Comments
Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.
m: what happens when you use "shutdown -a" ? Any error messages? Nothing? Looks like it works but nothing happens? I need some details to try and help you :-).
Posted by: Leo at July 25, 2004 11:00 AMMy computer showed those symptoms a few days ago just after I reformatted so I hadn't even installed my antivirus. By the time I needed to use yahoo messenger so I installed it first and the problem showed up when I was connected, now I have reformatted again and even after my norton antivirus was up-to-date, problem showed up again. I was using the same yahoo id, so is there a way I can be 'recognized' by someone even though they're supposed not to see me connected so my computer was reinfected deliberately?
Posted by: Lalo at July 25, 2004 1:51 PMThis virus spreads from computer to computer automatically. So it's possible to get reinfected within minutes of simply connecting to the internet. That's why the article talks about using a firewall. A firewall will protect you from that immediate reinfection. Then you can go about updating and patching your system appropriately.
Posted by: Leo at July 25, 2004 3:04 PMi need its solution how do i download the patch file for this error
Posted by: JAHANGIR KHAN at July 27, 2004 7:39 AMNidhi: yes, you can copy lsass.exe from another instance of the same version of Windows XP. Lavasoft's AdAware is a fine product - I typically recommend it and Spybot Search & Destroy. (http://ask-leo.com/d-recommend )
Posted by: Leo at July 27, 2004 8:38 AMJAHANGIR: the instructions you're looking for are in the article above these commends.
Posted by: Leo at July 27, 2004 8:40 AMI just got a notification from Norton Internet Security telling me that a remote computer (IP 81.178.255.205) was attempting to open 'lsass.exe'. It was recommended by NIS to allow, so I did, not knowing this was possibly related to the virus. Am I infected? Virus Scan says no, but can this be a coincidence?
Posted by: Nate at July 27, 2004 3:06 PMI'd simply make sure to keep your virus scanning database up to date, and scan regularly. It's hard to say whether you've been infected or not, so I'd simply stay extra cautious for a bit.
Posted by: Leo at July 27, 2004 9:39 PMAfter updating Windows XP and then scanning and cleaning a computer with several viruses including the Sasser Worm and Blaster Worm I have lost the Ctrl+Alt+Del task manager function. Also I cant access msconfig or regedit from the Run command anymore. What has been knocked out and how can I fix it? Help!!!
Thanks
Posted by: Mike at July 28, 2004 6:33 AMAlmost impossible to say - it could be many things. I'd start with a System File Check: http://ask-leo.com/archives/000074.html
Posted by: Leo at July 28, 2004 7:00 PM
Subscribe to the RSS Feed for comments on this article.
To post a comment on "What are "LSASS", "LSASS.EXE" and "Sasser" and how do I know if I'm infected? What do I do if I am?", please return to that article's main page.