Re: Not Sasser?!
From: BG250 (anon_at_anon.com)
Date: Wed, 25 Aug 2004 09:35:06 -0400
There is a new worm going around. Most scanners would not detect up until
yesterday. Look for msnmsg.exe in system32 folder and throughout the
registry. If found, boot into safe mode, delete the file and delete all
registry entries that reference this file. I know it looks like a valid
Windows file name, but it not. I've found the virus doesn't even have to be
on the machine for the LSASS shutdown to occur. It just has to try to invade
it from the network connection.
Be sure you have a functioning firewall, uptodate virus scanner and a
spyware scanner is not a bad idea. Also patch Windows.
"Jessica" <email@example.com> wrote in message
> I have a virus on my computer that shuts me down and
> restarts my PC after I get on the internet. I get the
> same message as the previous posted message by jcb iowa:
> 32/lsass.exe and the system shuts down and restarts.
> I tried to fix it with the downloads from the windows
> update website---the first one i tried to install said
> there was no infection; the second one i tried to install
> wouldn't even open and said "this application wasn't
> applicable with win32 applications" or something like that.
> so then i went to the symantec web site and installed
> their sasser removal tool, and it scanned my system and
> said that i did not have sasser on my computer. And i'm
> not rich and can't be paying 50 bucks to speak to a
> symantec virus support person. So now what??????
> P.S. I have not had updated virus protection on my pc for
> over a year now, hence the virus. But I can't get online
> long enough to get buy and download protection!!!!