Re: Problems with lsass.exe

From: jaspal (jaspal.1c55o4_at_mail.mcse.ms)
Date: 09/06/04

Next message: Michael: "Re: Installing network driver."
Previous message: JCaboth: "RE: Content advisor enabled but not working!!!"
In reply to: Bruce Chambers: "Re: Problems with lsass.exe"
Next in thread: Shenan Stanley: "Re: Problems with lsass.exe"
Reply: Shenan Stanley: "Re: Problems with lsass.exe"
Reply: Bruce Chambers: "Re: Problems with lsass.exe"
Messages sorted by: [ date ] [ thread ]

Date: Mon, 6 Sep 2004 00:17:52 -0500

hi,
i am also having the lsass & random reboot problem. the only difference
is that i just installed xp home (sp1) from the original cd onto a
blank hard drive. as soon as i installed the high speed modem i tried
to log onto the xp update site to download the xp2 (or whatever new
updates my system needed). before i could even connect to the microsoft
update page, my system got shutdown because of the lsass.exe reboot
error.

is this really the work of a virus, or is it possily something else? i
find it hard to believe that i could have been infected in the time it
took to boot up, and connect to the win xp home page. oh right, after
a few random reboots, i was then prompted to insert the xp cd to
install some other components of xp. i`ll try to follow the worm
removal instructions unless someone else has a better idea? thanks.

-jaspal

Bruce Chambers wrote:
> *JerryDev. wrote:
> > Ok, here's the deal:
> >
> > This only seems to happen when I connect to the internet. But
> after
> > about 2 minutes of being connected, 2 messages appear stating
> that,
> > and these are the word from my error log, "Faulting application
> > lsass.exe, version 5.1.2600.0, faulting module unkown, version
> > 0.0.0.0, fault address 0x000000000" and then immediately
> thereafter
> > "A critical system process, C:\WINDOWS\system32\lsass.exe, failed
> > with status code c0000005. The machine must now be restarted."
> >
> > Here I am trying to figure out what the heck that means...This
> > happens everytime I connect to the internet, even if no other
> > programs are running, and always as a pair and at the same
> interval.
> >
> > Any help would be much appreciated!!
> > Jerry
>
>
> You've apparently contracted the latest worm, W32.Sasser.Worm,
> specifically designed to attack people who do not update their
> computers promptly and who do not practice "safe hex." In other
> words, like Blaster, this worm was developed and distributed _after_
> a
> patch for the vulnerability was announced and made publicly
> available.
> Further, and also like Blaster, this worm could not affect any
> computer whose user had taken the basic precaution of using a
> properly
> configured firewall.
>
> To stay on-line long enough to get the necessary updates, patches,
> and removal tools, click Start > Run, and enter "shutdown -a" when
> the
> next Shutdown countdown begins. This will abort the shut down.
> Also,
> make sure you've enabled a firewall before starting, to preclude any
> more intrusions while getting the updates/patches/tools.
>
> What You should Know about the Sasser Worm and its Variants
> http://www.microsoft.com/security/incident/sasser.asp
>
> Microsoft Security Bulletin MS04-011
> http://tinyurl.com/37grk
>
> W32.Sasser.Worm
> http://tinyurl.com/23cqa
>
> A tool is available to remove the Sasser worm variants
> http://tinyurl.com/ywmuw
>
> W32.Sasser.Worm Removal Tool
> http://tinyurl.com/3d3zg
>
> McAfee AVert Stinger Virus Removal Tool
> http://vil.nai.com/vil/stinger/
>
> --
>
> Bruce Chambers
>
> Help us help you:
> http://dts-l.org/goodpost.htm
> http://www.catb.org/~esr/faqs/smart-questions.html
>
> You can have peace. Or you can have freedom. Don't ever count on
> having both at once. - RAH *

--
jaspal
------------------------------------------------------------------------
Posted via http://www.mcse.ms
------------------------------------------------------------------------
View this thread: http://www.mcse.ms/message1028266.html

Next message: Michael: "Re: Installing network driver."
Previous message: JCaboth: "RE: Content advisor enabled but not working!!!"
In reply to: Bruce Chambers: "Re: Problems with lsass.exe"
Next in thread: Shenan Stanley: "Re: Problems with lsass.exe"
Reply: Shenan Stanley: "Re: Problems with lsass.exe"
Reply: Bruce Chambers: "Re: Problems with lsass.exe"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Not Sasser?!
... Further, and also like Blaster, this worm could not affect any ... McAfee AVert Stinger Virus Removal Tool ... install current antivirus protection. ...
(microsoft.public.security.virus)
Re: Setup error with XP Service Pack 2
... Symantec's website about the worm I am fighting said ... I will try their removal tool ... > first to clean things up and then retry the SP2 install. ...
(microsoft.public.windowsxp.general)
Re: Do I need to be on the internet to fix Sasser??
... It's important to install the patch first and then run the clean up tool. ... NEW WORM: SASSER ... Microsoft has learned about a worm identified as "W32.Sasser.worm" that is ... Anti-Virus software vendor for support on the Sasser or AgoBot viruses. ...
(microsoft.public.security.virus)
Re: WORM from MS Update Site
... You are not getting the Blaster worm from Windows Update. ... Install or enable a firewall IMMEDIATELY, before connecting to the ...
(microsoft.public.windowsxp.security_admin)
PC Reboots whenever on Internet! Help!
... been using an internet connection firewall and have ... Then immediately turn-on Windows XP's built-in Firewall: ... What You Should Know About the Blaster Worm and Its ... ***Install a good firewall. ...
(microsoft.public.windowsxp.general)