lsass.exe Application error

  • Thread starter Thread starter razkyo
  • Start date Start date
R

razkyo

i got this lsass.exe application error after my com got
infected with the netsky virus. it keeps saying that the
instruction at "0x00e2f878" referenced memory
at "0x0000023". the memory could not be "read".
and it restarts the system. any idea how to solve this
problem
 
Your computer is infected with a new Sasser worm exploiting the LSASS Buffer
Overrun Vulnerability.

To clean your system:

NOTE: If your system keeps restarting, you can abort the system shut down
by:
Click Start, click Run and type "shutdown -a" (without quotations),
then click OK.

1. Download and install the critical update IMMEDIATELY from
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

2. Press Ctrl + Alt + Delete to bring up the Task Manager and terminate the
"avserve.exe" process, then delete the avserve.exe from C:\Windows and
restart your computer.
 
Well, I killed avserve and I'm doing my last scan to see if I've
gotten rid of this (after installing update).

It seems now though that my system is blocked from reaching
mcafee.com, symantec.com, LiveUpdate (for Norton via Symantec), and
windowsupdate. I would guess on the IP level, since it blocks not
only webpages, but also LiveUpdate. Any ideas on where it blocks that
information?

CK
 
CK said:
Well, I killed avserve and I'm doing my last scan to see if I've
gotten rid of this (after installing update).

It seems now though that my system is blocked from reaching
mcafee.com, symantec.com, LiveUpdate (for Norton via Symantec), and
windowsupdate. I would guess on the IP level, since it blocks not
only webpages, but also LiveUpdate. Any ideas on where it blocks that
information?

CK
Click to expand...

The block is probably in your hosts file. Make sure your Search options
are set to Advanced and to look in hidden files. Then search your C
\drive for hosts. There may be more than one. Double-click on the file
to open it. You'll get the "what program should Windows open this with"
dialog box - choose the list of programs and from that list, choose
Notepad. Make sure the box to "always use this program to open this
type of file" is *not* checked. Look at the file - unless you have a
proxy connection to the Internet, special Internet security software
(doubtful since you got the virus), or you added entries yourself, the
host file should *only* have:

127.0.0.1 localhost

Delete other entries, then File>Save. If you need more help, post back.

Malke
 
Back
Top