From information I have read about this apparently only computers running windows 2000 and xp are damaged I am on xp, but other computers with different operating systems can “carry” the virus and cause harm to others causing severe lag and cause your computer to randomly reboot etc or be so slow its useless. Anyway I realise this is a wide spread problem and I have my anti-virus software from here have run a boot scan from startup and disabled my system restore but I can’t stop it lingering. I press ctr alt delete and the lsass.exe file is clearly running in the processes only problem is i don’t seem to be able to do anything about it and when this file crashes apparently it is causing my computer to shutdown at this point i usually get a 30 second “system” type warning its very weird. Some advice would be much appreciated!!
You will no doubt also have read that the Sasser virus took advantage of a Vulnerability that was long ago patched by MS. So if you haven’t been keeping your OS up to date then you are still vulnerable to exploit/s.
What is it that you ‘can’t stop lingering?’
Lsass is another old vulnerability long since patched by MS so you need to update your OS.
What version of XP do you have, XP, XP SP1, XP SP2 (which is the latest)?
Neglect your OS and you are going to continually be plagued by exploits, once you get clean it will certainly be back unless you close the holes (vulnerabilities).
Do you have a firewall?
As far as I know I am using XP Professional. The first thing I did with my computer was download avast antivirus and yes it all stays up to date and I use the firewall with it, maybe I should go for zone alarm as a firewall instead? You make a good point about the ms updates I am now mostly up to date while beforehand I didn’t bother with ms updates at all but now know better. I don’t seem to be able to do anything about the lsass file being present when i press ctr alt delete, although from what i read it said highlight it in the task manager and end the process but it won’t let me because it is a “critical system process” so basically im not sure what damage has been done and what to do now my computer hasn’t auto shutdown with a timer again yet but im still feeling uneasy about that file still being around.
XP Home or Pro isn’t relevant, what is relevant is what version SP1 or SP2
The presence of of the lsass file doesn’t mean it is infected, this is a legitimate windows
process, it entirly depends on its location and use.
It is legitimately in my Task Manager view (see image) as will it be in anyones view. The problem would be if the Patch wasn’t applied to take advantage of the LSASS vulnerability, if it has been applied then the vulnerability has been closed.
The windows firewall is worse than usless (well better than no firewall) because people believe it is a firewall and protects them. When in fact it only protects against inbound protection, nothing to stop malware phoning home or downloading more of the same. So Zone Alarm free would be fine as it is a relatively friendly user interface.
I suggest that you also do an on-line virus scan, on-line Virus Scanners and other useful Links Security-Ops.eu.tt
thanks bud as part of keeping up to date I downloaded xp service pack 2 for all the security updates and it took a while aswell lol but all seems to have been resolved in regard to sasser and I now know to keep my system as secure as possible to prevent these things through all the updates and patches in the future
You should at least have automatic updates set to alert you when a new update is released, that way you know that you should update your system.
No problem, welcome to the forums.
Now you realise that prevention is much better/easier than cure.