|
Help lsass.exe Have you managed to removed this from a machine
Hi having some issues with our kids machine, when you log onto the interenet bang on two mins thew machine starts to shut shut down staing lsass.exe as the error.
I have searched the web but keep finding lots of people who have not solved the problem, we are at our wits end - we formated the the HD and rebuilt the machine, as soon as we hit the web the same issue occured! any pointers would be well recevied :-) |
Process File: lsass or lsass.exe
Process Name: Local Security Authority Service Description: lsass.exe is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies. Note: lsass.exe also relates to the W32/Windang.worm which spread via floppy disk drives. Please review file path for clarification of this. |
btw, public ip? firewall up and running?
|
i had this fucking problem, formatted C: and reinstalled everything.... it STILL was fucked up...
I never got to the root of the problem other than to think it was some kind of a nast virus =-/ take it to a local computer shop i'd suggest. |
what version of windows?
|
do your windows updates if you can, I can't remember what virus that is but I think it was one of them not too long ago.
|
Quote:
1. www.free-av.com - free antivirus 2. www.agnitum.com - free firewall 3. http://www.lavasoftusa.com/software/adaware/ - ad-remover 4. http://www.safer-networking.org/en/index.html - search and destroy 5. ... after all these prevention - format c: and get linux :) |
DOS won't eradicate the file because it's a Windows virus/worm. But Linux will since you mentioned you don't have a problem with formatting the drive.
Burn a simple copy of Linux with one of your other computers and use the Linux CD to FDisk and format with the Linux ext2fs. Then you should be able to install Windows with no problems. |
Maybe it has to do with the isp or your router/switch ?
|
|
Quote:
|
Its a trojan... why is everyone jumping to the FORMAT solution?
This takes all of 2 minutes to fix... www.google.com type in the file name, then 'shutdown' or some shit like that, look for the patch that fixes it. |
Quote:
i have lavasoft and also spybot... i also use norton internet security/firewall... none of these helped me prevent/fix the lsass.exe problem i had... |
It's prolly the sasser worm do a net stat and look for traffic coming in off port 445, 5554 and 9996...if you can get the latest windows update it should fix the problem long enuff for you to remove the virus
|
(With system Restore turned OFF) I reboot the machine. and it will stop the shut down from happening so you can clean the pc
|
If youre getting an error and it says "system will shutdown in balh 25 seconds, blah"
this is what i do when i fix pc's with that shit so i have time to work on it.. go to Start > Run > type in "shutdown -a" |
First are you using a bootleg copy of windows? Virus Might be included with your windows installation :Graucho
Before you go about formating and installing you should patch your windows... |
Quote:
Isasse - solution Im due to try this tonight, Its a pucker copy of windows home addition - whats really anoying the machine was clean we connected to the web an within 1 second this error came up - Im going to contact the ISP also - thanks for the input, if the above solution solves the problem I will let you know. |
Quote:
when you formated the pc and rebuilt it, did you do the windows update thingy ? after i did that the problem went away i still have lsass.exe i the process register though but i have no more troubles |
yeh sounds like sasser
my two solutions.. Get a huge electro magnet and destroy every spec of data on your HD before a reformat OR Buy a new HD.. :glugglug |
Quote:
is windows security file that is required and if you delete it the OS wont work. We tried to do the updates but it wont stay connected long enough though hopefull the above comment on how to stopthe shut down should give me the time to fix the issue - only time will tell. |
Quote:
2. use the shortcut to windows update above the run button |
Quote:
|
Sounds like the blaster worm. You can DL the removal tool from Nortons site.
|
lsass - lsass.exe - Process Information
Process File: lsass or lsass.exe Process Name: Local Security Authority Service Description: lsass.exe is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies. Note: lsass.exe also relates to the W32/Windang.worm which spread via floppy disk drives. Please review file path for clarification of this. Author: Microsoft Corp. Part Of: Microsoft Windows Operating System System Process: Yes Background Process: Yes Uses Network: No Hardware Related: No Common Errors: N/A Security Risk (0-5): 0 Virus: No Spyware: No If you go to http://www.liutilities.com/products/...rocesslibrary/ it gives you a good idea of what's supposed to be running and what is not. |
No need to format with this trojan.
When it starts to count down, click start/run/type system -an and hit enter. This will stop the count down then goto microsoft.com search for sasser removal tool. Download it, restart pc in safe mode "F8" during startup then run the tool in safe mode resatart pc again Get a FREE antivirus proggy such as AVG (www.grisoft.com) update it and run it restart and do it again. |
Quote:
the shortcut is already there after the install go to run - then at top the the first menu , right above the run button is windows update |
Quote:
http://securityresponse.symantec.com...imos.worm.html W32.Nimos.Worm is a network-aware worm that captures keystrokes and passwords, and then sends them to the attacker. This worm is written in Microsoft Visual Basic and is packed with PEBundle and ExeStealth. |
| All times are GMT -7. The time now is 01:21 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123