LSA shell

A

Aaron

ok... I'm at a co-workers home, they are getting this
messed up message:

"This system is shutting down. Please save all work in
progress and log off. Any unsaved changes will be lost.
This shutdown was initiated by NT AUTHORITY\SYSTEM

Time before shutdown: 00:00:60

Message
The system process 'C:\WINDOWS\system32\lsass.exe'
terminated unexpectedly with status code -107374189. The
system will now shut down and restart."

this happens after being connected to the internet after
a few minutes... a dial up connection.

I will probably get this error in a few seconds, just
wondering what LSA shell (lsass.exe) is and what NT
AUTHORITY\SYSTEM is because I can't find the NT thing
causing the problem and the lsass.exe is part of Windows
XP.

Any help would be cool.
 
G

Guest

I had the same problem at work the other day
Our IT dept said it was that Sasser virus, but they got rid of it
 
B

Bruce Chambers

Greetings --

Your co-worker has apparently contracted the latest worm,
W32.Sasser.Worm, specifically designed to attack people who do not
update their computers promptly and who do not practice "safe hex."
In other words, like Blaster, this worm was developed and distributed
_after_ a patch for the vulnerability was announced and made publicly
available. Further, and also like Blaster, this worm could not affect
any computer whose user had taken the basic precaution of using a
properly configured firewall.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next Shutdown countdown begins. This will abort the shut down. Also,
make sure you've enabled a firewall before starting, to preclude any
more intrusions while getting the updates/patches/tools.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/


Bruce Chambers
--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

lsass.exe terminates unexpectedly 7
LSA Shell shutdown 1
NT Authority/RPC termination, TFTP files added in startup 6
.NET update and virus-like symptoms? 6
Microsoft .NET Framework update leads to virus-like symptoms? 1
Microsoft .NET Famework 2
NT Authority\System shutdown 3
sudden restart 2

Top