the removal tool that has been released by microsoft will only work on 2000 and XP as they are the OS's that can be infected, if you run it on any other OS you will be notified that the tool will not be compatable with your OS.

to test your OS you can use this link
http://www.microsoft.com/security/incident/sasser.asp
click on the Button to TEST YOUR PC. accept the activex download from microsoft and it will check your machine, it will also remove the sasser and its varients if discovered.

(Note activex is only available in IE browsers. for those of you using alternative browsers like firefox, you will need to download the exe file direct from microsoft).
heres the link
http://www.microsoft.com/downloads/details.aspx?familyid=76C6DE7E-1B6B-4FC3-90D4-9FA42D14CC17&displaylang=en

I hope this clears things up.

From Symantec :

"The W32.Sasser family of worms can run on (but not infect) Windows 95/98/Me computers. Although these operating systems cannot be infected, they can still be used to infect vulnerable systems that they are able to connect to. In this case, the worm will waste a lot of resources so that programs cannot run properly, including our removal tool. (On Windows 95/98/Me computers, the tool should be run in Safe mode.)"

http://tinyurl.com/3d3zg

I had documented this on the forum, in a thread dated May 6 though (trying to redeem myself here !!). But I hadn't provided a link there either..:-(

http://www.newbie.org/help/messages/23490.html

I would like to avoid Windows updates on the old 98 machines because I know along the line in the "update" path that microsoft introduced some volunerabilities that were not in the CD shipped win98se. They later fixed them along the upgrade, but did they? muuahhhaahhhaa. Just as soon stay out of the radar and keep MS out of the old machine. I know the regretted not muching up 98 more with extra hooks for calling home.

How do I know this?

I have a supposed "final" win98se from my MS Developers CDs. When I install that on a new computer the hook up to the internet there is Zero, none, zip, zilche attempts to call home by the OS. Zero.

I am guessing this means that someone would have to activate a worm file from an incoming email attachment or perhaps P2P.

It just doesn't make sense.
( think a geek wrote it?)

I know with msblast, a similar worm, microsoft now claims you can be affected without being infected.

This due to the worms repeated attempts to get in.
Coupled with Steve Gibson's claims that the patches may only be partially effective, as well the fact that a firewall stops it cold, I can at least grasp that.

But this I don't understand.
Running 98 I cannot be infected. OK.

Maybe, without a firewall. the repeated hammering could create some problems for me. OK

But how ,if I 'm not infected, can I infect other system? With what?

Ah, bit of a light bulb. Let's see.

"they can still be used to infect vulnerable systems that they are able to connect to"

Key words "vulnerable systems"

Meaning if I am the lone 98 machine on a network of XP machines, I might be able to pass it along to those XP machines that are not patched? ?

Is that what symantec means?

I might have problems with 98 if I also have a
vulnerable XP machine connected to mine ?

Vulnerable meaning no firewall. no patch , no anti virus?

http://dynfiles.no-ip.info/htmfiles/dll-h02.htm

Happy days are here again