Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

i was wondering if you could point me in the right direction to elimanate this virus.

  • 25-07-2004 1:06am
    #1
    Closed Accounts Posts: 3,219 ✭✭✭


    every time i go on the net after a while a box opens that cant be "x-ed" with a red circle thingy telling me that the computer will shut down in 60seconds which it duly does,is this is a virus and if so pray tell how do i eliminate it?,an "lsa shell" export version error report comes up before hand and either if i send it or not thje shutdown thingy pops up soon after.


Comments

  • Closed Accounts Posts: 832 ✭✭✭pyrogenx


    Im not sure which one it is, but it could be sasser or msblast.... although it could be another too

    i suppose u know about the command "shutdown -a" to stop the pc from shutting down.

    Does it cut ur internet connection off before the shutdown window comes up??

    If not its probably msblast, then just go into ur root/windows/system32/ and search for a hidden (i think its hidden, maybe u have to enable the view of hidden files in ur folder options) file called "msblast", then just delete it. But it could come back again.

    If its sasser get a tool from the microsoft site that will remove the "sasser virus".

    When u've removed the virus/worm u need to get some windows security updates!! Otherwise u'll catch them again quickly.

    Does anyone know if there is any other way of gettin windows updates (like in files), than using the update "tool"???


  • Closed Accounts Posts: 3,219 ✭✭✭invincibleirish


    the internet connection doesnt cut out so it must be msblast, how exactly do i go into root/windows/system32?


  • Closed Accounts Posts: 832 ✭✭✭pyrogenx


    If ur windows is installed on C:/ simply open
    C:/windows/system32/ for windows xp
    C:/winnt/system32/ for windows 2000

    Then search for "msblast.exe" ( im pretty sure thats the exact filename, otherwise just try something like :"msblast") if u found it then just delete the file. If u don't find it, enable view hidden files in ur folder options and try again. If u still can't find it, it must be a different virus or worm.


  • Registered Users, Registered Users 2 Posts: 5,645 ✭✭✭Shrimp


    I know somebody that had this very problem, they just ran an ad-ware scan, deleted all ad-ware found and then this error never came again. Here is the link to one of the best ad-ware scanners.

    Click Here


  • Registered Users, Registered Users 2 Posts: 9,579 ✭✭✭Webmonkey


    Also run a firewall or windows built in firewall and this will stop the remote precude call from crashing.

    Download the update here http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

    more than likely you are Win XP 32bit user so jump to here, http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,317 ✭✭✭Chalk


    lsa shell error is usually the sasser worm if im not mistaken

    http://vil.nai.com/vil/stinger/

    grab that free tool from mcafee and you should be ok


  • Registered Users, Registered Users 2 Posts: 372 ✭✭cerbeus


    more than likely this is the Sasser worm. You'll need to clean it out with a tool such as the one Chalk pointed to. But most importantly you should patch your machine to stop the reinfection.

    Go to the Windows Update site and run a full scan. If you have broadband install all the Critcal Patches that it returns. If you are on Dial up then just install the Sasser one which should show up as KB835732.

    More info can be found on :
    http://www.microsoft.com/security/incident/sasser.mspx


Advertisement