DescentBB

im having a problem with a freinds computer and a 2-Wire DSL modem from BellSouth.

everytime i boot the computer with the modem plugged in, LSASS.exe encounters a Critical Stop and forces the System to shutdown with a 45 second warning NT Authority Shutdown.

is this some kind of attack over the net, or is the modem causing a conflict here.

Bellsouth tech support walked me through the setup process and it worked fine, but now if the PC boots with the modem plugged in, it wont stay running.

it also for a brief moment allowed us on the net, now it doesnt.

Format c: /q /x

=)

http://www.microsoft.com/security/incident/sasser.mspx

you need to disconnect the computer, install XP and then install SP2 from a CD. Then it should work fine. Or put a physical firewall between you and the internet.

Well, FL, LSASS is a genuine system file, and if it crashes the system does reboot in 45 seconds. A Sasser infection causes LSASS to crash, which in turn makes the system reboot. Just because LSASS crashes doesn't mean you're infected with Sasser.

Word, DCrazy.

Or, what's faster than SP2 is installing the MS04-011 Security Bulletin patch and you're all good. I run into this constantly at work amongst the unpatched test machines.

okay, looks like ill have to use my machine, download SP2 and install it on her PC.

im also considering just swapping my 2nd HDD for hers and letting my NAV 2004 Pro fix the problem.



Thanx for the info

AceCombat wrote:im also considering just swapping my 2nd HDD for hers and letting my NAV 2004 Pro fix the problem.

Yes, it will remove the virus, but you'll just get infected as soon as you connect to the internet again. (You have on average 20 minutes before your unpatched PC is infected).

Do a clean install of XP. Install SP2. Then connect it to the internet.

Or activate the XP firewall BEFORE connecting to the internet. It has been in there ever since..

Topher wrote:Do a clean install of XP. Install SP2. Then connect it to the internet.

Or better yet, slipstream the XP CD so it installs with SP2 already intigrated.

^^

This is the single best piece of advice I could give to anybody installing SP2 (I was actually about to type "XP2", which for all intents and purposes is pretty accurate). A fresh start with the service pack already installed is a great feeling, but unfortunately unfeasible in any situation larger than 1 or 2 machines.

Why the fresh install?

Ace, by all means hook up your second HD with NAV installed on it. Unless there IS a virus buried in the OS that won't come out, there is no need to reinstall Windows. Trust me on this, download SP2 or just the MS04-011 patch(the redistributable packages)to your 2nd HD, apply 'em to her computer then have NAV scan it.

I've done this more times in the last month than I can possibly count. I've cleaned Sasser and Korgo and dealt with lsass.exe crashes so many times it's not even funny. Nine times out of ten a reinstall is not necessary.

you need to disconnect(or get behind something that blocks incomming crap) install the service packs, turn off the windows firewall, then install a half descent firewall.

An activex control can disable all the new fangled security centre things quite easily.

You have "descent" on the brain!

heh.

I've been lucky in the worm department. First thing I did when I got broadband was buy a router with a firewall. I was SO mystified last year when a friend's computer kept turning up infected. I was ready to disown the guy for not listening.

durrr. Firewall fixed the problem.

Jagger wrote:Why the fresh install?

I guess it's not really necessary, but it would remove the virus if he doesn't have an antivirus installed. Technically, the best thing to do with a compromised system is to flatten it.

Jagger, remember.....

this is my friends HDD not mine.


but i will talk to her and pull her drive, pull my second HDD and swap it out for hers.

You do know that Adaware SE will nuke Sasser, right? At any rate, apply SP2 (leave her a slipstreamed XP SP2 CD), and install a decent software firewall.

And FFS, make sure automatic updates is enabled.