LSASS.exe

AceCombat · Post by **AceCombat** » Thu Aug 26, 2004 4:10 pm

im having a problem with a freinds computer and a 2-Wire DSL modem from BellSouth.

everytime i boot the computer with the modem plugged in, LSASS.exe encounters a Critical Stop and forces the System to shutdown with a 45 second warning NT Authority Shutdown.

is this some kind of attack over the net, or is the modem causing a conflict here.

Bellsouth tech support walked me through the setup process and it worked fine, but now if the PC boots with the modem plugged in, it wont stay running.

it also for a brief moment allowed us on the net, now it doesnt.

Krom · Post by **Krom** » Thu Aug 26, 2004 4:21 pm

Format c: /q /x

=)

Flatlander · Post by **Flatlander** » Thu Aug 26, 2004 4:25 pm

http://www.microsoft.com/security/incident/sasser.mspx

Topher · Post by **Topher** » Thu Aug 26, 2004 4:26 pm

you need to disconnect the computer, install XP and then install SP2 from a CD. Then it should work fine. Or put a physical firewall between you and the internet.

DCrazy · Post by **DCrazy** » Thu Aug 26, 2004 4:31 pm

Well, FL, LSASS is a genuine system file, and if it crashes the system does reboot in 45 seconds. A Sasser infection causes LSASS to crash, which in turn makes the system reboot. Just because LSASS crashes doesn't mean you're infected with Sasser.

Mobius · Post by **Mobius** » Thu Aug 26, 2004 4:36 pm

Word, DCrazy.

Jagger · Post by **Jagger** » Thu Aug 26, 2004 5:30 pm

Or, what's faster than SP2 is installing the MS04-011 Security Bulletin patch and you're all good. I run into this constantly at work amongst the unpatched test machines.

AceCombat · Post by **AceCombat** » Thu Aug 26, 2004 6:20 pm

okay, looks like ill have to use my machine, download SP2 and install it on her PC.

im also considering just swapping my 2nd HDD for hers and letting my NAV 2004 Pro fix the problem.

Thanx for the info

Topher · Post by **Topher** » Thu Aug 26, 2004 6:39 pm

AceCombat wrote:im also considering just swapping my 2nd HDD for hers and letting my NAV 2004 Pro fix the problem.

Yes, it will remove the virus, but you'll just get infected as soon as you connect to the internet again. (You have on average 20 minutes before your unpatched PC is infected).

Do a clean install of XP. Install SP2. Then connect it to the internet.

Grendel · Post by **Grendel** » Thu Aug 26, 2004 7:17 pm

Or activate the XP firewall BEFORE connecting to the internet. It has been in there ever since..

Krom · Post by **Krom** » Thu Aug 26, 2004 7:20 pm

Topher wrote:Do a clean install of XP. Install SP2. Then connect it to the internet.

Or better yet, slipstream the XP CD so it installs with SP2 already intigrated.

DCrazy · Post by **DCrazy** » Thu Aug 26, 2004 7:25 pm

^^

This is the single best piece of advice I could give to anybody installing SP2 (I was actually about to type "XP2", which for all intents and purposes is pretty accurate). A fresh start with the service pack already installed is a great feeling, but unfortunately unfeasible in any situation larger than 1 or 2 machines.

Jagger · Post by **Jagger** » Thu Aug 26, 2004 9:53 pm

Why the fresh install?

Ace, by all means hook up your second HD with NAV installed on it. Unless there IS a virus buried in the OS that won't come out, there is no need to reinstall Windows. Trust me on this, download SP2 or just the MS04-011 patch(the redistributable packages)to your 2nd HD, apply 'em to her computer then have NAV scan it.

I've done this more times in the last month than I can possibly count. I've cleaned Sasser and Korgo and dealt with lsass.exe crashes so many times it's not even funny. Nine times out of ten a reinstall is not necessary.

fliptw · Post by **fliptw** » Thu Aug 26, 2004 10:01 pm

you need to disconnect(or get behind something that blocks incomming crap) install the service packs, turn off the windows firewall, then install a half descent firewall.

An activex control can disable all the new fangled security centre things quite easily.

WarAdvocat · Post by **WarAdvocat** » Fri Aug 27, 2004 2:13 am

You have "descent" on the brain!

heh.

I've been lucky in the worm department. First thing I did when I got broadband was buy a router with a firewall. I was SO mystified last year when a friend's computer kept turning up infected. I was ready to disown the guy for not listening.

durrr. Firewall fixed the problem.

Topher · Post by **Topher** » Fri Aug 27, 2004 8:38 am

Jagger wrote:Why the fresh install?

I guess it's not really necessary, but it would remove the virus if he doesn't have an antivirus installed. Technically, the best thing to do with a compromised system is to flatten it.

AceCombat · Post by **AceCombat** » Fri Aug 27, 2004 11:50 am

Jagger, remember.....

this is my friends HDD not mine.

but i will talk to her and pull her drive, pull my second HDD and swap it out for hers.

MD-2389 · Post by **MD-2389** » Fri Aug 27, 2004 11:16 pm

You do know that Adaware SE will nuke Sasser, right? At any rate, apply SP2 (leave her a slipstreamed XP SP2 CD), and install a decent software firewall.

And FFS, make sure automatic updates is enabled.