LSA shell errors // Sasser Worm // Please help - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 11-15-2004, 01:04 AM   #1 (permalink)
True Techie
 
Join Date: Aug 2004
Posts: 226
Default LSA shell errors // Sasser Worm // Please help

Sasser Worm opens security ports on the infected computer which makes it vulnerable to hackers who can use these open ports to implant Spyware and Trojan Programs.

There are two obvious symptons of the Sasser Worm:

* A fatal error pop up asking if you would like to send the report to microsoft or not.

* After a few minutes of computer use, a 60 second count down occurs saying that the computer will automatically shut down in the allotted time.

I have tried the following patches:

http://vil.nai.com/vil/stinger/ (McAfee)

http://support.microsoft.com/default...b;en-us;841720 (Microsoft)

Yet, the sasser worm is still there.

I have also tried running hte patches with out being connected to the internet and with system restore disabled.

Any suggestions?
__________________

KornNut is offline  
Old 11-15-2004, 01:29 AM   #2 (permalink)
True Techie
 
Join Date: Nov 2004
Posts: 106
Send a message via ICQ to suker Send a message via AIM to suker Send a message via Yahoo to suker
Default

you must kill the virus and spyware at first!

scan your computer for virus and spyware then run the patches!
__________________

__________________
Never too Old to Learn
Never too Old to Make Friends


AIM : cqpc120
MSN : cqpc120@msn.com
Yahoo: cqpc120
suker is offline  
Old 11-15-2004, 07:44 AM   #3 (permalink)
Ultra Techie
 
Join Date: Jun 2004
Posts: 973
Send a message via Yahoo to intercodes
Default

KornNut,

The patches just patch the lsass vulnerablity. But your system is already infected and so, you need to remove all the virii .Any AV [ with updates] can get thro and kill sasser worm

Sign
codes
intercodes is offline  
Old 11-15-2004, 12:54 PM   #4 (permalink)
True Techie
 
Join Date: Aug 2004
Posts: 226
Default

Both the microsoft and McAfee claimed that they worked against 44 spyware viruses. Also, when the program accomplishes, they state that 'all such viruses have been removed from your computer'
KornNut is offline  
Old 11-15-2004, 02:18 PM   #5 (permalink)
Master Techie
 
Join Date: Jul 2004
Posts: 2,932
Default

The AV programs didn't find it then.

Have a look around www.pestpatrol.com

You'll most likely have to remove the associated spyware, then go dig through your registry and remove all the keys associated with it, manually.

Oh, and for the love of God...don't email anyone!
__________________

-----------------------------------------------
Don\'t hate the player...Hate the game...
ShoobieRat is offline  
Old 11-15-2004, 02:23 PM   #6 (permalink)
Ultra Techie
 
Join Date: Jun 2004
Posts: 973
Send a message via Yahoo to intercodes
Default

KornNut,

I suggest you to look at the Miscrosoft site for removal of these sasser/msblast ..etc worms. They have excellent guides to remove these stuff.

goto http://www.microsoft.com and search for sasser removal.

sign
codes
intercodes is offline  
Old 11-16-2004, 10:30 AM   #7 (permalink)
True Techie
 
Join Date: Aug 2004
Posts: 226
Default

As I had said in my original post in this thread, I have tried microsofts online patch already.

As Shoobierat had said, the anti viruses have no worked.

The only other solution that I see is Service Pack two. The problem here is that it takes so long for this to download that the Sasser worm restarts the computer before the download is able to finish. It looks like that I may have to order the service pack on disc through microsoft.

However, I have noticed that the LSA error only occurs when the computer is connected to the internet.
KornNut is offline  
Old 11-16-2004, 10:19 PM   #8 (permalink)
Ultra Techie
 
Join Date: Jun 2004
Posts: 973
Send a message via Yahoo to intercodes
Default

KornNut,

Follow the link and do exactly what it says....

http://www.pchell.com/virus/sasser.shtml


Sign
Codes
intercodes is offline  
Old 11-17-2004, 04:09 PM   #9 (permalink)
True Techie
 
Join Date: Aug 2004
Posts: 226
Default

thanks for the reponses


That last link seems to be extremely helpful, however, I wish I could put it to use. ..

This Sasser worm hasn't been occurring in my computer. It exists in my college roommate's computer (an old P3 733 MHz proccessor).

I have yet to get rid of the virus, but now the computer has a harddrive error. When it rains, it pours.

I'm just going to have to replace the harddrive and reinstall windows.

thanks again.
KornNut is offline  
Old 11-18-2004, 02:30 AM   #10 (permalink)
Super Techie
 
Join Date: Dec 2003
Posts: 324
Default

one way to stop the worm from shutting you down in the 60 seconds is to disconnect the pc from the connection to the internet, install a basic firewall to stop its attempts, reconnect to the net and download the updates from microsoft. thats what worked for me.
__________________

sunsider is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 12:43 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.