I have been having problems with an as yet unidentified mass mailing worm on a Dell PowerEdge SC1420 running Windows SBS 2003. I installed your trialware avast! 4 Server Edition to see if it could find and fix the problem. When I rebooted after the installation the boot process was interrupted by the following:
“lsass.exe System Error When trying to update a password this return indicates that the value provided as the current password is incorrect”
5 seconds later a system reboot occurs and the process repeats ad infinitum in an uninterruptible cycle.
I then fitted a second hard drive to the machine and installed a second copy of SBS2003 on it. I then installed avast! 4 Server Edition on that, and swept all drives for viruses using the ‘thorough’ setting and including ‘archives’. Netsky-P and Netsky-Q were found among email attachments in Exchange data on the old system, but nothing that appeared to be live or a mass mailing culprit.
Web searching indicates a connection between the sasser worm and the lsass.exe reboot cycle behaviour, but avast did not detect sasser in my installation.
Questions:
-
Has anyone experienced the lsass.exe system error with an avast installation before? (if not, then it can be assumed that the installation did not cause the lsasse.exe error).
-
Does avast reliably detect sasser infections?
-
Any ideas as to the best resolution?
Thanks to all who reply.