Intrusion.Win.LSASS.exploit etc.

Discussion in 'malware problems & news' started by onbail, Mar 2, 2006.

Thread Status:
Not open for further replies.
  1. onbail

    onbail Registered Member

    Joined:
    Mar 2, 2006
    Posts:
    1
    Ok heres the go i recently Re-installed Windows XP and installed Kasperky along with it so i set up my net and restart my pc and hello look what we have here the sasser virus so i did the usual steps of removing the sasser virus and installed the ms security update.

    Restarted my pc all good so i update my Kasperky to the latest updates everything is going smoothly until my system is running unbareably slow, so i check the proccess tab and to my horror find svchost SYSTEM is using 99% of my resources and tried to the end process knowing that if i shut it down the RCP Shutdown crap would kick in.

    I was sure it was the sasser virus at it again which i thought i had gotten rid of so restarted my pc and did a scan and it didnt pick up anything and the same thing happened again my system slowed down etc.
    So i tried various other Anti Virus programs and various sasser removal tools which found nothing.

    After being really annoyed I did another restart and everything was running fine until Kasperky let me know a Network Attack was detected and was repelled, heres the 3 intrusions it picked up: Intrusion.Win.LSASS.exploit(strange i thought as it sure as hell sounds like the sasser virus), Intrusion.Win.LSASS.ASN1-kill-bill-exploit and Intrusion.Win.DCOM.

    I was wondering if this is a new variant of the sasser virus or a completley different virus and was wondering if there any info on how to remove this as ive searched Intrusion.Win.LSASS.exploit on google and found nothing.
    Any help would be appreciated as this is annyoing the hell out of me
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Well I'm going to take a guess here and say you've got KAV's Network Attack feature enabled, in which case this could be an intrusion attempt from the outside blocked by KAV's mini FW. If that is the case you can ignore the warning, as you would with any similar FW alert. FWs block this kind of probing network traffic constantly, it is nothing to be concerned about.

    I'm assuming that KAV demand scans are finding nothing.

    You can read a little info on the LSASS exploit here:-

    http://news.netcraft.com/archives/2004/05/01/sasser_worm_spreading_through_lsass_exploit.html
     
  3. Bonniee

    Bonniee Registered Member

    Joined:
    Mar 13, 2006
    Posts:
    1
    hello onbail,
    i have the same problem with the same 3 trojans:Intrusion.Win.LSASS.exploit Intrusion.Win.LSASS.ASN1-kill-bill-exploit and Intrusion.Win.DCOM.
    When i connect to the interent after some minutes i got kaspersky alarm about them.
    Is anybody can helpo_O?
    Best regards,
    Bonnie
     
  4. nikerym

    nikerym Registered Member

    Joined:
    Apr 23, 2006
    Posts:
    2
    If you've got SP2 already then I guess you've got nothing to fear from LSASS exploit as it's something used by sasser and Windows XP Sp2 already contains a patch for the :) If you find it annoying then I guess you should
    disable network protection.

    Instructions can be found here http://forum.kaspersky.com/lofiversion/index.php/t10046.html
     
Loading...
Thread Status:
Not open for further replies.