Results 1 to 33 of 33

Thread: Stop Sasser or Similar by killing the source (Resolved)

Threaded View

  1. #1

    Thread Starter
    Frenzied Member Tec-Nico's Avatar
    Join Date
    Jun 2002
    Location
    México
    Posts
    1,192

    Resolved Stop Sasser or Similar by killing the source (Resolved)

    Hello, I hadn't been here for a long time... But please let me explain what I am trying to do.

    The problem is that there is an old computer with Windows 2000. The computer's hard disk has problems and it was divided in two partitions, the one that has the Operative System is not damaged and has 100 MB of free space, the other one is damaged and it won't allow to be formatted nor to install the OS on it.

    This old computer doesn't have space for installing the second service pack and is needed to be on the net. Whenever it comes on-line it crashes because of a behavior that is similar to the Sasser virus: It generates a random IP and if the IP is valid it tries to connect using FTP. The computer has Antivir and ZoneAlarm to avoid viruses from stepping in and taking control.

    I was wondering if there is a way to find the process that is generating the random IPs and stop it before it makes the computer crash (it makes lsass.exe come up with an error message and no internet activity will be able to be performed after this and then forces the computer to restart by shutting down the system)... Something like using the API to find a process and then force it to be closed.

    Could you please help me with some suggestions? I was thinking to have a background program that would detect when cmd.exe is running and then force it to be closed... But I don't want the program to cause the computer to be slower to the point that nothing can be done with it.

    Thanks for taking your time to read my problem and to all of you who would go further and try to help me.
    Last edited by Tec-Nico; Aug 12th, 2005 at 01:35 PM.
    We miss you, friend... Rest in Peace, we will take care of the rest of it.

    [vbcode]
    On Error Me.Fault = False
    [/vbcode]
    - Silence is the human way to share ignorance
    Tec-Nico

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width