Re: LSA Shell export version----

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Bruce Chambers (bchambers_at_nospamcableone.net)
Date: 07/02/04 

Date: Thu, 1 Jul 2004 20:11:20 -0600

Greetings --

    Your friend has apparently also contracted the latest worm,
W32.Sasser.Worm, specifically designed to attack people who do not
update their computers promptly and who do not practice "safe hex."
In other words, like Blaster (a.k.a. Lovesan), this worm was developed
and distributed _after_ a patch for the vulnerability was announced
and made publicly available. Further, and also like Blaster, this
worm could not affect any computer whose user had taken the basic
precaution of using a properly configured firewall.

    To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next Shutdown countdown begins. This will abort the shut down. Also,
make sure you've enabled a firewall before starting, to preclude any
more intrusions while getting the updates/patches/tools.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/

Bruce Chambers 

-- 
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
"Richard Oliver" <R.Oliver@Spam.co.za> wrote in message
news:nr58e05d848ii5nrvv6eeed38675js09b2@4ax.com...
> A friend's machine running WinXP 2000 Home Edition was infected by a
> Worm--Lovsan .F and .A.
> The worm was isolated but now she has a problem when she tries to
log on
> to the internet as the machine shuts down after giving the following
> message:
>
> Shutdown by NT Authority \System
> Windows \system lsass.exe
> Status code: 1073741819
> Lsass seems to be the problem.
>
> Lsass.exe is located in Windows \system .
> Your help in sorting this out please. Richard
>
>

Relevant Pages

  • Re: Is reinstallation needed??
    ... > going to automatically shutdown then restart. ... If you connected the PC to the Internet without having first ... What You Should Know About the Blaster Worm ... W32.Blaster.Worm Removal Tool ...
    (microsoft.public.windowsxp.general)
  • Re: System is shuttng down NT authority 60 seconds
    ... and removal tools, click Start> Run, and enter "shutdown -a" when the ... sure you've enabled a firewall before starting, ... What You Should Know About the Blaster Worm ... W32.Blaster.Worm Removal Tool ...
    (microsoft.public.windowsxp.security_admin)
  • Re: nt authoritysystem
    ... To stop shutdown, click Start, click Run and type: ... It doesn't remove the worm. ... You can then connect to the Internet and download the Microsoft relevant patch. ... Internet to obtain the patch, definitions, or removal tool before the worm shuts ...
    (microsoft.public.windowsxp.customize)
  • Re: System Shutdown ? Please help me. Thanks !
    ... and removal tools, click Start> Run, and enter "shutdown -a" when the ... intrusions while getting the updates/patches/tools. ... What You Should Know About the Blaster Worm ... W32.Blaster.Worm Removal Tool ...
    (microsoft.public.windowsxp.general)
  • Re: Shutdown initiated by system?
    ... and removal tools, click Start> Run, and enter "shutdown -a" when the ... What You Should Know About the Blaster Worm ... W32.Blaster.Worm Removal Tool ...
    (microsoft.public.security.virus)