not one of these. I was going to post today about a slow down in performance, but I think that when i get home I'll look at this. ( I run ME).

 

Thanks Robo

I just can't seem to find info on
a) where to look in ME
b) how to use the tool in ME
c) how to intelligently identify this worm in a non-XP system.

Frustrating........

 

That's interesting. How would it get onto a Win98 box if that particular security loophole does not exist in Win98? Maybe one would have intentionally load it?

Hedda Lora

 

Ah, maybe not 98, ME. If i recall correctly it had some Win2000 stuff in it, but i didnt think it ran services. I think other worms were affecting it too.

Perhaps its just saying how the packets being sent at it to cause the buffer overflow would cause the machine to slow down, maybe even crash but not actually contract the virus. remember its basically a DoS attack that causes the buffer overflow.

 

FYI people

Ran the sasser tool on my ME box last night and am now experiencing a dramatic improvement in performance.

 

you didn't ever see anything funky running in your proccesses did you?
like
avserv.exe
avserve.exe
avserv2.exe
hkey.exe
msiwin84.exe
wmiprvsw.exe
skynetave.exe

or something else crazy takeing up huge amounts of cpu?
i am just wondering what to look for on these machines ME machines that is.

 

Possibly ME/98 are vulnerable but just the exploit does not guess any other eips' other then xp/2k based.

 

I know that my resources were running at 42% instead of my usual 80-90%. I do not know how to find out what is using what in ME. I actually had a friend come over (he's a comp "guru") and do this process. I know for a fact that he removed avserv(e). Unfortunately, I do not know which one(s). He did say that there was a lot of "crap". I do know that my puter booted faster than it has in awhile, and I can move from program to program faster after he was done. What jerks me is that I uninstalled AVG and installed and updated Avast! recently and it missed it, AdAware missed it, SpyBot and SpywareBlaster missed it, and I keep these proggies updated. My friend seems to think that they configure themselves in win9x as to appear friendly. Also, I do not know if it is related, but I danced with netsky when it was out there pretty heavy several weeks ago. I ran HJT late last night and my log file looks clean, at least I can recognize everything on it and it is supposed to be there. Quite a learning process lately.