lsass.exe

Discussion in 'malware problems & news' started by txblush, Oct 13, 2004.

Thread Status:
Not open for further replies.
  1. txblush

    txblush Registered Member

    Joined:
    Oct 12, 2004
    Posts:
    5
    Location:
    Texas
    I am trying to get my new computer set up (it was custom built) and other than the trojans and viruses I have been inundated with (and maybe now have under control); my system seems to work fine until I try to access the internet. I was using IE, but was able to download Firefox. However, within minutes after plugging my CATV into the computer and attempting to do ANYTHING, specifically, access the internet I get a "shut down" message with 30 sec to shut down and reboot to the effect: NT Authority/Security, WINNT/System/32/lsass.exe, code 128 and the it will reboot. It behaves almost like the sasser virus, but, if I shut it down and reboot cold, it is fine until I attempt to access the internet again. Verizon DSL says this is two viruses...one of which they said was sasser. Well, I've experienced the REAL sasser back in May and this is not behaving in that exact same manner. Besides, I've run the original sasser cleaner and my drive is clean.

    Two other pieces of information: The DSL modem is a Westell, which was working perfectly fine on my old computer; plus I had a Linksys router installed. I've been unable to load drivers for either piece of hardware via the supplied CD; however, I was able to download the drivers via the net (before getting that NT Authority/Security shut-down message). So now the modem is active but Linksys still does not recognize the internet connection.

    I don't know if any of this is related; but would feel much better if I could get my Linksys up and running again.

    Help...please...my long blonde hair is falling out with the help of me pulling it out and I won't look good as a bald blonde.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi txblush, I moved your post to this forum rather than the dedicated TDS3 forum, you will probably get a better response here :)

    Best of luck. Pilli
     
  3. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi, there are a few things u can do, go 2 control panel-performance and maintenance-administrative tools-event viewer. Look though the 3 headings to see if there are any errors.

    Disable system restore,
    Run an up to date AV. [the original sasser tools can struggle on the new variants.]

    See how u go with those.

    An unpatched Win XP will get infected almost immediately, even while u down load the updates, so always have your AV and Firewall installed first.
     
  4. txblush

    txblush Registered Member

    Joined:
    Oct 12, 2004
    Posts:
    5
    Location:
    Texas
    Sweetie,

    Thank you for your response. I am running Win2000 so I don't have to disable the restore feature. And the problem I'm having is that I can't even get to the internet to download the fix.

    Would this work?

    I have a cold-swap set-up. My second drive is my old drive (that I ran scans on regularly and kept things updated). Could I boot with the old drive, download the new tools and then copy those tools to my infected drive? Haven't tried this, but wonder if those tools would work like that.

    Paula
     
  5. txblush

    txblush Registered Member

    Joined:
    Oct 12, 2004
    Posts:
    5
    Location:
    Texas
    One more thing...it seems this "System Shut-down NT Authority/Security" issue is a Blaster worm. Can't figure out why TDS or my AV didn't pick it up...both are updated within the past few days.
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi txblush, Try running TDS3 in safe mode, do a scan witth all options selected, anything found can then usually be deleted.

    HTH Pilli
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey ,

    Just a couple of side questions while the others attempt to help,

    1)Have you installed "Microsoft Security Bulletin MS04-01".....which should take care of anything @ the moment as far as LSASS goes ?
    2)When you say...."I've run the original sasser cleaner"....are you speaking of Microsofts sasser scan tool ? If so....do you realize it only checks for versions A-F....possibly meaning you have a newer version since sasser has now passed F.
     
  8. Chopsaw

    Chopsaw Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    10
    Location:
    New Glasgow, Nova Scotia
    if you want to work on it with out getting shut down just click start and choose run

    type "shutdown -a" ... that will turn off the automatic restart on the system failure.
     
Thread Status:
Not open for further replies.