Re: lsass.exe?
From: Dean J Garrett (info_at_amuletc.com)
Date: 04/27/05
- Next message: David H. Lipman: "Re: lsass.exe?"
- Previous message: David H. Lipman: "Re: IRC Packets being generated. Dont know where from..."
- In reply to: Dean J Garrett: "Re: lsass.exe?"
- Next in thread: David H. Lipman: "Re: lsass.exe?"
- Reply: David H. Lipman: "Re: lsass.exe?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Apr 2005 16:39:33 -0700
Hello,
I followed the procedure below, and Stinger did not find any viruses on the
server. But the same problem occurs. The server keeps rebooting, after
showing the error message:
"Shutdown initiated by NT AUTHORITY SYSTEM
c:\windows\system32\services.exe (or sometimes it says lsass.exe) terminated
unexpectedly"
I guess it is time to reinstall Windows Server 2003??
"Dean J Garrett" <info@amuletc.com> wrote in message
news:#PKf$GpSFHA.3188@TK2MSFTNGP09.phx.gbl...
> I'm afraid that I don't know if all the instructions you provided below
are
> for Windows Server 2003 Enterprise. That's the OS on my server.
>
> Should I assume that everything is still valid??
>
>
>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:eQg5nZfSFHA.1972@TK2MSFTNGP10.phx.gbl...
> > From: "Dean J Garrett" <info@amuletc.com>
> >
> > | I see a file in c:\windows\system32 called lsass.exe
> > |
> > | Is this a virus? Can I delete it? I ran TrendMicro sysclean, but it
was
> not
> > | identified as a virus.
> > |
> > | I can no longer login to my Windows Server 2003 Enterprise Ed.
> > | The minute I do, I get a message saying
> > |
> > | "Shutdown initiated by NT AUTHORITY SYSTEM
> > | c:\windows\system32\services.exe (or sometimes it says lsass.exe)
> terminated
> > | unexpectedly"
> > |
> > | It then reboots, and the same thing happens again... If I reboot in
Safe
> > | Mode, this doesn't happen. What can I do??? Thank you!
> > |
> >
> > LSASS is an integral part of the OS -- NO you can't just delete it !
> >
> > Obtain McAfee's virus and worm removal tool, Stinger:
> http://vil.nai.com/vil/stinger/
> >
> > 1) Disable System Restore
> > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> > 2) Reboot your PC into Safe Mode and shutdown as many applications
as
> possible
> > 3) Using McAfee Stinger, perform a Full Scan of your platform and
> clean/delete any
> > infectors found
> > 4) Restart your PC and perform a "final" Full Scan of your platform
> > 5) Re-enable System Restore and re-apply any System Restore
> preferences,
> > (e.g. HD space to use suggested 400 ~ 600MB).
> > 6) Reboot your PC.
> > 7) If you are using WinME or WinXP, create a new Restore point
> >
> > * * * Please report back your results * * *
> >
> > If nothing is found I would surmise that your WinXP OS is corrupt and
will
> require a repair
> > installation.
> >
> >
> > --
> > Dave
> > http://www.claymania.com/removal-trojan-adware.html
> > http://www.ik-cs.com/got-a-virus.htm
> >
> >
>
>
- Next message: David H. Lipman: "Re: lsass.exe?"
- Previous message: David H. Lipman: "Re: IRC Packets being generated. Dont know where from..."
- In reply to: Dean J Garrett: "Re: lsass.exe?"
- Next in thread: David H. Lipman: "Re: lsass.exe?"
- Reply: David H. Lipman: "Re: lsass.exe?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
