lsass.exe virus undetectable

  • Thread starter Thread starter RedPenguin
  • Start date Start date
R

RedPenguin

We have a worm on our network in which we run a huge amount of XP machines
with antivirus on pretty much all of them, and almost none have the virus
anymore but one XP machine refuses to ignore the virus.

We install Mcaffe full. Updated. Scanned but still some worm crashes
lsass.exe and McAfee does not detect it, even after a restart, and a scan
before the virus is gotten.
 
k we will try that. Could swear we tried searching for Sasser with a remover
from Norton one day. But maybe, it's Sasser that remotely crashes without
copying to the actual hard drive so there was nothing to remove.
 
From: "RedPenguin" <[email protected]>

| k we will try that. Could swear we tried searching for Sasser with a remover
| from Norton one day. But maybe, it's Sasser that remotely crashes without
| copying to the actual hard drive so there was nothing to remove.


Maybe it is NOT Sasser at all (becuase at this time it is *highly* unlikely) like I wrote in
my reply !
 
David said:
From: "RedPenguin" <[email protected]>

| We have a worm on our network in which we run a huge amount of XP machines
| with antivirus on pretty much all of them, and almost none have the virus
| anymore but one XP machine refuses to ignore the virus.
|
| We install Mcaffe full. Updated. Scanned but still some worm crashes
| lsass.exe and McAfee does not detect it, even after a restart, and a scan
| before the virus is gotten.
|

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

What worm ? This needs to be stated.

What version of McAfee VirusScan ?

LSASS can crash w/o a virus.

Is this PC with XP SP2 ?

Is KB835732 installed ?
http://www.microsoft.com/downloads/...9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en

NT AUTHORITY\SYSTEM
'c:\windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819

{ see attached }

If you don't have the above NT AUTHORITY\SYSTEM shutdown message or if KB835732 is
installed, it can be a hardware problem or IOS corruption.

You need to define EXACTLY the parameters of the PC and the crash.

BTW: Thos who ASSUME the following ...
NT AUTHORITY\SYSTEM
'c:\windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819
Is caused by the Sasser worm, don't know the reality of the the scene. The chances of
Sasser are extremely low. The chances of a SDBot, GAOBot or other Bot are *much* higher.
Sasser is almost extinct while there are hundreds of variants of the SDBot worm that will
exploit BOTH the RPC/RPCSS DCOM and Lsass vulnerabilities.
Click to expand...

Very good and absolutely correct reply, David.

Steve N.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Mcafee 11
Microsoft .NET Framework update leads to virus-like symptoms? 1
System Shutdown problem 1
What would cause an lsass.exe termination even before the login window is displayed? 1
lsass.exe high CPU and windows update 2
virus infested machine 5
Odd Virus!!! 2
virus alert 3

Back
Top