HELP WITH WINDOWS

[DJ WARD]

MY COMPUTER HAS BEEN WORKING FINE. IT IS A TOSHIBA
SATELLITE. YESTERDAY INSTALLED VERIZON DSL SERVICE AND
SHORTLY AFTER DOING THIS A MESSAGE SAYING "THIS SYSTEM
WILL NOW SHUT DOWN. INITIATED BY NT AUTHORITY\SYSTEM.
THE PROCESS C:\WINDOWS\SYSTEM32\LSASS.EXE" THEN NUMBER
AFTER THAT IS -1073741819.

WHEN COMPUTER RESTARTS A SEND ERROR MESSAGE SCREEN
APPEARS SAYING THAT AN ERROR HAS OCCURRED IN LSA(SP)SHELL.

PLEASE ADVISE AS QUICKY AS POSSIBLE.

 

[Ken Blake, MVP]

In

MY COMPUTER HAS BEEN WORKING FINE. IT IS A TOSHIBA
SATELLITE. YESTERDAY INSTALLED VERIZON DSL SERVICE AND
SHORTLY AFTER DOING THIS A MESSAGE SAYING "THIS SYSTEM
WILL NOW SHUT DOWN. INITIATED BY NT AUTHORITY\SYSTEM.
THE PROCESS C:\WINDOWS\SYSTEM32\LSASS.EXE" THEN NUMBER
AFTER THAT IS -1073741819.

WHEN COMPUTER RESTARTS A SEND ERROR MESSAGE SCREEN
APPEARS SAYING THAT AN ERROR HAS OCCURRED IN LSA(SP)SHELL.

PLEASE ADVISE AS QUICKY AS POSSIBLE.

Please don't yell at us. We can hear you if you type normally, in
mixed case.

You have the Sasser worm, which you got by running without a
firewall, and by not installing the Microsoft critical updates.

First go to Start | Run and type shutdown -a

That will stop it from shutting down.

Then read here:


http://vil.nai.com/vil/content/v_125007.htm
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SASSER.A
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
http://www.microsoft.com/security/incident/sasser.asp

 

[Johnny Lingo]

Congratulations you have two problems:

1. Your caps lock key must be stuck. Please look to the left side of the
keyboard and push it. Be sure the caps lock light goes off. If this does
not work, go purchase a new keyboard. Typing in all caps in a newsgroup is
perceived as yelling.

2. You have the blaster (msblast) virus. See here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;826955
and/or here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html

 

[Johnny Lingo]

I just re-read your post, and realized that the virus you have is the Sasser
Worm. You can see it here:
http://www.microsoft.com/security/incident/sasser.mspx

 

[Bruce Chambers]

Greetings --

First of all, please unstick your CapsLock key. Posting in all
caps, as you have done, is the Usenet equivalent of shouting, and is
considered very rude. More importantly, posting in all caps makes the
post very hard to read, further reducing your chances of getting help.

You've apparently contracted the latest worm, W32.Sasser.Worm,
specifically designed to attack people who do not update their
computers promptly and who do not practice "safe hex." In other
words, like Blaster, this worm was developed and distributed _after_ a
patch for the vulnerability was announced and made publicly available.
Further, and also like Blaster, this worm could not affect any
computer whose user had taken the basic precaution of using a properly
configured firewall.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next Shutdown countdown begins. This will abort the shut down. Also,
make sure you've enabled a firewall before starting, to preclude any
more intrusions while getting the updates/patches/tools.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH