Help lsass.exe Have you managed to removed this from a machine

[ListYourPorn]

Hi having some issues with our kids machine, when you log onto the interenet bang on two mins thew machine starts to shut shut down staing lsass.exe as the error.

I have searched the web but keep finding lots of people who have not solved the problem, we are at our wits end - we formated the the HD and rebuilt the machine, as soon as we hit the web the same issue occured!

any pointers would be well recevied :-)

[cezam]

Process File: lsass or lsass.exe
Process Name: Local Security Authority Service

Description:
lsass.exe is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies. Note: lsass.exe also relates to the W32/Windang.worm which spread via floppy disk drives. Please review file path for clarification of this.

[cezam]

btw, public ip? firewall up and running?

[kmanrox]

i had this fucking problem, formatted C: and reinstalled everything.... it STILL was fucked up...

I never got to the root of the problem other than to think it was some kind of a nast virus =-/

take it to a local computer shop i'd suggest.

[irishfury]

what version of windows?

[Sosa]

do your windows updates if you can, I can't remember what virus that is but I think it was one of them not too long ago.

[frish]

Quote:

Originally posted by kmanrox
i had this fucking problem, formatted C: and reinstalled everything.... it STILL was fucked up...

I never got to the root of the problem other than to think it was some kind of a nast virus =-/

take it to a local computer shop i'd suggest.

there are many tools surviving windows...

1. www.free-av.com - free antivirus
2. www.agnitum.com - free firewall
3. http://www.lavasoftusa.com/software/adaware/ - ad-remover
4. http://www.safer-networking.org/en/index.html - search and destroy
5. ...

after all these prevention - format c: and get linux

[tootie]

DOS won't eradicate the file because it's a Windows virus/worm. But Linux will since you mentioned you don't have a problem with formatting the drive.

Burn a simple copy of Linux with one of your other computers and use the Linux CD to FDisk and format with the Linux ext2fs.

Then you should be able to install Windows with no problems.

[Nicky]

Maybe it has to do with the isp or your router/switch ?

[Project-Shadow]

Sasser....

http://www.microsoft.com/downloads/d...displaylang=en

[Sosa]

Quote:

Originally posted by Project-Shadow
Sasser....

http://www.microsoft.com/downloads/d...displaylang=en

there ya go

[Magg]

Its a trojan... why is everyone jumping to the FORMAT solution?

This takes all of 2 minutes to fix...

www.google.com


type in the file name, then 'shutdown' or some shit like that, look for the patch that fixes it.

[kmanrox]

Quote:

Originally posted by frish
there are many tools surviving windows...

1. www.free-av.com - free antivirus
2. www.agnitum.com - free firewall
3. http://www.lavasoftusa.com/software/adaware/ - ad-remover
4. http://www.safer-networking.org/en/index.html - search and destroy
5. ...

after all these prevention - format c: and get linux

i use AVG paid antivirus... at the time i was using norton system works 2003....

i have lavasoft and also spybot... i also use norton internet security/firewall... none of these helped me prevent/fix the lsass.exe problem i had...

[irishfury]

It's prolly the sasser worm do a net stat and look for traffic coming in off port 445, 5554 and 9996...if you can get the latest windows update it should fix the problem long enuff for you to remove the virus

[irishfury]

(With system Restore turned OFF) I reboot the machine. and it will stop the shut down from happening so you can clean the pc

[Magg]

If youre getting an error and it says "system will shutdown in balh 25 seconds, blah"


this is what i do when i fix pc's with that shit so i have time to work on it..


go to


Start > Run > type in "shutdown -a"

[zzgundamnzz]

First are you using a bootleg copy of windows? Virus Might be included with your windows installation

Before you go about formating and installing you should patch your windows...

[ListYourPorn]

Quote:

Originally posted by Magg
If youre getting an error and it says "system will shutdown in balh 25 seconds, blah"


this is what i do when i fix pc's with that shit so i have time to work on it..


go to


Start > Run > type in "shutdown -a"

This is the solution to the issue according to other sources, I was passed this by another board member -

Isasse - solution

Im due to try this tonight, Its a pucker copy of windows home addition - whats really anoying the machine was clean we connected to the web an within 1 second this error came up -

Im going to contact the ISP also - thanks for the input, if the above solution solves the problem I will let you know.

[GoLiaT]

Quote:

Originally posted by ListYourPorn
Hi having some issues with our kids machine, when you log onto the interenet bang on two mins thew machine starts to shut shut down staing lsass.exe as the error.

I have searched the web but keep finding lots of people who have not solved the problem, we are at our wits end - we formated the the HD and rebuilt the machine, as soon as we hit the web the same issue occured!

any pointers would be well recevied :-)

i had the exact same problem
when you formated the pc and rebuilt it, did you do the windows
update thingy ?
after i did that the problem went away
i still have lsass.exe i the process register though
but i have no more troubles

[SlutFinder]

yeh sounds like sasser

my two solutions..

Get a huge electro magnet and destroy every spec of data on your HD before a reformat

OR

Buy a new HD..

[ListYourPorn]

Quote:

Originally posted by GoLiaT
i had the exact same problem
when you formated the pc and rebuilt it, did you do the windows
update thingy ?
after i did that the problem went away
i still have lsass.exe i the process register though
but i have no more troubles

from whatI have read the lsass.exe l - being a 'L'
is windows security file that is required and if you delete it the OS wont work.

We tried to do the updates but it wont stay connected long enough though hopefull the above comment on how to stopthe shut down should give me the time to fix the issue - only time will tell.

[GoLiaT]

Quote:

Originally posted by ListYourPorn
from whatI have read the lsass.exe l - being a 'L'
is windows security file that is required and if you delete it the OS wont work.

We tried to do the updates but it wont stay connected long enough though hopefull the above comment on how to stopthe shut down should give me the time to fix the issue - only time will tell.

1. get a connection to the net , without opening a browser
2. use the shortcut to windows update above the run button

[ListYourPorn]

Quote:

Originally posted by GoLiaT
1. get a connection to the net , without opening a browser
2. use the shortcut to windows update above the run button

thats another point for some reason on windows xp home addtion - it wont allow me to right click and create short cuts from the programme menu.

[Brad Gosse]

Sounds like the blaster worm. You can DL the removal tool from Nortons site.

[Bama]

lsass - lsass.exe - Process Information
Process File: lsass or lsass.exe
Process Name: Local Security Authority Service

Description:
lsass.exe is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies. Note: lsass.exe also relates to the W32/Windang.worm which spread via floppy disk drives. Please review file path for clarification of this.


Author: Microsoft Corp.
Part Of: Microsoft Windows Operating System

System Process: Yes
Background Process: Yes
Uses Network: No
Hardware Related: No
Common Errors: N/A

Security Risk (0-5): 0
Virus: No
Spyware: No

If you go to http://www.liutilities.com/products/...rocesslibrary/
it gives you a good idea of what's supposed to be running and what is not.

[HammerTime33]

No need to format with this trojan.

When it starts to count down,
click start/run/type system -an and hit enter.
This will stop the count down then goto microsoft.com
search for sasser removal tool.
Download it, restart pc in safe mode "F8" during startup
then run the tool in safe mode
resatart pc again
Get a FREE antivirus proggy such as AVG (www.grisoft.com) update it and run it restart and do it again.

[GoLiaT]

Quote:

Originally posted by ListYourPorn
thats another point for some reason on windows xp home addtion - it wont allow me to right click and create short cuts from the programme menu.

you dont make the shortcut
the shortcut is already there after the install
go to run - then at top the the first menu , right above the run button is windows update

[jimmyf]

Quote:

Originally posted by Magg
Its a trojan... why is everyone jumping to the FORMAT solution?

This takes all of 2 minutes to fix...

www.google.com


type in the file name, then 'shutdown' or some shit like that, look for the patch that fixes it.

yep that's what i did
http://securityresponse.symantec.com...imos.worm.html
W32.Nimos.Worm is a network-aware worm that captures keystrokes and passwords, and then sends them to the attacker.

This worm is written in Microsoft Visual Basic and is packed with PEBundle and ExeStealth.