can anyone help to find a security patch to get rid of lsass exploit virus
please.

rumplestiltskin wrote:
> can anyone help to find a security patch to get rid of lsass exploit virus
> please.


You mean this ancient threat?

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrum Russell

"rumplestiltskin" wrote:

> can anyone help to find a security patch to get rid of lsass exploit virus
> please.
>


Microsoft / Windows Update
http://windowsupdate.microsoft.com

and download all the updates for your computer using Express install
Upgrade with the latest Service Pack for your operating system and all the
lastest updates .

Microsoft Malicious removal tool should remove any infected regarding LSASS
http://www.microsoft.com/security/malwareremove/default.mspx

McAfee's Stinger is another try
http://vil.nai.com/vil/stinger/

Protect your PC:
http://pandaman.my.contact.bg/Protect_your_PC.htm


--
Panda_man
Bronze level Contributor

From: "rumplestiltskin" >

| can anyone help to find a security patch to get rid of lsass exploit virus
| please.

If it is truly Sasser or any other LSASS buffer overflow vulnerability exploit, it will
generate the following shutdown message...

NT AUTHORITY\SYSTEM
'c:\windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819

or

NT AUTHORITY\SYSTEM
'c:\winnt\system32\lsass.exe' terminated unexpectedly with status code -1073741819

If the platform is WinXP you can use the native SHUTDOWN.EXE utility to stop the shutdown
process.

WinXP
Go to; Start --> Run
enter; shutdown -a



Microsoft's LSASS vulnerability patch.
WinXP KB835732
http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en


To remove any of the *many* BOTs that now exploit the vulnerability...


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm