Rebooting after 50 seconds lsass.exe

[Keith]

Working on my friends computer. It works fine until it gets connected
to the internet. Then I get something on the lines of " Shell error
and lsass.exe. System will reboot in 50 seconds." I can't keep
connected long enough to update her Norton. Plus, she has DIAL UP!!
zzzzzzzzz. Any suggestions?

Keith

 

[Just mee]

Your computer is infected with the sasser worm virus.. You need to go
to the page below and carefully follow the instructions. Be certain
to turn ON your internet firewall, if you fail to do this, you will
just get the virus again and again.

http://www.microsoft.com/security/incident/sasser.asp


hth,
JM

 

[roger]

Hi,

Working on my friends computer. It works fine until it gets connected
to the internet. Then I get something on the lines of " Shell error
and lsass.exe. System will reboot in 50 seconds." I can't keep
connected long enough to update her Norton. Plus, she has DIAL UP!!
zzzzzzzzz. Any suggestions?

Keith

Go to Start > Run and type
shutdown -a
that'll give you time.

What You Should Know About the Sasser Worm and Its Variants
http://www.microsoft.com/security/incident/sasser.asp

What You Should Know About the Blaster Worm
http://www.microsoft.com/security/incident/blast.asp

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;en-us;841720

The stinger tool helps in detecting and
cleaning the Sasser worm.
http://vil.nai.com/vil/stinger/



Mitigation Steps for Affected Computers
If your computer is infected with the W32.Sasser.worm,
please do the following:

Enable the Windows XP Internet Connection Firewall or a
third-party firewall on the affected computer.
Disconnect the computer from the Internet.
Restart the computer. If you have problems rebooting,
reboot in safe mode.
Press CTRL+ALT+DEL.
Click the Task Manager.
Click the Processes tab.
Press and hold the CTRL key and then click
C:\WINDOWS\avserve.exe and c:\WINDOWS\system32\*_up.exe.
Click the End Task button.
Click Start.
Click Search and then search for and delete the following
files:
C:\WINDOWS\avserve.exe
C:\WINDOWS\system32\*_up.exe
Click Start again, click Run, and then type: regedit32
Click OK.
In Registry Editor, locate and delete the following
registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Run "avserve.exe" = C:\WINDOWS\avserve.exe
Connect the computer to the Internet.
Go to the Windows Update site, and click the Scan for
Updates button.
Download and install the critical updates recommended
after the scan.



http://www.microsoft.com/security/incident/sasser.asp


Download this update
Microsoft Security Bulletin MS04-011
Security Update for Microsoft Windows (835732)
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Enable your firewall.

MORE ON SECURITY:

Three steps you can take to improve your computer's security:
http://www.microsoft.com/security/protect/

321050 Description of a Personal Firewall
http://support.microsoft.com/?id=321050

More info:

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html
http://www.bullguard.com/antivirus/vit_randon_i.aspx
http://www.vsantivirus.com/sasser-a.htm

Good luck

 

[Keith]

Working on my friends computer. It works fine until it gets connected
to the internet. Then I get something on the lines of " Shell error
and lsass.exe. System will reboot in 50 seconds." I can't keep
connected long enough to update her Norton. Plus, she has DIAL UP!!
zzzzzzzzz. Any suggestions?

Keith

That worked.

Thanks guys....the "shutdown -a" gave me time to update her Norton and
Microsoft files and downloaded the Sasser fix. Everything works fine
now.

Keith

 

[Bruce Chambers]

Greetings --

You've apparently contracted the latest worm, W32.Sasser.Worm,
specifically designed to attack people who do not update their
computers promptly and who do not practice "safe hex." In other
words, like Blaster, this worm was developed and distributed _after_ a
patch for the vulnerability was announced and made publicly available.
Further, and also like Blaster, this worm could not affect any
computer whose user had taken the basic precaution of using a properly
configured firewall.

To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/


Bruce Chambers

--
Help us help you:




You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH