1. Welcome! Please take a few seconds to create your free account to post threads, make some friends, remove a few ads while surfing and much more. ClutchFans has been bringing fans together to talk Houston Sports since 1996. Join us!

Help required - possible worm

Discussion in 'BBS Hangout' started by Knight, May 1, 2004.

  1. Knight

    Knight Member

    Joined:
    May 20, 2002
    Messages:
    135
    Likes Received:
    5
    Hi all... I have a problem with my computer - When surfing the internet, the following message suddenly comes up:

    The system process 'c:\windows\system32\lsass.exe' terminated unexpectedly with the status code -1073741676. The system will now shut down and restart.

    The computer then shutdowns in 1 minute.

    I can stop the shutdown using the command "shutdown -a" in dos prompt, but I notice that when I do want to shutdown the computer, I will get the message that I do not have permission to shutdown this computer.

    After that, the only way I can shut down is to type shutdown -s in dos prompt, which logs me out.

    I am running Windows XP with service pack 1, if that is any help.

    Anyone else come across this problem? Adaware and spybot doesn't seem to help... I searched on the internet and couldn't find a solution... so some smart dude in this forum can help. Really hoping I don't have to reformat my hard disk.. sigh...

    Thanks in advance.
     
  2. Dr of Dunk

    Dr of Dunk Clutch Crew

    Joined:
    Aug 27, 1999
    Messages:
    46,634
    Likes Received:
    33,637
  3. Faos

    Faos Member

    Joined:
    May 31, 2003
    Messages:
    15,370
    Likes Received:
    53
    I just ran a scan and it caught 2 of these:

    Win32.Apsiv.A worm


    Anyone know what that is?
     
  4. RocketsPimp

    RocketsPimp Member

    Joined:
    Feb 15, 1999
    Messages:
    13,812
    Likes Received:
    194
    I found this info searching the net.

    You will have to shut down your system restore to clear your restore points and run the scanner with it off. I had the same issue with an I-worm warning. Also make sure you clear temp internet files as it likes to hide there also. AVG kept giving me warnings until I shut off system restore then scanned. BTW after clearing the restore points and temp files virus scans came out clear of virus (AVG and housecall)


    how to disable system restore

    Gotta start scanning all that p*rn you're downloading from Kazaa!

    ;)
     
  5. RocketsPimp

    RocketsPimp Member

    Joined:
    Feb 15, 1999
    Messages:
    13,812
    Likes Received:
    194
  6. Knight

    Knight Member

    Joined:
    May 20, 2002
    Messages:
    135
    Likes Received:
    5
    Hey guys,

    Thanks for your response. Unfortunately, it is not the blaster worm, I logged in this morning (being that I am in Australia, it is now morning :p ) and found out what it is - it is the new sasser worm.

    http://www.computing.net/security/wwwboard/forum/11294.html

    http://news.netcraft.com/archives/2004/05/01/sasser_worm_spreading_through_lsass_exploit.html

    Sigh.. why do I have to be the first to get it? I am not sure if there is a patch/fix for it yet... but I just downloaded the latest update from Symantec and am running my virus scanner now, hopefully it will catch it.

    I guess I am happy it doesn't do much damage, but it is really really annoying. Anyway, guys, read the above articles, block the necessary ports on your firewall, and stop this worm once and for all! Grrrr...!!!! (I just disabled DMZ on my router)

    As soon as I found a way of getting rid of this, I'll let you guys know, hopefully microsoft will release a patch for this soon.

    Thanks again, guys!
     
  7. rudager

    rudager Member

    Joined:
    Jul 2, 2002
    Messages:
    827
    Likes Received:
    0
  8. Knight

    Knight Member

    Joined:
    May 20, 2002
    Messages:
    135
    Likes Received:
    5
    Ok. Installed the microsoft patch. Hopefully got rid of it once and for all.
     
  9. Faos

    Faos Member

    Joined:
    May 31, 2003
    Messages:
    15,370
    Likes Received:
    53
    New, Blaster-style Windows worm sweeps the Net

    By DWIGHT SILVERMAN
    Copyright 2004 Houston Chronicle


    Computers using Microsoft's Windows XP or 2000 operating systems are the target of a new Internet worm that spreads from machine to machine without user intervention.

    The worm, dubbed Sasser, takes advantage of a flaw in Windows that was patched by a fix issued in mid-April. However, because not all users take advantage of an auto-update feature included in Windows XP and 2000, there are still many systems connected to the Internet that are vulnerable.

    Sasser attacks a component of Windows called LSASS.EXE, and installs a file called AVSERVE.EXE, which then begins scanning the Internet and local networks for more machines to infect. Unlike the majority of viruses and worms that attack Windows-based systems, Sasser does not require e-mail to spread.

    The worm also creates a server program on the infected computer that uses FTP, a common way to transfer files between computers, potentially leaving it vulnerable to hackers.

    An analysis by security software firm Symantec indicates Sasser has the potential to slow an infected PC dramatically, rendering it nearly unusable.

    According to McAfee.com, a PC security site operated by Network Associates, the worm may also crash the LSASS.EXE module in Windows.

    Sasser is similar to another worm that wreaked havoc among Windows users in 2003. MS-Blast or Blaster worked the same way, taking advantage of unpatched systems and exploiting a flaw for which Microsoft had already offerered a patch.

    However, Sasser appears to be moving at a slower pace than Blaster, which reproduced so quickly that it bogged down some Internet servers. Most antivirus software companies today had Sasser rated as a medium-risk worm.

    The patch that fixed the flaw Sasser exploits was released April 13.

    The use of a hardware or software firewall -- which prevents unauthorized access to a computer on a network -- may also provide some protection to unpatched systems. Most of the major developers of antivirus software have released updates to their products to detect and remove Sasser.

    Microsoft has come under increasing fire from computer security experts because its software is ubiquitous and riddled with flaws that allow such attacks.
     
  10. Dr of Dunk

    Dr of Dunk Clutch Crew

    Joined:
    Aug 27, 1999
    Messages:
    46,634
    Likes Received:
    33,637
    Oh, well then some of us will never see the problem. ;)
     
  11. Vengeance

    Vengeance Member

    Joined:
    Nov 29, 2000
    Messages:
    5,894
    Likes Received:
    23
    <a href="http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html">Symantec has a removal tool and more info</a>.
     

Share This Page