Well, yesterday suddenly i couldn’t click in the start bar, like there was a OK to be clicked on before i could use the bar. I used CTRL+ALT+DEL, and turned off whatever could be doing that. I found a Strange Systen32 in the processes, turned it off, but the problem was still there.
I used msconfig, and discovered that this systen32 was programed to start with windows. I turned it off and rebooted. When it restarted, the bar was OK again, but the firewall stopped working… I unplugged the internet cable so that if someone was doing something from outside, he would be unable to go on. I unninstalled the firewall and avast, rebooted, installed them both, programed a full boot scan, and restarted. No virus was found.
I decided to update the virus bank, so i had to plug the internet again. I updated, and started a full scan… after some time, lsass was suddenly turned off, and the PC was going to be shut down in 60 seconds. I unplugged again the internet, let it restart, and performed the full scan. It found one virus, but i don’t think it had anything to do with my problem, it was inside a .RAR, and was never run.
Then i configured to firewall not to accept any connections, and always ask for anything. Plugged the internet again. He asked for two normal connections (127.0.0.0), and then the program “system” tried a incoming connection from some remote IP. I denied it, and after a while it asked again, sometimes repeated times, sometimes incoming, sometimes outgoing, and sometimes it asked for a .avast address. I denied it everytime. In the CTRL+ALT+DEL window, the system is there, its about 240k, and i can’t close it, neither can I lower its priority. When i try to close, nothing happens. When i try to lower the priority, it says access denied.
System could be bound to windows, and probably is, but since I denied its connections, nothing else strange happens.
Is this system a virus itself? Or maybe a virus substituted something in the system file, and now it works as a Trojan?
Now, no virus is found by avast, but I’m pretty sure that if I accept connections asked by System, strange things will happen again, like lsass shutdown, firewall stopping, and bar not responding.
Thanks already.
Hi BCF,
I wonder if you could double check your post for spelling. Systen32 (with and “N”) might be a trojan while System32 (with and “M”) might be something else. And just plain “system” - I’m not sure about that.
Similarly, lssas.exe could be a problem while lsass.exe could be valid depending on its location.
Also post your operating system and the name, file name and location of the virus avast! identified.
Finally, if you suspect a trojan, try scanning with the free versions AVG Antispyware and A-Squared
Hi Mauserme, 
I checked my post again for spelling, and I misspelled lsass for lssas, so sorry… it’s all right now I think(the post). It was really systen32(with “N”).
And this plain “System” is what’s worrying me now…
I don’t know if I’m being able to express myself as I wanted, since I’m not a native English speaker. 
System: Windows XP SP2
Virus:“Win32:Trojan-gen. {Other}”, filename:Port_RockXP_v4.exe (inside a .rar)
Just going to state again, I don’t think this virus has anything to do with the problem, since that .rar file was never run/opened. Maybe I’m way wrong, so please correct me.
A-squared found tracking cookies, nothing important. AVG Anti-Spyware didn’t find anything.
I’m going to resume what I think:
There was a way in to my PC, and through there someone closed lsass.exe, and also made my firewall stop working.
The door was “System”.
Maybe someone else using this PC run somehow “System”, and that started everything.
Or, maybe, Systen32 was run by someone here somehow, and it changed lines in System(System could be part of the OS), so that it worked as a door.
Or System started working as a door for a unknown reason.
The only problem right now is that I can’t close “System”. Of course, if it is part of the OS, then I think I’ll have to get a healthy version of the file (maybe by reinstalling Windows).
I’d like to know if it’s part of the OS, and anything else you could please tell me about this kind of problem. 
Thanks for caring!
Download a current installation file for the firewall you had, or Zone Alarm or Comodo
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp
http://www.comodo.com/products/free_products.html
Also download Symantec’s sasser removal tool to your desktop
http://securityresponse.symantec.com/avcenter/FxSasser.exe
Make sure the avast! definitions are up to date.
Remove your computer from any network or internet access, turn off system restore, and reboot. Run the sasser removal tool (FxSasser.exe). A log file named FxSasser.log will be created - rename it to FxSasser1.log
Reboot and run the sasser removal tool again.
Install the firewall and reboot if called for.
Schedule an avast! boot time scan and reboot. Move anything found to the chest whenever possible.
Reconnect to the internet and immediately check for and install any critical Windows updates. Keep checking until there are no updates left to intstall.
Post the contents of both FxSasser logs.
Your English is fine