Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

worm found on ccm

Our publisher got worm. It keep sending huge traffic out with the tcp port 445. It's CCM 3.33sr4a with 2000-2-6. Based on the symptom it looks like sasser. it requires ms04-011, but 2000-2-6 contains that already. CCM is still working fine now. We'll patch it with the latest patch and CSA. Weird is the sub is not affected.

Besides upgrade patch, what else can we do to kill the worm?

5 REPLIES
Bronze

Re: worm found on ccm

go to trendmicro.com. they have free online scan and it is very good.

Re: worm found on ccm

Also, at symantec.com you have sasser removal tool (a small exe) you download from the website and run it locally and it will scan the harddrive for affected files and remove it.

Re: worm found on ccm

You could also use the stinger tool. I would highly recommend upgrading the OS to the latest version and then performing a scan.

http://vil.nai.com/vil/stinger/

New Member

Re: worm found on ccm

Are you sure it is a worm?

Do you have NetBios over TCP disabled?

If the client has NBT disabled, it will always try to connect to the server at port 445 only. If the server answers on port 445, the session will be established and continue on that port. If it doesn't answer, the session will fail completely.

-Rob

New Member

Re: worm found on ccm

Please go ahead and put 2000.2.7 SR7. That should take care of all future issues too.

103
Views
0
Helpful
5
Replies
CreatePlease login to create content