lsass2 virus/spyware ???

is there a fast solution (tool available) for removing the mentioned virus/spyware I'm not personally "infected"...I'm asking for someone in Europe that needs help.... thanks...for any replies....with any info.....

 

Hi, the process lsass2.exe is added by the Agobot/Gaobot worm, unfortunately there are over 1000 variants of this worm, some examples exploited holes in windows so make sure that they have all the updates.

I don’t think there is a stand alone removal tool.

This is what I recommend;

(Take care while editing the windows registry, it is recommended to back it up before deleting anything.)

1. Boot into safe mode.

2. Run scan with AV, take note of processes started by the worm and their location

3. Open task manager; kill the processes identified in step 2,
Close task manager, re-open it, and make sure they have stopped.

4. You may need to delete the auto start entries from the registry;

A. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run

In the right panel, locate and delete the entry or entries whose data value (in the rightmost column) is the Malware file(s) detected earlier.


A. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices

In the right panel, locate and delete the entry or entries whose data value (the rightmost column) is the Malware file(s) detected earlier.


5. Restart in normal mode, scan again. If the problem is still there you may need to edit the host file to remove entries placed by the worm.


I know this isn't a quick fix, and caution needs to be taken while editing the registry, but this has worked for me before. The main problem is that there are so many variants of this worm, thay all have different reg entries, files etc.

Good luck.

 

thanks so much for your replies....i'll pass the info along... many thanks, again!!!