If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
"c:\windows\ system\lsass.exe"
How to remove this virus?
Please help Thank you all guys |
Ads |
#2
|
|||
|
|||
"c:\windows\ system\lsass.exe"
"P.J." wrote: How to remove this virus? Please help Thank you all guys You did not provide more info about your Operating system version, what anti-virus and Firewall you have installed. Yes this Path is definitely a suspicious to me. Go through these Cleaning steps: 1... First, try to clean up your caches, Internet files and delete cookies by doing this: Click Start Control Panel Double click Network and Internet Connections Double click Internet Options. On the IE properties windows you will see these Taps: General | Security | Privacy | Content | Connections | Programs | Advanced Under General Tab clear your History, Internet Files and Cookies. Then click on Advanced tab and scroll down to under the Browsing Option: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box. Then click on Programs Tab and click Manage Add-Ons and Disable all non Verified Add-Ons (You should Renable them later one-by-one and see the culprit and update it or remove it. How to manage Add-Ons: http://support.microsoft.com/kb/883256 Scan for malware from he Spybot Search & Destroy http://www.safer-networking.org/en/download/index.html Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from he http://www.avast.com/eng/avast-virus-cleaner.html Lots of tools to download and disinfect your machine (offline scanner): http://www.bitdefender.co.uk/site/Do...eeRemovalTool/ After the scan run disk cleanup on your drive. 2- Download the Hijackthis and send the report to one of many forums for analysis and troubleshooting: http://www.merijn.org/index.php When all else fails, HijackThis v1.99.1 (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware. Post your log to http://aumha.net/viewforum.php?f=30, http://castlecops.com/forum67.html, http://forums.subratam.org/index.php?showforum=7, or other appropriate forums for expert analysis, not here. Any error message, have a look in the event viewer and post them here. HTH. nass -------- http://www.nasstec.co.uk |
#3
|
|||
|
|||
"c:\windows\ system\lsass.exe"
My buddy is Dell Inspron 6500, running with Home XP. My anti virus is Mc Afee
when i was scan using of this anti virus there is a message prompt to me "trojan virus spayware". Please help me because now my system getting worse running too much slow "nass" wrote: "P.J." wrote: How to remove this virus? Please help Thank you all guys You did not provide more info about your Operating system version, what anti-virus and Firewall you have installed. Yes this Path is definitely a suspicious to me. Go through these Cleaning steps: 1... First, try to clean up your caches, Internet files and delete cookies by doing this: Click Start Control Panel Double click Network and Internet Connections Double click Internet Options. On the IE properties windows you will see these Taps: General | Security | Privacy | Content | Connections | Programs | Advanced Under General Tab clear your History, Internet Files and Cookies. Then click on Advanced tab and scroll down to under the Browsing Option: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box. Then click on Programs Tab and click Manage Add-Ons and Disable all non Verified Add-Ons (You should Renable them later one-by-one and see the culprit and update it or remove it. How to manage Add-Ons: http://support.microsoft.com/kb/883256 Scan for malware from he Spybot Search & Destroy http://www.safer-networking.org/en/download/index.html Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from he http://www.avast.com/eng/avast-virus-cleaner.html Lots of tools to download and disinfect your machine (offline scanner): http://www.bitdefender.co.uk/site/Do...eeRemovalTool/ After the scan run disk cleanup on your drive. 2- Download the Hijackthis and send the report to one of many forums for analysis and troubleshooting: http://www.merijn.org/index.php When all else fails, HijackThis v1.99.1 (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware. Post your log to http://aumha.net/viewforum.php?f=30, http://castlecops.com/forum67.html, http://forums.subratam.org/index.php?showforum=7, or other appropriate forums for expert analysis, not here. Any error message, have a look in the event viewer and post them here. HTH. nass -------- http://www.nasstec.co.uk |
#4
|
|||
|
|||
"c:\windows\ system\lsass.exe"
"P.J." wrote in message ... My buddy is Dell Inspron 6500, running with Home XP. My anti virus is Mc Afee when i was scan using of this anti virus there is a message prompt to me "trojan virus spayware". Please help me because now my system getting worse running too much slow Can't McAfee remove it? Did you follow the steps given by another poster? Jim "nass" wrote: "P.J." wrote: How to remove this virus? Please help Thank you all guys You did not provide more info about your Operating system version, what anti-virus and Firewall you have installed. Yes this Path is definitely a suspicious to me. Go through these Cleaning steps: 1... First, try to clean up your caches, Internet files and delete cookies by doing this: Click Start Control Panel Double click Network and Internet Connections Double click Internet Options. On the IE properties windows you will see these Taps: General | Security | Privacy | Content | Connections | Programs | Advanced Under General Tab clear your History, Internet Files and Cookies. Then click on Advanced tab and scroll down to under the Browsing Option: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box. Then click on Programs Tab and click Manage Add-Ons and Disable all non Verified Add-Ons (You should Renable them later one-by-one and see the culprit and update it or remove it. How to manage Add-Ons: http://support.microsoft.com/kb/883256 Scan for malware from he Spybot Search & Destroy http://www.safer-networking.org/en/download/index.html Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from he http://www.avast.com/eng/avast-virus-cleaner.html Lots of tools to download and disinfect your machine (offline scanner): http://www.bitdefender.co.uk/site/Do...eeRemovalTool/ After the scan run disk cleanup on your drive. 2- Download the Hijackthis and send the report to one of many forums for analysis and troubleshooting: http://www.merijn.org/index.php When all else fails, HijackThis v1.99.1 (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware. Post your log to http://aumha.net/viewforum.php?f=30, http://castlecops.com/forum67.html, http://forums.subratam.org/index.php?showforum=7, or other appropriate forums for expert analysis, not here. Any error message, have a look in the event viewer and post them here. HTH. nass -------- http://www.nasstec.co.uk |
#5
|
|||
|
|||
"c:\windows\ system\lsass.exe"
Hi,
I have the same problem. Did you find a solution? I can find the file Lsass.exe but it is not possible to delete it! Thanks, FM "Jim" wrote: "P.J." wrote in message ... My buddy is Dell Inspron 6500, running with Home XP. My anti virus is Mc Afee when i was scan using of this anti virus there is a message prompt to me "trojan virus spayware". Please help me because now my system getting worse running too much slow Can't McAfee remove it? Did you follow the steps given by another poster? Jim "nass" wrote: "P.J." wrote: How to remove this virus? Please help Thank you all guys You did not provide more info about your Operating system version, what anti-virus and Firewall you have installed. Yes this Path is definitely a suspicious to me. Go through these Cleaning steps: 1... First, try to clean up your caches, Internet files and delete cookies by doing this: Click Start Control Panel Double click Network and Internet Connections Double click Internet Options. On the IE properties windows you will see these Taps: General | Security | Privacy | Content | Connections | Programs | Advanced Under General Tab clear your History, Internet Files and Cookies. Then click on Advanced tab and scroll down to under the Browsing Option: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box. Then click on Programs Tab and click Manage Add-Ons and Disable all non Verified Add-Ons (You should Renable them later one-by-one and see the culprit and update it or remove it. How to manage Add-Ons: http://support.microsoft.com/kb/883256 Scan for malware from he Spybot Search & Destroy http://www.safer-networking.org/en/download/index.html Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from he http://www.avast.com/eng/avast-virus-cleaner.html Lots of tools to download and disinfect your machine (offline scanner): http://www.bitdefender.co.uk/site/Do...eeRemovalTool/ After the scan run disk cleanup on your drive. 2- Download the Hijackthis and send the report to one of many forums for analysis and troubleshooting: http://www.merijn.org/index.php When all else fails, HijackThis v1.99.1 (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware. Post your log to http://aumha.net/viewforum.php?f=30, http://castlecops.com/forum67.html, http://forums.subratam.org/index.php?showforum=7, or other appropriate forums for expert analysis, not here. Any error message, have a look in the event viewer and post them here. HTH. nass -------- http://www.nasstec.co.uk |
#6
|
|||
|
|||
"c:\windows\ system\lsass.exe"
1) In Windows Explorer, record modified date/time of the bogus lsass.exe
2) Rename it by adding zzx_ prefix. 3) Get Internet Explorer to delete all temporary files and downloaded program files. 4) Reboot. If the bogus lsass.exe re-appears, continue: 5) Rename it again 6) In Explorer, search C:\ for all files modified on the date you recorded in (1) above. Sort into time order and rename all files of the same size as bogus lsass.exe modified within 2 minutes of the time you recorded. 7) Record paths of all other files modified in this time window - they are suspects. 8) Reboot with no network connection. 9) If the bogus lsass.exe does not appear, the only other thing to guard against is an intruder program that calls home to download the files you renamed. 10) Plug into the network, and if you don't have a software firewall which alerts on outgoing traffic, install one - e.g. free version of Zone Alarm. 11) Make sure the infection has not already re-appeared, and reboot again. 12) Zone alarm should alert you if one of the suspects tries to call home. Re-name it. 13) If you want to, delete the renamed files. -- HTH Newell White "London Trader" wrote: Hi, I have the same problem. Did you find a solution? I can find the file Lsass.exe but it is not possible to delete it! Thanks, FM "Jim" wrote: "P.J." wrote in message ... My buddy is Dell Inspron 6500, running with Home XP. My anti virus is Mc Afee when i was scan using of this anti virus there is a message prompt to me "trojan virus spayware". Please help me because now my system getting worse running too much slow Can't McAfee remove it? Did you follow the steps given by another poster? Jim "nass" wrote: "P.J." wrote: How to remove this virus? Please help Thank you all guys You did not provide more info about your Operating system version, what anti-virus and Firewall you have installed. Yes this Path is definitely a suspicious to me. Go through these Cleaning steps: 1... First, try to clean up your caches, Internet files and delete cookies by doing this: Click Start Control Panel Double click Network and Internet Connections Double click Internet Options. On the IE properties windows you will see these Taps: General | Security | Privacy | Content | Connections | Programs | Advanced Under General Tab clear your History, Internet Files and Cookies. Then click on Advanced tab and scroll down to under the Browsing Option: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box. Then click on Programs Tab and click Manage Add-Ons and Disable all non Verified Add-Ons (You should Renable them later one-by-one and see the culprit and update it or remove it. How to manage Add-Ons: http://support.microsoft.com/kb/883256 Scan for malware from he Spybot Search & Destroy http://www.safer-networking.org/en/download/index.html Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from he http://www.avast.com/eng/avast-virus-cleaner.html Lots of tools to download and disinfect your machine (offline scanner): http://www.bitdefender.co.uk/site/Do...eeRemovalTool/ After the scan run disk cleanup on your drive. 2- Download the Hijackthis and send the report to one of many forums for analysis and troubleshooting: http://www.merijn.org/index.php When all else fails, HijackThis v1.99.1 (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware. Post your log to http://aumha.net/viewforum.php?f=30, http://castlecops.com/forum67.html, http://forums.subratam.org/index.php?showforum=7, or other appropriate forums for expert analysis, not here. Any error message, have a look in the event viewer and post them here. HTH. nass -------- http://www.nasstec.co.uk |
#7
|
|||
|
|||
"c:\windows\ system\lsass.exe"
"London Trader" wrote in message ... Hi, I have the same problem. Did you find a solution? I can find the file Lsass.exe but it is not possible to delete it! Thanks, FM I don't have this problem. Perhaps a running program cannot be deleted. If so, then I would boot my BartPE from the CD. BartPE can surely delete anything. Or, I would try Knoppix. It ignores XP permissions hence it can delete anything. Or, perhaps the repair console can do the job. Another poster has suggested yet another way. Jim "Jim" wrote: "P.J." wrote in message ... My buddy is Dell Inspron 6500, running with Home XP. My anti virus is Mc Afee when i was scan using of this anti virus there is a message prompt to me "trojan virus spayware". Please help me because now my system getting worse running too much slow Can't McAfee remove it? Did you follow the steps given by another poster? Jim "nass" wrote: "P.J." wrote: How to remove this virus? Please help Thank you all guys You did not provide more info about your Operating system version, what anti-virus and Firewall you have installed. Yes this Path is definitely a suspicious to me. Go through these Cleaning steps: 1... First, try to clean up your caches, Internet files and delete cookies by doing this: Click Start Control Panel Double click Network and Internet Connections Double click Internet Options. On the IE properties windows you will see these Taps: General | Security | Privacy | Content | Connections | Programs | Advanced Under General Tab clear your History, Internet Files and Cookies. Then click on Advanced tab and scroll down to under the Browsing Option: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box. Then click on Programs Tab and click Manage Add-Ons and Disable all non Verified Add-Ons (You should Renable them later one-by-one and see the culprit and update it or remove it. How to manage Add-Ons: http://support.microsoft.com/kb/883256 Scan for malware from he Spybot Search & Destroy http://www.safer-networking.org/en/download/index.html Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from he http://www.avast.com/eng/avast-virus-cleaner.html Lots of tools to download and disinfect your machine (offline scanner): http://www.bitdefender.co.uk/site/Do...eeRemovalTool/ After the scan run disk cleanup on your drive. 2- Download the Hijackthis and send the report to one of many forums for analysis and troubleshooting: http://www.merijn.org/index.php When all else fails, HijackThis v1.99.1 (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware. Post your log to http://aumha.net/viewforum.php?f=30, http://castlecops.com/forum67.html, http://forums.subratam.org/index.php?showforum=7, or other appropriate forums for expert analysis, not here. Any error message, have a look in the event viewer and post them here. HTH. nass -------- http://www.nasstec.co.uk |
#8
|
|||
|
|||
"c:\windows\ system\lsass.exe"
hi pj you can remove this virus with stinger or sasser patch
"P.J." wrote: How to remove this virus? Please help Thank you all guys |
#9
|
|||
|
|||
"c:\windows\ system\lsass.exe"
Thanks. What is stinger and sasser patch? on where i could find this or to
download? "finethread" wrote: hi pj you can remove this virus with stinger or sasser patch "P.J." wrote: How to remove this virus? Please help Thank you all guys |
#10
|
|||
|
|||
"c:\windows\ system\lsass.exe"
Thanks Newell,
Also, my task manager was disable even the RUN program doesn't appear (i try to use the keyboard key short window+R still not running).. how to enable ? "Newell White" wrote: 1) In Windows Explorer, record modified date/time of the bogus lsass.exe 2) Rename it by adding zzx_ prefix. 3) Get Internet Explorer to delete all temporary files and downloaded program files. 4) Reboot. If the bogus lsass.exe re-appears, continue: 5) Rename it again 6) In Explorer, search C:\ for all files modified on the date you recorded in (1) above. Sort into time order and rename all files of the same size as bogus lsass.exe modified within 2 minutes of the time you recorded. 7) Record paths of all other files modified in this time window - they are suspects. 8) Reboot with no network connection. 9) If the bogus lsass.exe does not appear, the only other thing to guard against is an intruder program that calls home to download the files you renamed. 10) Plug into the network, and if you don't have a software firewall which alerts on outgoing traffic, install one - e.g. free version of Zone Alarm. 11) Make sure the infection has not already re-appeared, and reboot again. 12) Zone alarm should alert you if one of the suspects tries to call home. Re-name it. 13) If you want to, delete the renamed files. -- HTH Newell White "London Trader" wrote: Hi, I have the same problem. Did you find a solution? I can find the file Lsass.exe but it is not possible to delete it! Thanks, FM "Jim" wrote: "P.J." wrote in message ... My buddy is Dell Inspron 6500, running with Home XP. My anti virus is Mc Afee when i was scan using of this anti virus there is a message prompt to me "trojan virus spayware". Please help me because now my system getting worse running too much slow Can't McAfee remove it? Did you follow the steps given by another poster? Jim "nass" wrote: "P.J." wrote: How to remove this virus? Please help Thank you all guys You did not provide more info about your Operating system version, what anti-virus and Firewall you have installed. Yes this Path is definitely a suspicious to me. Go through these Cleaning steps: 1... First, try to clean up your caches, Internet files and delete cookies by doing this: Click Start Control Panel Double click Network and Internet Connections Double click Internet Options. On the IE properties windows you will see these Taps: General | Security | Privacy | Content | Connections | Programs | Advanced Under General Tab clear your History, Internet Files and Cookies. Then click on Advanced tab and scroll down to under the Browsing Option: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box. Then click on Programs Tab and click Manage Add-Ons and Disable all non Verified Add-Ons (You should Renable them later one-by-one and see the culprit and update it or remove it. How to manage Add-Ons: http://support.microsoft.com/kb/883256 Scan for malware from he Spybot Search & Destroy http://www.safer-networking.org/en/download/index.html Run a scan from here on-line: http://security.symantec.com/sscv6/d...d=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from he http://www.avast.com/eng/avast-virus-cleaner.html Lots of tools to download and disinfect your machine (offline scanner): http://www.bitdefender.co.uk/site/Do...eeRemovalTool/ After the scan run disk cleanup on your drive. 2- Download the Hijackthis and send the report to one of many forums for analysis and troubleshooting: http://www.merijn.org/index.php When all else fails, HijackThis v1.99.1 (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware. Post your log to http://aumha.net/viewforum.php?f=30, http://castlecops.com/forum67.html, http://forums.subratam.org/index.php?showforum=7, or other appropriate forums for expert analysis, not here. Any error message, have a look in the event viewer and post them here. HTH. nass -------- http://www.nasstec.co.uk |
Thread Tools | |
Display Modes | |
|
|