SASSER VIRUS INFO - lsass.exe terminates with an error code

Hello,

I was very pleased to find this page whilst searching for virus solutions.
As many have written, my PC started shutting down every twenty minutes, with the same error warning. Sadly last week, it began doing it the moment I logged on to the net. Not being a computer wiz, and desperate for a solution being I couldn't search the net for one. I got the LSA Shell lsass.exe file, and not wanting to delete it, not knowing what it was, I made it unstable by renaming it. It's all good, as I can now log onto the internet and have had no such troubles since, but my question is.....
What does the LSA Shell programme do?! The net appears to run as per normal without it. Should I need it, is it something I can delete and copy from a friends computer, or will it in some way be unique to each machine?
Can some body please help me!!?

Kal-el

re: what Lsass is:



Quoted from Wintasks
http://www.liutilities.com/products/win ... ary/lsass/

You probably don't want to be without it, but your workaround now at least gives you the chance to get rid of the worm and start fresh.

Welcome to OZZU and good luck.

Thanks very much for making a reply, I'll take steps to get rid of the worm as advised in earlier posts.
All the best

OK -- but be careful about rebooting. Based on what you said you did, if you reboot, with your current changes to lsass, I seriously suspect, you'll never be able to logon again. And if I recall correctly, the removal tool will require reboot, so make sure you rename lsass back before you do...otherwise have your restore disk handy.

Nice idea though for fault finding! Would be interested in knowing what happens if it gets rebooted with it renamed. Care to try it in the name of science? (I'm joking, please don't try it!!)

S

Ive done everything, Ive Disabled System restore, Ive ran the sasser remove tool and ive tried to get rid of it manually. When I ran the sasser removal tool it said that lsass was not found anywhere on my computer. Then I pressed ctrl+alt+delete and sure enough lsass.exe and its possy were running. Make sense? Hell no.

Sean

lsass.exe is not the virus. It's supposed to be there.

I have seen the strings on lSASS.exe and have the same issue - yet when I boot up, I get a blank screen and can do nothing - tried safe mode, safe mode with prompt - Am I dead in the water or is there a saviour out there?
bajan

welcome to ozzu. no sense in starting a new thread

Is there a way in Windows 2000 to stop the sasser worm shutdown process long enough to upload the worm removal tools?

I'm going insane here! Thanks. (-:
All assistance appreciated.

Donna

Start ---> Run ---> cmd (or command) and then:

you write ---> shutdown /a

which means abort shutdown

I believe it's shutdown -a (so if the /a doesn't work try that)

Ok,I hear you all are the ones to come for Sasser help. I've tried virtualy everthing,includeing restoreing the compter more than once. But,not matter what I do I can't seem to rid myself of the thing. My Norton can't work on a Windows XP operatating system,which would be what I have,so I can't get it that way. So,I ask,will you please tell me,in fairly simple terms,I'm only fourteen,how free my comp from the virus?

-Thanks in advance!

Um...nevermind....I'm gotten rid of it and updated as many things as possable. But just incase i'm going to check for the virus once a day.

just run a firewall that'll solve the problem.