Virus...have you seen this one...!???

[beavereater]

IF you have, how do I get rid of it...other than format if possible!!??
Tried Norton, didnt even catch it...damn!!

[VCDHunter]

No pic seen here - can you repost ?

[beavereater]

Sorry...just now I go to another PC...and hooked it up to my internet. Anyway, I think its the isass.exe virus or something...never heard of it, but maybe someone has and can help me get rid it.

[Guest]

do a search on symnatec's site. They tell u how to remove it.

[beavereater]

Couldn't find what I was looking for...I used the shutdown -a command to keep things from shutting down...but I cant find the file, remove it or anything...DAMN!!

[glockjs]

i wouldnt rely on just one anti virus program

[tekkieman]

Sounds like Sasser. Turn on your firewall, and read this link:

http://msn-cnet.com.com/4520-6600_7-5133023.html?part=msn-cnet&subj=ns_5133023&tag=tg_home

Then get the patch from M$ at:

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

[808smokey]

Lsass is an XP program that always runs. Press CTRL-ALT-DEL and you'll see it running on every computer running XP. I would try to reload that program or do a restore of XP.

Here's this from http://www.theeldergeek.com/protected_storage.htm

Protected Storage Service
Service Name Protected Storage Process Name lsass.exe
Default Settings XP Home : Automatic XP Pro : Automatic
Microsoft Service Description Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
Dependencies Remote Procedure Call (RPC)
Real World Description By 'sensitive data' they mean passwords, encryption data, etc. Closely tied into other 'features' like AutoComplete.
Is this service needed? No
Recommended Setting:
Disabled

Note While this service is not needed, most users will want it to avoid constantly having to type passwords. However, be aware it does carry risks, especially if your firewall security and security patch updating is lax.

[808smokey]

Here's the link from Micro$oft.com

http://support.microsoft.com/default.aspx?scid=kb;EN-US;306497

[Cobra]

i wouldnt rely on just one anti virus program

Are you saying to run two together? If so, then it's impossible. They interefere with each other or something, and apparently (or so I've been warned by the uni IT people) it's as bad as having no protection at all!

I check once a week for updates to Windows, daily with Norton and I run ZoneAlarm on my PC. I'm also covered by a hardware firewall that the uni uses. I'm quite safe, but I'm always watching just in case.

Cobra

[au7usa]

ITS A WINDOWS SERVICE!
http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/

[beavereater]

If I download and install the patch, will that cure me of this problem, or do I still have to use Norton or something too look for it and kill it??

[808smokey]

Y

If I download and install the patch, will that cure me of this problem, or do I still have to use Norton or something too look for it and kill it??

CAN YOU READ?!?!?!?!?!?

IT'S NOT A VIRUS IT'S A NORMAL WINDOWS FUNCTION

Myself and au7usa have both posted links to resolve your "WINDOWS PROBLEM" not Viruses. You can download virus defs all day long and it will never fix it.

[gmatov]

SASSER is written to take advantage OF that Windows SERVICE..

Good grief, lad, every worm or virus or trojan ever written has been done to take advantage of a vulnerability.

They find a way to exploit a vulnerabilty, they write the code, they launch it, and the anti-virus cos. bust ass to corner and correct it, remove it, till the OS programmers can come up with a patch.

Been that way, will remain that way. Linux, Mac are safer in the respect they are not yet largely enough distributed to make it so much fun to writers of malicious code.

For Mac, probably never, but for Linux, the time will come when it is widely enough used that they'll start taking liberties with code errors.

I seriously doubt that every attack has a profit motive. I think they are just tickled pink to find a glitch, write something to exploit it, sit back and watch the havoc that it seems to create among IT people and the vendor.

Cheers,

George

[troyvcd1]

wow beavereaters and 808smokies avatars together.

[808smokey]

SASSER is written to take advantage OF that Windows SERVICE..

Good grief, lad, every worm or virus or trojan ever written has been done to take advantage of a vulnerability.

They find a way to exploit a vulnerabilty, they write the code, they launch it, and the anti-virus cos. bust ass to corner and correct it, remove it, till the OS programmers can come up with a patch.

Been that way, will remain that way. Linux, Mac are safer in the respect they are not yet largely enough distributed to make it so much fun to writers of malicious code.

For Mac, probably never, but for Linux, the time will come when it is widely enough used that they'll start taking liberties with code errors.

I seriously doubt that every attack has a profit motive. I think they are just tickled pink to find a glitch, write something to exploit it, sit back and watch the havoc that it seems to create among IT people and the vendor.

Cheers,

George

This isn't a debate about viruses
I've looked through symantec and they have plenty about the "SASSER" but nothing about LSASS.EXE. If I press CTRL-ALT-DELETE it will be there. Today tomorrow and next week unless I disable it.

[gmatov]

W32.Sasser.B.Worm is a variant of W32.Sasser.Worm. It attempts to exploit the LSASS vulnerability described in Microsoft Security Bulletin MS04-011. This worm spreads by scanning randomly selected IP addresses for vulnerable systems.


The above just this minute copied-pasted from Symantec website, after I read Smoke's rebuttal..

Do you see the reference to "LSASS"?

It might have been hard to see, what with being all caps, but stuck way past the first sentence.

Actually, you may all do as you wish. Do NOT do a scan, do NOT go to Symantec for updates, nor DL any fixes, just natter among yourselves about what in the world this can possibly be.

If you can't dazzle them with brilliance, baffle them with bullshit.

Cheers,

George

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html

Here's the link, just in case www.symantec.com is too hard to do.

BTW, did you even read the first post? It was about a virus. Disabled, tried another computer, etc, where the hell have you been?

[beavereater]

[tekkieman]

@ beavereater

Now that you have removed the virus, make sure you run with a firewall (either hardware or software) and apply the patch linked in my first reply to seal the hole in LSASS which is what allowed the worm and virus into your system in the first place.

[808smokey]

I was wrong, I admit it.

[Guest]

dvd-r help.com-----Use protection

[gmatov]

No problem. I've jumped the gun myself, a time or two, posted before what I'd read in the first posts had sunk in.

Had to post the same type as you just did, but used one of the "red face" smilies.

Everybody has probably done it on occassion.

Was ready for bed when I posted, would have been less snappish, fully awake.

Just glad he has fixed it, hope the rest of the readers take heed, apply appropriate patches, and get a firewall Have to recheck the level of protection from my own router.

Cheers,

George

[Hardcoreruss]

wow beavereaters and 808smokies avatars together.