Breaking down Sasser s visit
5/8/2004When a computer won t work, most people immediately suspect hard disk problems or other hardware glitches.
It s easy to overlook the No. 1 cause of computer malfunctions: Computer viruses and worms. Viruses, which spread via email attachments, and worms, which spread over the Internet, disable millions of computers each year.
Here s the trouble-shooting log from a personal experience a few days ago, when I mistook the new Sasser computer worm for a hardware failure. The approach may help people without much computer knowledge muddle through similar situations.
The scene:
After a few minutes of running, the computer displays an error message, “C:/WINNNT/system 32 lsass.exe terminated unexpectedly with status code 128.” It includes a 60-second countdown clock that turns the computer off and back on. After rebooting, the computer runs for a few minutes, flashes the same error message, and reboots itself in the same way.
After much venting of frustration, I decide to find out what that error message means. I copy it down and head for the Internet. However, the Internet connection is dead. Now I m sure the computer is trash.
How about rebooting the modem? The cable modem has no reboot or power switch, so I disconnect and reconnect the power cord. Still no Internet connection.
Shutdown both the computer and the modem. Reconnect the modem. Restart the computer. The Internet is back up. But the error message flashes again and reboots the computer before I can check. When it restarts the Internet connection is dead again.
Now, however, I know how to restore the Internet in this situation – by rebooting both computer and modem. Eventually, I get on the Internet. The search takes me to Microsoft s web site (HYPERLINK "http://www.microsoft.com/"www.microsoft.com) and a description of the error message. It s from a new computer worm called “Sasser” that exploits a security hole in Microsoft s software.
The site offers directions and a tool for cleaning the worm. Sasser s countdown clock reboots my computer about 20 times, however, before I can read and use the instructions. Eventually it works. Sasser is out and I m out about 4 hours of time.
Microsoft s site also offers a reminder that none of this would have happened if I had downloaded their security patch issued in April. None of this would have happened, either, if Microsoft sold secure software.
Wait a minute. Long ago I configured this computer to automatically download and install those security patches and updates. Let s check. Click on the Start Button. In the new menu click on Settings, Control Panel, and Automatic Updates.
Automatic Updates is disabled. That s odd, because I am the only user of this computer, which is password protected. I click “Enable,” select automatic downloads and installations, and click Apply and OK. I checked again next day, and the feature again was disabled.
Configure your computer for Automatic Updates. Those security patches, along with regular antivirus updates, are critical for protecting against the next computer security assault.