Author Topic: Lasass.exe error.. (Read 535 times)

BlckMgk · « **on:** May 19, 2004, 11:26:37 AM »

Anyone know how I can fix this problem without formating/reinstalling my system?

Any help is appreciated.

It usually happens after 4-5 minutes on the computer, usually surfing the web. All that I've uncovered about the problem doesn't make sense.

Thanks,
-BM

Horn · « **Reply #1 on:** May 19, 2004, 11:43:37 AM »

http://x220.win2ktest.com/forum/topic.asp?TOPIC_ID=3292

Fifth post down. Instructions for fix.

h

gatt · « **Reply #2 on:** May 19, 2004, 12:16:40 PM »

You mean lsass.exe, probably ...

Anyway, looks like you got the famous Sasser worm. Check at http://www.symantec.com for the specific fix.

Curval · « **Reply #3 on:** May 19, 2004, 12:23:48 PM »

You have been sasserfied dude.

Follow gatt's advice.

....and I'll give you the same advice my IT guy gave me.

"STOP GOING TO PORN SITES".

Thud · « **Reply #4 on:** May 19, 2004, 01:18:59 PM »

Quote

Originally posted by Curval
You have been sasserfied dude.

Follow gatt's advice.

....and I'll give you the same advice my IT guy gave me.

"STOP GOING TO PORN SITES".

So true, after I've cleaned their computer I usually tell clients I have cured them from a social disease...

vorticon · « **Reply #5 on:** May 19, 2004, 01:49:39 PM »

Quote

Originally posted by Thud
So true, after I've cleaned their computer I usually tell clients I have cured them from a social disease...

so those popups that always accompany porn sites about anyone being able to see whatever youve accessed any time no matter what you do are true? or are these people just stupid...

Siaf__csf · « **Reply #6 on:** May 19, 2004, 02:07:33 PM »

It's not in the interests of porn site hosts to spread viruses. They're making business and hurting the clients wouldn't be very smart.

Then again if you're being dumb / cheap and click every advertisement promising something for free.. well.

Skuzzy · « **Reply #7 on:** May 19, 2004, 02:16:21 PM »

The Sasser worm/virus does not spread through email or WEB sites.
----------------
This worm attempts to take advantage of a buffer overflow vulnerability in the Windows Local Security Authority Service Server (LSASS). The vulnerability allows a remote attacker to execute arbitrary code with SYSTEM privileges. More information on this vulnerability is available in Vulnerability Note VU#753212 and Microsoft Security Bulletin MS04-011.

The worm has been reported to propagate by scanning random IP addresses on port 445/tcp for vulnerable systems. When a vulnerable system is found, the worm will exploit this vulnerability, create a remote shell on port 9996/tcp, and start an FTP server on port 5554/tcp. The victim system will then connect back to the attacking system on port 5554/tcp to retrieve a copy of the worm. Systems infected by this worm may notice significant performance degradation.

BlckMgk · « **Reply #8 on:** May 19, 2004, 03:10:00 PM »

Thanks for the information folks, It was the Sasser virus. I eliminated it from the computer and will see.

The associate I'm fixing this computer for, brought her computer to the office and connected the damn thing to the network, going to have to run a scan on all computers now to see if it spread to any of the other systems. Well good stuff folks always appreciate the help.

-BM

DiabloTX · « **Reply #9 on:** May 19, 2004, 03:18:55 PM »

There's porn on the Internet???????

gatt · « **Reply #10 on:** May 20, 2004, 02:53:55 AM »

Blckmgk,

remember to keep your Windows constantly updated via the "Windows Update" feature in the Start Menu. Install every Important Update and official Service Pack.

Those bloody worms exploit the protection weaknesses of IE.

Then use a good antivirus like PC Cillin or Norton and update it frequently. I was used to protect only my e-mails. However now it is not enuff, those suckers run on the net looking for unprotected communication ports.

I got the Sasser the very first day and like a stoopid I reformatted and reinstalled everything just to get it again after a few minutes online. Then I went on the Symantec web page and ....

Nash · « **Reply #11 on:** May 20, 2004, 02:59:02 AM »

Quote

Originally posted by BlckMgk
"The associate I'm fixing this computer for..."

Roscoroo · « **Reply #12 on:** May 20, 2004, 03:22:58 AM »

Quote

Originally posted by BlckMgk
Thanks for the information folks, It was the Sasser virus. I eliminated it from the computer and will see.

The associate I'm fixing this computer for, brought her computer to the office and connected the damn thing to the network, going to have to run a scan on all computers now to see if it spread to any of the other systems. Well good stuff folks always appreciate the help.

-BM

you hooked a buggy pc up to a network ....... tisk tisk tisk ...

Curval · « **Reply #13 on:** May 20, 2004, 07:24:59 AM »

Okay...I'm confused.

I seem to have contracted the sasser virus AGAIN.

Inititally I had the sasser D, now I scan and it says I have the BAT_sasser.A virus, but the removal tool I have did not detect any sasser infection. Is there a specific tool for this BAT_sasser.A virus? The semantic site isn't clear.

gatt · « **Reply #14 on:** May 20, 2004, 09:20:32 AM »

Curval,

Dunno about the bat.sasser ... however, if you remove the Sasser worm and then you connect again to the net *without* upgrading your Windows with *all* the official Microsoft protection updates (under "Important Updates" in the Windows Update pages) you get the infection again.

1) Download the anti Sasser tool you find here:
http://securityresponse.symantec.com/avcenter/FxSasser.exe

2) Reboot in Safe Mode and scan your computer with the tool.

3) Update your Windows with Windows Update (see above).

4) Update your Antivirus.

5) Reboot again in Safe Mode and run your updated Antivirus.