If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
lsass.exe terminates unexpectedly
frequently (up to 4 or 5 occurances in 8 hrs, seems random) my computer
restarts. I get a 'System Shutdown' window with a countdown timer stating that the 'shutdown was initiated by NT AUTHORITY\SYSTEM' and 'lsass.exe terminated unexpectedly with status code -1073741819'. the restart can be aborted with the command 'shutdown -a' but this invalidates my domain login. i'm running xp pro sp3. appreciate any help i can get to correct this. |
Ads |
#2
|
|||
|
|||
lsass.exe terminates unexpectedly
Malicious software ("malware") is installed on your computer.
Make sure that your anti-malware software is running, then download the latest signatures and run a full scan. If you don't have comprehensive anti-malware software, that's like driving a car without seats belts or air bags. Either way, you're eventually going to get hammered. Install comprehensive anti-malware software and learn how to use its features. A 'comprehensive' solution scans for all types of malicious software in the background, on demand and on schedule. For now try scanning your system with /several/ of the better online scanners, such as: Kaspersky Antivirus (http://www.kaspersky.com/virusscanner) Panda ActiveScan (http://www.pandasoftware.com/activescan) Download HijackThis from www.trendsecure.com. Run it, save a log, and post the log at one of the many sites that support HJT, such as spywarewarrior.com, bleepingcomputer.com, and temerc.com -- but not here. Within a day, sometimes within an hour, you'll have one-on-one step-by-step advice from a security expert on cleaning up any infestations—or you'll have a clean bill of health from the volunteer expert. Even the best detection and removal software can't fix every malware infection. If none of the above remove the infection, you may want to show the computer to a professional. --- Leonard Grey Errare Humanum Est OldVaxGuy wrote: frequently (up to 4 or 5 occurances in 8 hrs, seems random) my computer restarts. I get a 'System Shutdown' window with a countdown timer stating that the 'shutdown was initiated by NT AUTHORITY\SYSTEM' and 'lsass.exe terminated unexpectedly with status code -1073741819'. the restart can be aborted with the command 'shutdown -a' but this invalidates my domain login. i'm running xp pro sp3. appreciate any help i can get to correct this. |
#3
|
|||
|
|||
lsass.exe terminates unexpectedly
From: "OldVaxGuy"
| frequently (up to 4 or 5 occurances in 8 hrs, seems random) my computer | restarts. I get a 'System Shutdown' window with a countdown timer stating | that the 'shutdown was initiated by NT AUTHORITY\SYSTEM' and 'lsass.exe | terminated unexpectedly with status code -1073741819'. the restart can be | aborted with the command 'shutdown -a' but this invalidates my domain login. | i'm running xp pro sp3. appreciate any help i can get to correct this. Disconnet the PC from the network. Does this stop ? Have you implemented the patch for MS08-067 ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#4
|
|||
|
|||
lsass.exe terminates unexpectedly
From: "Leonard Grey"
| Malicious software ("malware") is installed on your computer. Not neccessarily. This may be a worm or trojan external to the PC trying to exploit MS08-067 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#5
|
|||
|
|||
lsass.exe terminates unexpectedly
"David H. Lipman" wrote: From: "Leonard Grey" | Malicious software ("malware") is installed on your computer. Not neccessarily. This may be a worm or trojan external to the PC trying to exploit MS08-067 How is that? You can't get lsass.exe going nuts from outside the PC! You can get the protection software defences going Mad in usage but not lsass.exe. HTH, nass --- http://www.nasstec.co.uk |
#6
|
|||
|
|||
lsass.exe terminates unexpectedly
From: "nass"
| How is that? | You can't get lsass.exe going nuts from outside the PC! | You can get the protection software defences going Mad in usage but not | lsass.exe. | HTH, | nass | --- | http://www.nasstec.co.uk Sure you can. The same way the Lovsan/Blaster did to RPC/RPCSS via TCP port. The Sasser worm did it to LSASS via TCP port 445. Now you have trojans and worms doing it based upon the vulnerability described in MS08-067 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#7
|
|||
|
|||
lsass.exe terminates unexpectedly
"David H. Lipman" wrote:
From: "Leonard Grey" Malicious software ("malware") is installed on your computer. Not neccessarily. This may be a worm or trojan external to the PC trying to exploit MS08-067 How is that? You can't get lsass.exe going nuts from outside the PC! You can get the protection software defences going Mad in usage but not lsass.exe. HTH, nass --- http://www.nasstec.co.uk Actually some malware will actually replace lsass and when you clean it, you no longer have the program any longer. It has to be replaced. Somehow, even the original file can be modified by malware. I don't recall if the details of how were ever given, but the AV companies all seem to have info on it. |
#8
|
|||
|
|||
lsass.exe terminates unexpectedly
From: "Twayne"
| Actually some malware will actually replace lsass and when you clean it, | you no longer have the program any longer. It has to be replaced. | Somehow, even the original file can be modified by malware. I don't | recall if the details of how were ever given, but the AV companies all | seem to have info on it. LSASS.EXE is rarely if ever replaced. It can become infected with a virus or become trojanized. That is code can be inserted, prepended or appended to the EXE file. The file name LSASS.EXE is also one of the most common used to obfucate a given malware's malicious intent. Here it isn't the name that is important but the fully qualified path to where it is being executed from. Example: The W32/Hupigon.worm will create; %windir%\LSASS.EXE Variations on the name is often common to confuse the infected person such as ISASS.EXE -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
Thread Tools | |
Display Modes | |
|
|