S
Sadie
Please check carefully the spelling of the "svhost.exe"
you mention.It is quite normal to have more that two
instances of svchost.exe running in Task
Manager,depending on your services configurations.Some
trojans and virii masquerade as legitimate processes,with
variations upon the spelling:scvhost.exe,for example.Or,a
listing in upper case,such as SVCHOST(S).EXE
lsass.exe is normal.How many are in Taskmanager?
Is anything consuming an inordinate ammount of CPU?
You mention a Blaster infection.It is possible that Nachi
got in and tried to clean it (Which was Nachi's
purpose,though,it was really bad at it,and leaves a
backdoor open on the O.S.)
Another possibilty:Blaster fall-out.Post Blaster
infection,after the infection is cleaned,the local
computer sends "attacking" signals back to itself.
Are you up to date with ALL critical patches?
Sadie
security updates thru 5/10. I've done Sasser check:
nothing. I removed Blaster 5/7 successfully following
Jupiter Jones and Microsoft instructions. I've done Sys
Restore off then back on. No more unexpected shut
downs. Running XP Home.
you mention.It is quite normal to have more that two
instances of svchost.exe running in Task
Manager,depending on your services configurations.Some
trojans and virii masquerade as legitimate processes,with
variations upon the spelling:scvhost.exe,for example.Or,a
listing in upper case,such as SVCHOST(S).EXE
lsass.exe is normal.How many are in Taskmanager?
Is anything consuming an inordinate ammount of CPU?
You mention a Blaster infection.It is possible that Nachi
got in and tried to clean it (Which was Nachi's
purpose,though,it was really bad at it,and leaves a
backdoor open on the O.S.)
Another possibilty:Blaster fall-out.Post Blaster
infection,after the infection is cleaned,the local
computer sends "attacking" signals back to itself.
Are you up to date with ALL critical patches?
Sadie
and Symantec on line tool: nothing found. I've done-----Original Message-----
It looks like I have virus(es):
-lsass.exe. and up to 4 versions of svhost.exe show up in Task Manager
-Firewall (McAfee) intercepts strange outgoing processes
-Virus scanner (McAfee) sends note about Nachi
BUT,
I've scanned system with McAfee (updated definitions)
security updates thru 5/10. I've done Sasser check:
nothing. I removed Blaster 5/7 successfully following
Jupiter Jones and Microsoft instructions. I've done Sys
Restore off then back on. No more unexpected shut
downs. Running XP Home.