lsass.exe Help!! - U2 Feedback

Go Back   U2 Feedback > Lypton Village > Lemonade Stand > Lemonade Stand Archive
Click Here to Login
 
 
Thread Tools Search this Thread Display Modes
 
Old 05-01-2004, 04:08 PM   #1
ONE
love, blood, life
 
dsmith2904's Avatar
 
Join Date: Apr 2002
Location: Just keep me where the light is
Posts: 12,290
Local Time: 08:20 AM
lsass.exe Help!!

Okay, since my tech guru is out of town, I'm appealing to anyone and everyone I can for help. Today when I turned on my computer a little shut down box popped up and part of the message said "system32/lsass.exe." When the computer restarted everything moved so slowly, it took like five minutes for Explorer to open. I've been on to the Symantec and Microsoft sites and did Yahoo! and Google searches to figure out what this thing is and still have no idea. We got the worm a couple of months ago so I am completely afraid to shut down my computer.

I did a Norton full system scan this morning and everything came out fine. Our system runs on Windows XP.

Thanks!!!
__________________

__________________
dsmith2904 is offline  
Old 05-01-2004, 04:48 PM   #2
Rock n' Roll Doggie
 
Cleasai's Avatar
 
Join Date: Apr 2001
Location: 32° N 117° W
Posts: 3,773
Local Time: 09:20 AM
Hey there... I would just paste down what I found out, but it's a long response, so I'll just direct you to this link http://www.computing.net/security/ww...rum/11294.html and ask that you read RESPONSE NUMBER 1. That should give you some insite on what to do.

PS... it does sound like a trojan
__________________

__________________
Cleasai is offline  
Old 05-01-2004, 04:50 PM   #3
ONE
love, blood, life
 
dsmith2904's Avatar
 
Join Date: Apr 2002
Location: Just keep me where the light is
Posts: 12,290
Local Time: 08:20 AM
That won' t cause any problems with the Norton Anti-Virus I already have?
__________________
dsmith2904 is offline  
Old 05-01-2004, 04:53 PM   #4
Rock n' Roll Doggie
 
Cleasai's Avatar
 
Join Date: Apr 2001
Location: 32° N 117° W
Posts: 3,773
Local Time: 09:20 AM
Actually you know what? I just reread that article and it doesnt really have any solutions except for being able to identify the file. If you havent done it yet, hold off on it
__________________
Cleasai is offline  
Old 05-01-2004, 04:54 PM   #5
ONE
love, blood, life
 
dsmith2904's Avatar
 
Join Date: Apr 2002
Location: Just keep me where the light is
Posts: 12,290
Local Time: 08:20 AM
Also, I read a post further down that says this may be Sasser, which Symantec does have a patch for. Should I try that?
__________________
dsmith2904 is offline  
Old 05-01-2004, 04:56 PM   #6
ONE
love, blood, life
 
dsmith2904's Avatar
 
Join Date: Apr 2002
Location: Just keep me where the light is
Posts: 12,290
Local Time: 08:20 AM
Quote:
Originally posted by Cleasai
Actually you know what? I just reread that article and it doesnt really have any solutions except for being able to identify the file. If you havent done it yet, hold off on it
I didn't do it yet because I noticed that same thing.

PS Thanks for your help.
__________________
dsmith2904 is offline  
Old 05-01-2004, 05:31 PM   #7
Rock n' Roll Doggie
 
Cleasai's Avatar
 
Join Date: Apr 2001
Location: 32° N 117° W
Posts: 3,773
Local Time: 09:20 AM
Eh sorry, I'm not finding anyting. Guess you're gonna have to wait til Melon or Elvis comes around.
__________________
Cleasai is offline  
Old 05-01-2004, 09:30 PM   #8
Paper Gods
Forum Administrator
 
KhanadaRhodes's Avatar
 
Join Date: Jun 2001
Location: a vampire in the limousine
Posts: 60,609
Local Time: 10:20 AM
ooh, i know all about this. a lot of peeps @ somethingawful got this on their comp too. (someone there linked to a site with freeware that had lsass on it; it looked up their login info and sent it to the creators so they could steal accounts.)

usually most of the forums are private, but i can see if they're public right now. if not, i'll copy and paste the info people posted there to get rid of it.
__________________
KhanadaRhodes is offline  
Old 05-01-2004, 09:33 PM   #9
Paper Gods
Forum Administrator
 
KhanadaRhodes's Avatar
 
Join Date: Jun 2001
Location: a vampire in the limousine
Posts: 60,609
Local Time: 10:20 AM
hah, here you go. first post there linked to microsoft's website. let me know if this helps: http://www.microsoft.com/security/incident/sasser.asp
__________________
KhanadaRhodes is offline  
Old 05-02-2004, 11:54 PM   #10
ONE
love, blood, life
 
dsmith2904's Avatar
 
Join Date: Apr 2002
Location: Just keep me where the light is
Posts: 12,290
Local Time: 08:20 AM
I ended up taking the computer to Best Buy and they removed the virus without having to completely restore everything (thank goodness!!!). Why does all this computer stuff have to be so difficult and horrible? I wish bad things on people who create viruses.
__________________
dsmith2904 is offline  
Old 05-03-2004, 06:28 PM   #11
Paper Gods
Forum Administrator
 
KhanadaRhodes's Avatar
 
Join Date: Jun 2001
Location: a vampire in the limousine
Posts: 60,609
Local Time: 10:20 AM
i've now got it on my work comp. i have no idea how i got it, as i can't even go to websites at work. apparently it's coming through tcp/ip.
__________________
KhanadaRhodes is offline  
Old 05-04-2004, 12:36 PM   #12
ONE
love, blood, life
 
melon's Avatar
 
Join Date: Oct 2000
Location: Toronto, Ontario
Posts: 11,781
Local Time: 11:20 AM
If you all had been diligent in downloading all your patches from "Windows Update," none of this would have happened. The patch for the exploit that this virus takes advantage of has been around for eight weeks.

Also, if you run your internet through an internet router, they have a built-in firewall that deflects all these attacks. Something to look into, even if you aren't sharing your connection to need a router.

Melon
__________________
melon is offline  
Old 05-04-2004, 06:05 PM   #13
Blue Crack Addict
 
Liesje's Avatar
 
Join Date: Mar 2002
Location: In the dog house
Posts: 19,557
Local Time: 11:20 AM
Quote:
Originally posted by dsmith2904
Why does all this computer stuff have to be so difficult and horrible?
Start > Windows Update is all it takes.

__________________

__________________
Liesje is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -5. The time now is 11:20 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Design, images and all things inclusive copyright © Interference.com