Comments
Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.
my computer doesn't restart
Posted by: i am infected at August 4, 2004 6:41 PMI'd send you to this article to start regaining control of your computer: http://ask-leo.com/archives/000253.html
Good luck!
Posted by: Leo at August 4, 2004 6:45 PMFirst thing I noticed is on startup, a popup that says: you or a program is trying to access www. .ru (forgot the name of the site but the site doesnt exist) then after a few days the computer starts automaticly connecting to the internet without my authorization and if i hit cancle it does it again in a few minutes. I tried Ad-aware and 4 other simular programs to ditect it but couldnt ditect any spyware. Also I noticed this new prosses: the lsass.exe and the alg.exe and it doesnt let me terminate the lsass.exe, saying that: "This is a critical system process. Task Manager cannot end this process."
any suggestions? I need help
Posted by: yuriy at August 25, 2004 2:21 PMAre you up to date on running virus scans? Sounds like a virus. As this article points out, lsass.exe IS a require system component.
Posted by: Leo at August 25, 2004 2:24 PMnbtstat -R reloads the netbios name cache, not the DNS cache, which is what will stop resolution of web sites.
ipconfig /flushdns is the command you'll want.
Posted by: richard at August 27, 2004 9:12 AMjust i have to got the error message of lsass.exe file and it will reboot after 60 seconds. i tried a lot and i have to make changes in active directory sites and services option and there it will show the replication time and i have change replication. i didn't get any solution for that. please give me solution of that and just one dialogue box appear and it will restarted and from run if i give command shutdown -a it is not working in windows 2000 server operating system with domain.
Please kindly inform me the solution of these. first it was restarted within 15 to 20 minutes but now it will restarted after 1 and half day.
bye....
hiral
URL Software Pvt. Ltd.
The article you just commented on has the most up to date information. Be sure you follow all steps.
Posted by: Leo at August 31, 2004 8:40 AMthe command shutdown -a doesn't work on my system ...
Posted by: Jes at August 31, 2004 12:12 PMNot found or runs but doesn't shut down?
Posted by: Leo at August 31, 2004 12:19 PMHi Leo
I think I am free of the sasser exploit virus but I am not sure. I have a pc with xp professional and a search shows that I have lsass.exe in the following two places locations:
[1] c:\windows\system32\lsass.exe - (size 12K type: application)
[2] c:\windows\servicepackfiles\i386\lsass.exe - (size:12 type: application.
On my Laptop with xp home edition, I also have lsass.exe and LSASS.EXE in the following locations:
[1] c:\I386\LSASS.EXE - (size: 9k type: EX_file)
[2] c:\windows\system32\lsass.exe - (size: 12k type: application)
I looked at the host file on my laptop but only saw one line in it for the localhost and it's relevant IP.
My problem is I got internet security pro. 2004 and sygate pro firewall, but time and time again I get a message from sygate firewall saying it has blocked a buffer overflow attempt on LSASS.EXE.
I am concerned if I have the virus and not know about it. I did a scan yesterday and all seems well. I also updated the KB835732 hotfix but I read on the web that LSASS.EXE and lsass.exe are two different files and the capitalised version is a suspect. in otherwords the:
lsass.exe is innocent
LSASS.EXE could be a suspicious file and the fact that it doesn't reside within the windows/sytem directory??
Can you shed any light on this?
Posted by: Jon at September 2, 2004 5:34 AM
Subscribe to the RSS Feed for comments on this article.
To post a comment on "What are "LSASS", "LSASS.EXE" and "Sasser" and how do I know if I'm infected? What do I do if I am?", please return to that article's main page.