NOD32 Ver 2. Won't update/have passcodes

Leave the registry alone then, just remove the Eset folder and make a typical install as discussed above, and you should be fine, I also use ZoneAlarm.

If as you say your windows is up-to-date then it just sounds like a corrupt install, have only seen a few of these, though deleting the Eset folder has to-date fixed the problem.

All the best...

Cheers

 

Dear Blackspear,

I removed the eset folders as instructed. I reinstalled (typical). Everything went fine. On restart I got the first message previously posted about a reference error.

Then I signed on w/DSL

The message that seems to be the problem is for lsass.exe which is:

lsass - lsass.exe - Process Information
Process File: lsass or lsass.exe
Process Name: Local Security Authority Service
Description: Windows Local Security Authority Server Process handles Windows security mechanisms. It verifies the validity of user logons to your computer or server. Technically, the software generates the process that is responsible for authenticating users for the Winlogon service.

After this message the Sys SHUTDOWN again in 60 seconds.

In that 60 seconds I uninstalled NOD again and was able then to get back on dsl and write this post.

In the typical install, I chose use same settings as IE uses to sign on to internet, though I have chosen, no proxy, and I don't know if have proxy previously all with the same errors.

(By the way, I d/l Avast to have some virus protection available while working on NOD - though Avast was not onboard during my first few tries loading NOD so I don't think it's a problem.)

I do stop all processes that I can from running on install, ie spyguard, avast, zone alarm, etc.

Thanks for your continued help.

 

Taperino, please try turning off IMON as I advised on the previous page. If the problem goes away, drop an email to support@nod32.com and also enclose the information on installed NOD32 from your NOD32 Control Center.

 

Hi Marcos,

I did disable IMON but am having the same problem on starting dsl. Interesting DSL looks for pppoe or something - not usually what I see (I believe.)

But on starting dsl the dsl hangs at authenticating, and I have to hit restart. System offers to LOG OFF, which I've never used.

I also tried the repair function, but again on starting DSL I get the hang on authenticating, and all the other messages I was getting previously. Reference, LSAS, and Sys shutdown.

I also made sure all eset folders were gone before install.
I also removed AVAST as instructed by NOD

So, I have uninstalled NOD to get back on and post this.

I know this is a troublesome problem and I appreciate all the help you all have given me.

Thanks, Taperino

 

From what you have said, you seem to have Sasser Worm on your system.

The following is taken from the link: http://ask-leo.com/archives/000114.html

You should be able to abort the shutdown within those first 60 seconds by doing the following:

Press the Start button, and then the Run menu item.

Type in shutdown -a

That's the "shutdown" command, with the "-a" option, which stands for "abort the pending shutdown".

Press OK.

This doesn't fix anything, it just lets you get on with the business of disinfecting your computer.

Then, take the following steps:

Use a firewall. This can be as simple as turning on the Internet Connection Firewall included in Windows XP, to purchasing and installing hardware device such as a NAT router. Either of these solutions will likely protect you from Sasser and many other types of non-email-based threats.

Install the patch. This patch for your operating system can be found at:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Remove the virus. There are several Sasser removal tools floating around, Microsoft's What You Should Know About the Sasser Worm and Its Variants has one: http://www.microsoft.com/security/incident/sasser.mspx

and Paolo Monti from Nod32 Italy also has one, available from here:

http://www.nod32.ch/download/tools.stm

Hope this helps...

Cheers

 

Hi again,

I don't think I have the worm. First I checked the critical update which I already had, but I d/l and ran it again anyway.

Then I ran trendmicro's Housecall. Clean

Then I went to Microsoft Link you provided to clean that worm, and it says my system is not infected.

I do have Zone Alarm always running.

I did send a problem report to NOD32. Of course it is currently uninstalled.

The only time I get the LSAS notification and shut down is when NOD32 is installed.

Any more suggestions appreciated.

Taperino

 

I do have 1 client with the exact same symptoms as you AFTER a fresh install of Windows and having Windows fully up-to-date (only about 10 days ago). I am waiting for them to bring in their PC today or Monday so we can slave the drive off a clean PC and run a scan this way. He is running a VPN from that computer, this seems to be the only difference that we can see, and the problem appeared only after the VPN was set up.

Other than yours I have never come across this at all. It will be interesting to see what the problem is and ultimately what the solution is.

Sorry I couldn't be of further help, I'll let you know our outcome...

Cheers

 

Hi Blackspear,

Boy I sure hope it's some problem we have in common. I think I must've corrupted a connections type file since NOD did run before and LSAS is about communications.

Look forward to hearing what happens.

Hi Ronjor, No I didn't try that. I need to try that tomorrow. I'll let you know.
Thanks so much, Taperino

 

Just of out curiosity, did you turn off IMON by clicking the Quit button and not only by untickikng the IMON's check-box?

 

Partially Solved/Can connect/Imon is off

Hi All,

WOW! I think what allowed me to get online was doing the Advanced Install. Now, the only place in advanced that I noticed for IMON was where it asked if I wanted it to do email. (I'm sorry, I am not sure on this.)

Basically the install started, I chose advanced and didn't go into any special setups, just ticked off resident protection, and unticked where the IMON screen came up. Did I do that right?

There is one other thing I did differently with this install. Previously I kept using my same download (the correct one), and when there were failures, I deleted the folders and tried again using the same file in my download files. This time I re-downloaded the file.

So... that was also a different thing that I also did.

Ah!!! At first it wouldn't update. The first try was unsucessful. The 2nd try worked fine!!!!!

So, Nod32 is up and running.

You think I should attempt a shot at hitting START for IMON?

Marcos, I believe I unticked it only.

Thanks you all.

 

Hmm Imon on/but after restart/no connect to dsl

Hi,

Ok, Here's what I tried.

I turned IMON on while I was online w/dsl. (There's only one place to turn on, and it puts a tick in on.)

Then I disconnected from DSL and reconnected. That went fine too. No problems.

Then, to test, I restarted the computer. This time I could not connect to DSL, and at this point, I did not get all the other weird messages that I got before.

I shut down IMON.

In this state, the computer doesn't respond (because DSL is hung up on authenticating), so I hit the restart and with IMON off, I can once again connect.

So, we are further, because now not getting the LSAS message, nor shutdown message, and I don't have to uninstall NOD32 to get online.

I am happy about those things for sure.

Now, it's just the IMON.

Thanks, ganaan

 

Thanks Ronjor,

Do you think it's okay to run IMON once I am online, and then just turn it off when I go offline?

Thanks, taperino

 

Imon runs fine as you thought, I just have to close it before I shutdown.

I guess it's a wait and see on what NOD32 says.

Very happy! Thanks again everyone.

 

Taperino, if you still experience some problems related to IMON please contact support@nod32.com for its latest version.

 

Thanks Marcos,

I had sent them a report a few days ago. I wonder if I should send an updated problem, since now I dont' have to uninstall it each time. The main problem I presented at that time was that DSL can't connect w/NOD32 installed.

Perhaps I should send them what it's doing now. I just thought that since the problem is basically the same I would leave the report as it is. What do you think?

Taperino

 

Yes, send the report again with any appropriate notes...

Cheers

 

Done,

Thanks...