My system keeps shutting downand starts a LSA Shell
Expert Version error that shuts down the computer in 60
seconds. I used the MS fix for sasser and it said the
virus was not found. However, when I startup the
computer I get a media access debied error when I try to
remove the following file C;|Windows\system32\lsasser.exe
and I also get another error for C:\Windows\system32
\spyboot.worm.gen. How do I remove these files? I have
tried to delte them but I can't and I have tried to
quarantine them be access is denied.
Thanks
Bruce Chambers
May 31st 04, 03:42 PM
Greetings --
You've apparently contracted the latest worm, W32.Sasser.Worm,
specifically designed to attack people who do not update their
computers promptly and who do not practice "safe hex." In other
words, like Blaster, this worm was developed and distributed _after_ a
patch for the vulnerability was announced and made publicly available.
Further, and also like Blaster, this worm could not affect any
computer whose user had taken the basic precaution of using a properly
configured firewall.
To stay on-line long enough to get the necessary updates, patches,
and removal tools, click Start > Run, and enter "shutdown -a" when the
next RPC countdown begins. This will abort the shut down. Also, make
sure you've enabled a firewall before starting, to preclude any more
intrusions while getting the updates/patches/tools.
What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp
Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html
A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720
W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html
McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/
W32.Spybot.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html
Because many of the newer viruses and worms, such as the
Spybot mentioned above, can disable antivirus applications whose
definitions aren't kept up-to-date, try using one or more of the free
on-line scanners to double-check your system.
Trend Micro - Free online virus Scan
http://housecall.trendmicro.com/
McAfee Security - FreeScan
http://www.mcafee.com/myapps/mfs/default.asp
Symantec Security Check
http://security.symantec.com/ssc/home.asp
Bruce Chambers
--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
"Pam" > wrote in message
...
> My system keeps shutting downand starts a LSA Shell
> Expert Version error that shuts down the computer in 60
> seconds. I used the MS fix for sasser and it said the
> virus was not found. However, when I startup the
> computer I get a media access debied error when I try to
> remove the following file C;|Windows\system32\lsasser.exe
> and I also get another error for C:\Windows\system32
> \spyboot.worm.gen. How do I remove these files? I have
> tried to delte them but I can't and I have tried to
> quarantine them be access is denied.
>
> Thanks
>
vBulletin® v3.6.4, Copyright ©2000-2024, Jelsoft Enterprises Ltd.