"c:\windows\ system\lsass.exe"

How to remove this virus?

Please help

Thank you all guys

"P.J." wrote:

How to remove this virus?

Please help

Thank you all guys

You did not provide more info about your Operating system version, what
anti-virus and Firewall you have installed. Yes this Path is definitely a
suspicious to me.

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start Control Panel Double click Network and Internet
Connections Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from he
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from he
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Do...eeRemovalTool/

After the scan run disk cleanup on your drive.


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass
--------
http://www.nasstec.co.uk

My buddy is Dell Inspron 6500, running with Home XP. My anti virus is Mc Afee
when i was scan using of this anti virus there is a message prompt to me
"trojan virus spayware".

Please help me because now my system getting worse running too much slow

"nass" wrote:



"P.J." wrote:

How to remove this virus?

Please help

Thank you all guys

You did not provide more info about your Operating system version, what
anti-virus and Firewall you have installed. Yes this Path is definitely a
suspicious to me.

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete cookies
by doing this:
Click Start Control Panel Double click Network and Internet
Connections Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from he
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from he
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Do...eeRemovalTool/

After the scan run disk cleanup on your drive.


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass
--------
http://www.nasstec.co.uk

"P.J." wrote in message
...
My buddy is Dell Inspron 6500, running with Home XP. My anti virus is Mc
Afee
when i was scan using of this anti virus there is a message prompt to me
"trojan virus spayware".

Please help me because now my system getting worse running too much slow

Can't McAfee remove it?
Did you follow the steps given by another poster?
Jim
"nass" wrote:



"P.J." wrote:

How to remove this virus?

Please help

Thank you all guys

You did not provide more info about your Operating system version, what
anti-virus and Firewall you have installed. Yes this Path is definitely a
suspicious to me.

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete
cookies
by doing this:
Click Start Control Panel Double click Network and Internet
Connections Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from he
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from he
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Do...eeRemovalTool/

After the scan run disk cleanup on your drive.


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass
--------
http://www.nasstec.co.uk

Hi,

I have the same problem. Did you find a solution? I can find the file
Lsass.exe but it is not possible to delete it!

Thanks,

FM

"Jim" wrote:


"P.J." wrote in message
...
My buddy is Dell Inspron 6500, running with Home XP. My anti virus is Mc
Afee
when i was scan using of this anti virus there is a message prompt to me
"trojan virus spayware".

Please help me because now my system getting worse running too much slow

Can't McAfee remove it?
Did you follow the steps given by another poster?
Jim
"nass" wrote:



"P.J." wrote:

How to remove this virus?

Please help

Thank you all guys

You did not provide more info about your Operating system version, what
anti-virus and Firewall you have installed. Yes this Path is definitely a
suspicious to me.

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete
cookies
by doing this:
Click Start Control Panel Double click Network and Internet
Connections Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from he
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from he
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Do...eeRemovalTool/

After the scan run disk cleanup on your drive.


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass
--------
http://www.nasstec.co.uk

1) In Windows Explorer, record modified date/time of the bogus lsass.exe
2) Rename it by adding zzx_ prefix.
3) Get Internet Explorer to delete all temporary files and downloaded
program files.
4) Reboot.

If the bogus lsass.exe re-appears, continue:
5) Rename it again
6) In Explorer, search C:\ for all files modified on the date you recorded
in (1) above. Sort into time order and rename all files of the same size as
bogus lsass.exe modified within 2 minutes of the time you recorded.
7) Record paths of all other files modified in this time window - they are
suspects.
8) Reboot with no network connection.
9) If the bogus lsass.exe does not appear, the only other thing to guard
against is an intruder program that calls home to download the files you
renamed.
10) Plug into the network, and if you don't have a software firewall which
alerts on outgoing traffic, install one - e.g. free version of Zone Alarm.
11) Make sure the infection has not already re-appeared, and reboot again.
12) Zone alarm should alert you if one of the suspects tries to call home.
Re-name it.
13) If you want to, delete the renamed files.

--
HTH
Newell White


"London Trader" wrote:

Hi,

I have the same problem. Did you find a solution? I can find the file
Lsass.exe but it is not possible to delete it!

Thanks,

FM

"Jim" wrote:


"P.J." wrote in message
...
My buddy is Dell Inspron 6500, running with Home XP. My anti virus is Mc
Afee
when i was scan using of this anti virus there is a message prompt to me
"trojan virus spayware".

Please help me because now my system getting worse running too much slow

Can't McAfee remove it?
Did you follow the steps given by another poster?
Jim
"nass" wrote:



"P.J." wrote:

How to remove this virus?

Please help

Thank you all guys

You did not provide more info about your Operating system version, what
anti-virus and Firewall you have installed. Yes this Path is definitely a
suspicious to me.

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete
cookies
by doing this:
Click Start Control Panel Double click Network and Internet
Connections Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from he
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from he
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Do...eeRemovalTool/

After the scan run disk cleanup on your drive.


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass
--------
http://www.nasstec.co.uk

"London Trader" wrote in message
...
Hi,

I have the same problem. Did you find a solution? I can find the file
Lsass.exe but it is not possible to delete it!

Thanks,

FM

I don't have this problem. Perhaps a running program cannot be deleted.
If so, then I would boot my BartPE from the CD. BartPE can surely delete
anything.
Or, I would try Knoppix. It ignores XP permissions hence it can delete
anything.
Or, perhaps the repair console can do the job.
Another poster has suggested yet another way.
Jim
"Jim" wrote:


"P.J." wrote in message
...
My buddy is Dell Inspron 6500, running with Home XP. My anti virus is
Mc
Afee
when i was scan using of this anti virus there is a message prompt to
me
"trojan virus spayware".

Please help me because now my system getting worse running too much
slow

Can't McAfee remove it?
Did you follow the steps given by another poster?
Jim
"nass" wrote:



"P.J." wrote:

How to remove this virus?

Please help

Thank you all guys

You did not provide more info about your Operating system version,
what
anti-virus and Firewall you have installed. Yes this Path is
definitely a
suspicious to me.

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete
cookies
by doing this:
Click Start Control Panel Double click Network and Internet
Connections Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing
Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this
box.
Then click on Programs Tab and click Manage Add-Ons and Disable all
non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from he
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from he
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline
scanner):
http://www.bitdefender.co.uk/site/Do...eeRemovalTool/

After the scan run disk cleanup on your drive.


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
use.
It will help you to both identify and remove any hijackware/spyware.
Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass
--------
http://www.nasstec.co.uk

hi pj you can remove this virus with stinger or sasser patch

"P.J." wrote:

How to remove this virus?

Please help

Thank you all guys

Thanks. What is stinger and sasser patch? on where i could find this or to
download?

"finethread" wrote:

hi pj you can remove this virus with stinger or sasser patch

"P.J." wrote:

How to remove this virus?

Please help

Thank you all guys

Thanks Newell,

Also, my task manager was disable even the RUN program doesn't appear (i try
to use the keyboard key short window+R still not running).. how to enable ?

"Newell White" wrote:

1) In Windows Explorer, record modified date/time of the bogus lsass.exe
2) Rename it by adding zzx_ prefix.
3) Get Internet Explorer to delete all temporary files and downloaded
program files.
4) Reboot.

If the bogus lsass.exe re-appears, continue:
5) Rename it again
6) In Explorer, search C:\ for all files modified on the date you recorded
in (1) above. Sort into time order and rename all files of the same size as
bogus lsass.exe modified within 2 minutes of the time you recorded.
7) Record paths of all other files modified in this time window - they are
suspects.
8) Reboot with no network connection.
9) If the bogus lsass.exe does not appear, the only other thing to guard
against is an intruder program that calls home to download the files you
renamed.
10) Plug into the network, and if you don't have a software firewall which
alerts on outgoing traffic, install one - e.g. free version of Zone Alarm.
11) Make sure the infection has not already re-appeared, and reboot again.
12) Zone alarm should alert you if one of the suspects tries to call home.
Re-name it.
13) If you want to, delete the renamed files.

--
HTH
Newell White


"London Trader" wrote:

Hi,

I have the same problem. Did you find a solution? I can find the file
Lsass.exe but it is not possible to delete it!

Thanks,

FM

"Jim" wrote:


"P.J." wrote in message
...
My buddy is Dell Inspron 6500, running with Home XP. My anti virus is Mc
Afee
when i was scan using of this anti virus there is a message prompt to me
"trojan virus spayware".

Please help me because now my system getting worse running too much slow

Can't McAfee remove it?
Did you follow the steps given by another poster?
Jim
"nass" wrote:



"P.J." wrote:

How to remove this virus?

Please help

Thank you all guys

You did not provide more info about your Operating system version, what
anti-virus and Firewall you have installed. Yes this Path is definitely a
suspicious to me.

Go through these Cleaning steps:
1... First, try to clean up your caches, Internet files and delete
cookies
by doing this:
Click Start Control Panel Double click Network and Internet
Connections Double click Internet Options.
On the IE properties windows you will see these Taps:
General | Security | Privacy | Content | Connections | Programs |
Advanced
Under General Tab clear your History, Internet Files and Cookies.
Then click on Advanced tab and scroll down to under the Browsing Option:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
Then click on Programs Tab and click Manage Add-Ons and Disable all non
Verified Add-Ons (You should Renable them later one-by-one and see the
culprit and update it or remove it.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Scan for malware from he
Spybot Search & Destroy
http://www.safer-networking.org/en/download/index.html

Run a scan from here on-line:
http://security.symantec.com/sscv6/d...d=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from he
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine (offline scanner):
http://www.bitdefender.co.uk/site/Do...eeRemovalTool/

After the scan run disk cleanup on your drive.


2- Download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
http://www.merijn.org/index.php
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Any error message, have a look in the event viewer and post them here.
HTH.
nass
--------
http://www.nasstec.co.uk