LSA Shell (Export Version) is closing down my comp for no reason! HELP!!!!

[Guest]

Whenever anyone on my XP computer logs in, after a few minutes this box comes up saying that the system had to shutdown because of a program called "lsass.exe". I traced it and found it was a program called LSA Shell (Export Version) which is on c:\windows\system32. I tried to delete it but got this message: "Cannot delete lsass: Access is denied. make sure that the disk is not full or write-protected and that the file is not currently in use.

Please can someone tell me what to do? I can't even do things on my computer properly cos I have to keep shutting down every few minutes!! :-

 

[roger]

Hi,

Whenever anyone on my XP computer logs in, after a few minutes this box comes up saying that the system had to shutdown because of a program called "lsass.exe". I traced it and found it was a program called LSA Shell (Export Version) which is on c:\windows\system32. I tried to delete it but got this message: "Cannot delete lsass: Access is denied. make sure that the disk is not full or write-protected and that the file is not currently in use."

Please can someone tell me what to do? I can't even do things on my computer properly cos I have to keep shutting down every few minutes!! :-(

What You Should Know About the Sasser Worm and Its Variants
http://www.microsoft.com/security/incident/sasser.asp

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;en-us;841720

The stinger tool helps in detecting and
cleaning the Sasser worm.
http://vil.nai.com/vil/stinger/


Download this update
Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732)
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Enable your firewall.

MORE ON SECURITY:

Three steps you can take to improve your computer's security:
http://www.microsoft.com/security/protect/

321050 Description of a Personal Firewall
http://support.microsoft.com/?id=321050

Good luck

 

[Tim Lister]

Hi,




What You Should Know About the Sasser Worm and Its Variants
http://www.microsoft.com/security/incident/sasser.asp

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;en-us;841720

The stinger tool helps in detecting and
cleaning the Sasser worm.
http://vil.nai.com/vil/stinger/


Download this update
Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732)
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Enable your firewall.

MORE ON SECURITY:

Three steps you can take to improve your computer's security:
http://www.microsoft.com/security/protect/

321050 Description of a Personal Firewall
http://support.microsoft.com/?id=321050

Good luck

I recently installed WinXP onto my mums pc & having re-installed the
modem driver, I connected to the web (YahooUK) for literally about one
minute just to check that the thing was all working. Almost immediately,
I had exactly the symptoms that you've just described!! I'd managed to
pick up the bloomin sasser worm in the 60s or so that I was connected!
It came as quite a shock as I'd always thought that you had to click on
an e-mail attachment or visit dodgy weblinks to catch these worms but
not so with the latest generation of nasties!
At least cleaning these things up isn't a great hassle as there's a
lot of good utilities & helpful webpages on the subject(as you can see
from the previous postings) due to the widespread nature of these worms
activities, but it makes you ponder as to why people with the ability to
program these things use their talents, such as they may be, to create
such things!

 

[roger]

On Tue, 25 May 2004 19:51:11 +0100, Tim Lister

[...]

I recently installed WinXP onto my mums pc & having re-installed the
modem driver, I connected to the web (YahooUK) for literally about one
minute just to check that the thing was all working. Almost immediately,
I had exactly the symptoms that you've just described!! I'd managed to
pick up the bloomin sasser worm in the 60s or so that I was connected!
It came as quite a shock as I'd always thought that you had to click on
an e-mail attachment or visit dodgy weblinks to catch these worms but
not so with the latest generation of nasties!
At least cleaning these things up isn't a great hassle as there's a
lot of good utilities & helpful webpages on the subject(as you can see
from the previous postings) due to the widespread nature of these worms
activities, but it makes you ponder as to why people with the ability to
program these things use their talents, such as they may be, to create
such things!

Hi Tim,

Yes, you can catch it in a few seconds if you venture into the
Internet without a firewall and updated windows.
These people really cause great grief.

 

[Bruce Chambers]

Greetings --

You've apparently contracted the latest worm, W32.Sasser.Worm,
specifically designed to attack people who do not update their
computers promptly and who do not practice "safe hex." In other
words, like Blaster, this worm was developed and distributed _after_ a
patch for the vulnerability was announced and made publicly available.
Further, and also like Blaster, this worm could not affect any
computer whose user had taken the basic precaution of using a properly
configured firewall.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH