lsass.exe

I am trying to get my new computer set up (it was custom built) and other than the trojans and viruses I have been inundated with (and maybe now have under control); my system seems to work fine until I try to access the internet. I was using IE, but was able to download Firefox. However, within minutes after plugging my CATV into the computer and attempting to do ANYTHING, specifically, access the internet I get a "shut down" message with 30 sec to shut down and reboot to the effect: NT Authority/Security, WINNT/System/32/lsass.exe, code 128 and the it will reboot. It behaves almost like the sasser virus, but, if I shut it down and reboot cold, it is fine until I attempt to access the internet again. Verizon DSL says this is two viruses...one of which they said was sasser. Well, I've experienced the REAL sasser back in May and this is not behaving in that exact same manner. Besides, I've run the original sasser cleaner and my drive is clean.

Two other pieces of information: The DSL modem is a Westell, which was working perfectly fine on my old computer; plus I had a Linksys router installed. I've been unable to load drivers for either piece of hardware via the supplied CD; however, I was able to download the drivers via the net (before getting that NT Authority/Security shut-down message). So now the modem is active but Linksys still does not recognize the internet connection.

I don't know if any of this is related; but would feel much better if I could get my Linksys up and running again.

Help...please...my long blonde hair is falling out with the help of me pulling it out and I won't look good as a bald blonde.

 

Hi txblush, I moved your post to this forum rather than the dedicated TDS3 forum, you will probably get a better response here

Best of luck. Pilli

 

Hi, there are a few things u can do, go 2 control panel-performance and maintenance-administrative tools-event viewer. Look though the 3 headings to see if there are any errors.

Disable system restore,
Run an up to date AV. [the original sasser tools can struggle on the new variants.]

See how u go with those.

An unpatched Win XP will get infected almost immediately, even while u down load the updates, so always have your AV and Firewall installed first.

 

Sweetie,

Thank you for your response. I am running Win2000 so I don't have to disable the restore feature. And the problem I'm having is that I can't even get to the internet to download the fix.

Would this work?

I have a cold-swap set-up. My second drive is my old drive (that I ran scans on regularly and kept things updated). Could I boot with the old drive, download the new tools and then copy those tools to my infected drive? Haven't tried this, but wonder if those tools would work like that.

Paula

 

One more thing...it seems this "System Shut-down NT Authority/Security" issue is a Blaster worm. Can't figure out why TDS or my AV didn't pick it up...both are updated within the past few days.

 

Hi txblush, Try running TDS3 in safe mode, do a scan witth all options selected, anything found can then usually be deleted.

HTH Pilli

 

Hey ,

Just a couple of side questions while the others attempt to help,

1)Have you installed "Microsoft Security Bulletin MS04-01".....which should take care of anything @ the moment as far as LSASS goes ?
2)When you say...."I've run the original sasser cleaner"....are you speaking of Microsofts sasser scan tool ? If so....do you realize it only checks for versions A-F....possibly meaning you have a newer version since sasser has now passed F.

 

if you want to work on it with out getting shut down just click start and choose run

type "shutdown -a" ... that will turn off the automatic restart on the system failure.