[ skip to content ]


The Sasser virus has started infecting computers on the Old Dominion University campus. Below is information to help users react appropriately to the virus.

Symptoms indicating infection may display a dialog box from Windows that says "LSA Shell has encountered a problem" and/or a dialog saying "The system is shutting down" with a countdown timer.

For OCCS Managed Workstations:

OCCS will be executing the Sasser Removal Utility through the NAL and then patching the workstation with the necessary security fixes (in coordination with TSP's). Once the computer reboots the patching process will be complete.

If your system isn't centrally managed by OCCS, please do these things -

1. Install the most recent MSFT patch by visiting Windows Update at windowsupdate.microsoft.com. You need to make sure that patch KB835732 is in the list of updates to be applied on your system. You will need to be a local administrator to accomplish this task. Details on the patch: http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

2. Update your NAI to version 4357. Details on the worm from McAffee on Sasser A (there are three different worm types): http://vil.nai.com/vil/content/v_125007.htm

3. Download and run the current Stinger (as of May 4) - this will search out and clean the virus from your system. Stinger Download page: http://vil.nai.com/vil/stinger/.

There is also a specific virus removal tool from Symantec: http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html.

This article was posted on: May 5, 2004

Old Dominion University
Office of University Relations

Room 100 Koch Hall Norfolk, Virginia 23529-0018
Telephone: 757-683-3114

Old Dominion University is an equal opportunity, affirmative action institution.