service pack 2 d/l

[Guest]

I got the service pack 2 update today and at some point tonight I also got a
requestion from my firewall to allow a program (export version) access to the
internet. It was a new never before request from a program LSA shell (aka
sass.exe). I denied access to this request. I discovered that this was in
fact a virus (?) and I am unsure if this was downloaded with the service pack
2 update or did this enter the system from another site. I was only at yahoo
games this evening when I encountered an error message which said that I was
unable to connect to server and one of the reasons was 'stale file in cache'
which got me started on the search for what that in fact was, which lead to
LSA shell questions. Are these connected? Am very new to xp. my virus scan
does not show infected files, yet a search of my computer does show lsass.exe
application in c:\windows\system32 as well as the doc and settings folder
(temp internet folder) sasser, sasser1, sasser2 and another file with the
same 'address' 199.239.233.2 calling itself 'virus removal utilities by
online...' dazed and confused here.

 

[Guest]

I got the service pack 2 update today and at some point tonight I also got a
requestion from my firewall to allow a program (export version) access to the
internet. It was a new never before request from a program LSA shell (aka
sass.exe). I denied access to this request. I discovered that this was in
fact a virus (?) and I am unsure if this was downloaded with the service pack
2 update or did this enter the system from another site. I was only at yahoo
games this evening when I encountered an error message which said that I was
unable to connect to server and one of the reasons was 'stale file in cache'
which got me started on the search for what that in fact was, which lead to
LSA shell questions. Are these connected? Am very new to xp. my virus scan
does not show infected files, yet a search of my computer does show lsass.exe
application in c:\windows\system32 as well as the doc and settings folder
(temp internet folder) sasser, sasser1, sasser2 and another file with the
same 'address' 199.239.233.2 calling itself 'virus removal utilities by
online...' dazed and confused here.

If you can access the Internet, download to a floppy or other removable disk
the Stinger from McAfee. http://vil.nai.com/vil/stinger/ Open Stinger and
let it scan. Today's version should remove the Sasser worm. Don't install XP2
until the system is clean. Also download, install, update and scan with
Ad-aware SE: http://www.lavasoftusa.com

Best of luck to you!