Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Sasser Virus

  • 30-08-2004 10:52pm
    #1
    finnpark
    Closed Accounts Posts: 1,541 ✭✭✭


    A number a weeks ago i got the I-Worm/Sasser.exe virus on my XP compuer. A box would appear, 60 seconds left before shutdown etc.

    I downloaded the patch and approprite service pack. I ran AVG anti-virus. Avg anti-virus got it. I am using the latest version. Everything seemed OK. My computer has not shutdown since then and no problems.

    However when I go Ctrl+Alt+Delete and click Processes LSass.exe is still there! Also I get a message from windows sometimes telling me this and to run AVG for windows to remove it. However AVG finds nothing.

    Any ideas on how to get rid of this once and For all. :)


Comments

  • #2
    Ciaran500
    Registered Users, Registered Users 2 Posts: 8,225 ✭✭✭Ciaran500


    It could be hiding in your system restore. Anti virus programs are not allowed scan there. Disable system restore, restart and run avg again.


  • #3
    Johnny_the_fox
    Registered Users, Registered Users 2 Posts: 2,681 ✭✭✭Johnny_the_fox


    LSass.exe ->
    read here
    Today I'm going to explain to you guys what lsass is.

    What is it?
    Local Security Authentication Server

    What does it do?
    It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.

    You will not be able to end this through task manager!


  • #4
    finnpark
    Closed Accounts Posts: 1,541 ✭✭✭finnpark


    Ciaran500 wrote:
    It could be hiding in your system restore. Anti virus programs are not allowed scan there. Disable system restore, restart and run avg again.

    Yes you are right. A box message comes up in screen saying this. How do I disable the system restore? Thanks :)


  • #5
    Ciaran500
    Registered Users, Registered Users 2 Posts: 8,225 ✭✭✭Ciaran500


    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam


  • #6
    Deadwing
    Closed Accounts Posts: 2,918 ✭✭✭Deadwing


    Umm..as johnny the fox said lsass is a perfectly normal service ad completely harmless. Just google the name of any process your unsure of and youll find out what they are/if theyre harmful.


  • Advertisement
  • #7
    finnpark
    Closed Accounts Posts: 1,541 ✭✭✭finnpark


    Thanks lads. Yes I understand. The sasser virus was in the restore. Thats why AVG couldn't find it. I will know for future. Thanks everyone for all the helpul info/links. :D


Advertisement