Download Microsoft Sasser (A-F) Worm Removal Tool: Full Guide
Since you are looking to secure an older system or research legacy threats, this guide assumes you are dealing with a Windows XP or Windows 2000 environment infected with the classic Sasser worm variants A through F. Understanding the Sasser Worm Target: Windows XP and Windows 2000 systems.
Exploit: Vulnerability in the LSASS (Local Security Authority Subsystem Service). Network flaw: MS04-011 security vulnerability. Symptom: Automated system shutdown countdown timer. Disruption: Constant crashing of lsass.exe. Step 1: Isolate and Stabilize the System
Before downloading any tool, you must stop the forced shutdown cycle. Open the Start Menu. Click Run. Type cmd and press Enter. Type shutdown -a and press Enter. This aborts the immediate countdown. Step 2: Download the Removal Tool
Microsoft addresses legacy threats like Sasser through the Malicious Software Removal Tool (MSRT). Boot a clean, internet-connected computer. Visit the official Microsoft Download Center. Search for KB890830 (Malicious Software Removal Tool).
Download the version matching your architecture (32-bit/64-bit). Transfer the file via USB drive to the infected machine. Step 3: Run the Removal Process Disconnect the infected PC from the local network.
Double-click the downloaded Windows-KB890830-V5.xx.exe file. Choose Full Scan to check all storage sectors. Let the tool isolate and delete Sasser variants A-F. Restart the computer once the scan completes. Step 4: Patch the Vulnerability
The removal tool only deletes the virus; it does not fix the security hole. Install the cumulative security update MS04-011. Enable the built-in Windows Firewall immediately. Keep the network cable unplugged until the patch installs.
To help refine this guide for your specific situation, could you provide a bit more context?
What operating system version and service pack are you currently running?
Is the target machine actively looping the shutdown sequence right now?
Leave a Reply