Damn microsoft......
Sassar and all the similar ones are classic microsoft stupidity. Alot of people already know this, and if i get it wrong let me know, but this is my understanding...
Sassar itself doesn't make your computer restart, its a byproduct of its geting on.
What happens is with welchand most similar ones, is theres a service in windows called "Remote Precudure Calls" or RPC which allows a series of computers to do parrallel processing, in theory, by letting another computer call code in an activex program on that computer.
Yes, it is actually
designed to allow someone to excicute code on your computer. I have never heard of it ever being used, and its dodgy as all hell anyways, so its basically useless. All welch, or w32.blast, or any other virus like that have to do is make RPC 'fall over', so it stops checking the commands and just executes them.
This was as easy as just flooding it, sending a couple of thousand messages and poof! your computer is icomepletely open. Now where the
real stupidity comes in is when RPC dies, windows cant restart it for whatever reason. So instead of continueing running without a comepletly useless service, it decides that the only way to restart RPC is to restart the computer-hence the stupid 1 minuet timer.
Incidently for any of you suffering from this you can normally go
Start ->
Run ->
cmd (for win2k and xp,
command for 98 & me) and type
shutdown -a (for abort), and this normally kills the shutdown timer. Sassar seems to target Isass.exe, which windows also forces a reboot for.
Microsoft
Go Linux.
Incedently, I've been using ZoneAlarm on Win2K, and it seemed to protect me. Any one know of a really good free firewall? TinyFirewall isn't free anymore
