View Full Version : LSASS EXPLOIT SECURITY PATCH
rumplestiltskin
August 20th 06, 02:37 AM
can anyone help to find a security patch to get rid of lsass exploit virus
please.
Bruce Chambers
August 20th 06, 03:06 AM
rumplestiltskin wrote:
> can anyone help to find a security patch to get rid of lsass exploit virus
> please.
You mean this ancient threat?
W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html
A tool is available to remove the Sasser worm variants
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720
W32.Sasser.Worm Removal Tool
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html
McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/
--
Bruce Chambers
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin
Many people would rather die than think; in fact, most do. -Bertrum Russell
Panda_man
August 20th 06, 02:54 PM
"rumplestiltskin" wrote:
> can anyone help to find a security patch to get rid of lsass exploit virus
> please.
>
Microsoft / Windows Update
http://windowsupdate.microsoft.com
and download all the updates for your computer using Express install
Upgrade with the latest Service Pack for your operating system and all the
lastest updates .
Microsoft Malicious removal tool should remove any infected regarding LSASS
http://www.microsoft.com/security/malwareremove/default.mspx
McAfee's Stinger is another try
http://vil.nai.com/vil/stinger/
Protect your PC:
http://pandaman.my.contact.bg/Protect_your_PC.htm
--
Panda_man
Bronze level Contributor
David H. Lipman
August 20th 06, 11:28 PM
From: "rumplestiltskin" >
| can anyone help to find a security patch to get rid of lsass exploit virus
| please.
If it is truly Sasser or any other LSASS buffer overflow vulnerability exploit, it will
generate the following shutdown message...
NT AUTHORITY\SYSTEM
'c:\windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819
or
NT AUTHORITY\SYSTEM
'c:\winnt\system32\lsass.exe' terminated unexpectedly with status code -1073741819
If the platform is WinXP you can use the native SHUTDOWN.EXE utility to stop the shutdown
process.
WinXP
Go to; Start --> Run
enter; shutdown -a
Microsoft's LSASS vulnerability patch.
WinXP KB835732
http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en
To remove any of the *many* BOTs that now exploit the vulnerability...
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
vBulletin® v3.6.4, Copyright ©2000-2024, Jelsoft Enterprises Ltd.