Does anyone know what LSA Shell (export) means?

[Guest]

I had recently changed my internet connection to "VERIZON" DSL services and
when I installed the program onto my system it ran fine. But after about an
hour the report window came up with LSA shell (export) and to send report to
the microsoft place. After that report window showed up I received another
window stating:

The system process
C:\windows\system32\lsass.exe
status code: -1073741819

then it said the system will shutdown in 50 seconds..... and it did.....

everytime it started up it stated the same thing again, so I had to take out
the WINDOWS XP program and run my windows 98.......

Can someone please help me with this one? I really like the XP program and
would prefer to use it instead of the windows 98.

Please advise.

Thanks

 

[Carey Frisch [MVP]]

It appears your PC is infected with the Sasser worm.

How to Remove the "Sasser Worm" from your Computer:
http://www3.telus.net/dandemar/sasser.htm

[Courtesy of MS-MVP Jupiter Jones]

I would strongly recommend installing Service Pack 2
for Windows XP after removing the Sasser worm.

You may wish to view the following:

Top 10 Reasons to Install Windows XP Service Pack 2 (SP2)
http://www.microsoft.com/windowsxp/sp2/topten.mspx

List of fixes included in Windows XP Service Pack 2
http://support.microsoft.com/default.aspx?scid=kb;en-us;811113&Product=windowsxpsp2

Learn About Windows XP Service Pack 2
http://www.microsoft.com/windowsxp/sp2/preinstall.mspx

What to Know Before You Download and Install Windows XP Service Pack 2
http://www.microsoft.com/windowsxp/sp2/sp2_whattoknow.mspx

Windows XP Service Pack 2 (Direct Download):
http://www.microsoft.com/downloads/...be-3b8e-4f30-8245-9e368d3cdb5a&displaylang=en

Windows XP Service Pack 2 Checklist
http://www3.telus.net/dandemar/spackins.htm

[Courtesy of MS-MVP Jupiter Jones]

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

---------------------------------------------------------------------------------------------

:

| I had recently changed my internet connection to "VERIZON" DSL services and
| when I installed the program onto my system it ran fine. But after about an
| hour the report window came up with LSA shell (export) and to send report to
| the microsoft place. After that report window showed up I received another
| window stating:
|
| The system process
| C:\windows\system32\lsass.exe
| status code: -1073741819
|
| then it said the system will shutdown in 50 seconds..... and it did.....
|
| everytime it started up it stated the same thing again, so I had to take out
| the WINDOWS XP program and run my windows 98.......
|
| Can someone please help me with this one? I really like the XP program and
| would prefer to use it instead of the windows 98.
|
| Please advise.
|
| Thanks

 

[NoNoBadDog!]

Lets see....



1. You connected to the internet without enabling the Windows firewall.



2. You also have no antivirus software installed.



3. You did not update your version of windows...if you had, the patch to

prevent infection from the SASSER or BLASTER worm would have been on your
system (it's

been available for months).



The reason that your machine is infected is because of all of the above.

You must educate yourself on basic computer security.



Here's what you need to do now, in this exact order...



1. Disconnect the computer from the internet...If you have broadband,

physically disconnect the cable from the back of the computer.





2. Turn the computer on. When the message appears, START>Run>'Shutdown -a"



3. Enable the windows firewall. It is very rudimentary as firewalls go,

but it is better than nothing.



4. Install a reputable Antivirus program. You will have to update it after

re-connecting to the internet, and thereafter you MUST KEEP IT UPDATED.



5. Connect to the internet.



6. Update your antivirus software.



7. Run a scan and let the antivirus software will clean your system.



8. Connect to Windows Update and download ALL Critical downloads. Install

them. You may have to repeat this more than once in order to download and

install all Critical Updates.



9. Never, ever connect to the internet, even briefly, without having met

all of the above requirements.



You not only allowed you machine to be infected, but you turned it into a

tool that is/was looking for other unprotected computers to connect. It has

been recently announced that an unprotected computer can be infected in as

little as 40 seconds.



I would venture a bet that your computer has more than just the latest

variant of the SASSER worm.



Once you begin to practice basic computer security, you can become a

responsible "netizen"



Bobby







Here are some useful links that were posted earlier by Bruce Chambers:





Protect Your PC

http://www.microsoft.com/security/protect/default.asp



Home Computer Security

http://www.cert.org/homeusers/HomeComputerSecurity/



List of Antivirus Software Vendors

http://support.microsoft.com/default.aspx?scid=kb;en-us;49500



Home PC Firewall Guide

http://www.firewallguide.com/



Scumware.com

http://www.scumware.com/





"Desperately seeking help!" <Desperately seeking
[email protected]> wrote in message

 

[Guest]

I had recently changed my internet connection to "VERIZON" DSL services and
when I installed the program onto my system it ran fine. But after about an
hour the report window came up with LSA shell (export) and to send report to
the microsoft place. After that report window showed up I received another
window stating:

The system process
C:\windows\system32\lsass.exe
status code: -1073741819

then it said the system will shutdown in 50 seconds..... and it did.....

everytime it started up it stated the same thing again, so I had to take out
the WINDOWS XP program and run my windows 98.......

Can someone please help me with this one? I really like the XP program and
would prefer to use it instead of the windows 98.

Please advise.

Thanks

 

[Bruce Chambers]

I had recently changed my internet connection to "VERIZON" DSL
services and when I installed the program onto my system it ran
fine.
But after about an hour the report window came up with LSA shell
(export) and to send report to the microsoft place. After that
report window showed up I received another window stating:

The system process
C:\windows\system32\lsass.exe
status code: -1073741819

then it said the system will shutdown in 50 seconds..... and it
did.....

everytime it started up it stated the same thing again, so I had to
take out the WINDOWS XP program and run my windows 98.......

Can someone please help me with this one? I really like the XP
program and would prefer to use it instead of the windows 98.

Please advise.

Thanks

You've apparently contracted the latest worm, W32.Sasser.Worm,
specifically designed to attack people who do not update their
computers promptly and who do not practice "safe hex." In other
words, like Blaster, this worm was developed and distributed after a
patch for the vulnerability was announced and made publicly available.
Further, and also like Blaster, this worm could not affect any
computer whose user had taken the basic precaution of using a properly
configured firewall.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next Shutdown countdown begins. This will abort the shut down. Also,
make sure you've enabled a firewall before starting, to preclude any
more intrusions while getting the updates/patches/tools.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having
both at once. - RAH