Help - How to prevent lssas.exe get installed?

D

DBLWizard

Howdy All,

I need some help. I have a development server that is connected to
the internet. I just got this lssas.exe virus removed from my machine
and cleaned up the registry. In the process I used Security
Configuration Mangager to properly configure windows firewall for all
the services that are running and updated the lasted updates from
Microsoft for Windows 2003 and Sql Server. I also run IIS, DNS and
DHCP on this server. I disabled all the forwarding from my linksys
wrt54G router so nothing is getting forwarded to my server.

This morning when I came to my server Symantec had quarantined another
version of the lssas.exe from my machine. Can somebody help me figure
out where my vulnerabilty is and how these are getting put on my
server.

I use this server to remote into other machines but do not do any
email on this machine itself and the virus software on the other
servers is not throwing up any flags.

Thanks

dbl
 
T

Tom

DBLWizard wrote:
> Howdy All,
>
> I need some help. I have a development server that is connected to
> the internet. I just got this lssas.exe virus removed from my machine
> and cleaned up the registry. In the process I used Security
> Configuration Mangager to properly configure windows firewall for all
> the services that are running and updated the lasted updates from
> Microsoft for Windows 2003 and Sql Server. I also run IIS, DNS and
> DHCP on this server. I disabled all the forwarding from my linksys
> wrt54G router so nothing is getting forwarded to my server.
>
> This morning when I came to my server Symantec had quarantined another
> version of the lssas.exe from my machine. Can somebody help me figure
> out where my vulnerabilty is and how these are getting put on my
> server.
>
> I use this server to remote into other machines but do not do any
> email on this machine itself and the virus software on the other
> servers is not throwing up any flags.
>
> Thanks
>
> dbl
Do you mean lsass.exe? If so, it's a valid part of the operating
system. Part of security services.
If it's really lssas.exe, then you indeed have a virus.
 
D

DBLWizard

No. I mean lssas.exe it is a known virus. I know the lsass.exe is a
valid and critical part of the os. As I understand it this virus
embeds itself in the os and takes over part of the functions of the
lsass.exe services.

On Dec 9, 10:30 am, Tom <t.wyck...@verizon.net> wrote:
> DBLWizard wrote:
> > Howdy All,
>
> > I need some help. I have a development server that is connected to
> > the internet. I just got this lssas.exe virus removed from my machine
> > and cleaned up the registry. In the process I used Security
> > Configuration Mangager to properly configure windows firewall for all
> > the services that are running and updated the lasted updates from
> > Microsoft for Windows 2003 and Sql Server. I also run IIS, DNS and
> > DHCP on this server. I disabled all the forwarding from my linksys
> > wrt54G router so nothing is getting forwarded to my server.
>
> > This morning when I came to my server Symantec had quarantined another
> > version of the lssas.exe from my machine. Can somebody help me figure
> > out where my vulnerabilty is and how these are getting put on my
> > server.
>
> > I use this server to remote into other machines but do not do any
> > email on this machine itself and the virus software on the other
> > servers is not throwing up any flags.
>
> > Thanks
>
> > dbl
>
> Do you mean lsass.exe? If so, it's a valid part of the operating
> system. Part of security services.
> If it's really lssas.exe, then you indeed have a virus.
 
V

Volodymyr Shcherbyna

Actually, everyone can make any process in XP as a 'system critical
process'. See my recent post
http://msmvps.com/blogs/v_scherbina...-case-of-task-manager-that-does-not-kill.aspx .
It actually means, that lsass.exe can be not a worm lsass.exe, but some
spyware that masked as a lsass.exe worm. I suggest you to scan your
harddrive by nod32, in order to find any local copies of spyware/virus.

--
Volodymyr
"DBLWizard" <ibflyfishin@yahoo.com> wrote in message
news:0d68e8f7-a65a-473a-bcbf-a131d7fe7e97@y43g2000hsy.googlegroups.com...
> No. I mean lssas.exe it is a known virus. I know the lsass.exe is a
> valid and critical part of the os. As I understand it this virus
> embeds itself in the os and takes over part of the functions of the
> lsass.exe services.
>
> On Dec 9, 10:30 am, Tom <t.wyck...@verizon.net> wrote:
>> DBLWizard wrote:
>> > Howdy All,
>>
>> > I need some help. I have a development server that is connected to
>> > the internet. I just got this lssas.exe virus removed from my machine
>> > and cleaned up the registry. In the process I used Security
>> > Configuration Mangager to properly configure windows firewall for all
>> > the services that are running and updated the lasted updates from
>> > Microsoft for Windows 2003 and Sql Server. I also run IIS, DNS and
>> > DHCP on this server. I disabled all the forwarding from my linksys
>> > wrt54G router so nothing is getting forwarded to my server.
>>
>> > This morning when I came to my server Symantec had quarantined another
>> > version of the lssas.exe from my machine. Can somebody help me figure
>> > out where my vulnerabilty is and how these are getting put on my
>> > server.
>>
>> > I use this server to remote into other machines but do not do any
>> > email on this machine itself and the virus software on the other
>> > servers is not throwing up any flags.
>>
>> > Thanks
>>
>> > dbl
>>
>> Do you mean lsass.exe? If so, it's a valid part of the operating
>> system. Part of security services.
>> If it's really lssas.exe, then you indeed have a virus.
>
 
D

DBLWizard

lsass.exe is a valid and necessary process for windows 2003. That is
not the issue. I have already removed the problem lssas.exe from my
computer. I am trying to understand how it got there in the first
place. I do have SQLServer installed on this sytem along with PC
Anywhere and Pervasive v8 database server.

On Dec 21, 4:11 am, "Volodymyr Shcherbyna"
<v_scherb...@online.mvps.org> wrote:
> Actually, everyone can make any process in XP as a 'system critical
> process'. See my recent posthttp://msmvps.com/blogs/v_scherbina/archive/2007/12/20/the-case-of-ta....
> It actually means, that lsass.exe can be not a worm lsass.exe, but some
> spyware that masked as a lsass.exe worm. I suggest you to scan your
> harddrive by nod32, in order to find any local copies of spyware/virus.
>
> --
> Volodymyr"DBLWizard" <ibflyfis...@yahoo.com> wrote in message
>
> news:0d68e8f7-a65a-473a-bcbf-a131d7fe7e97@y43g2000hsy.googlegroups.com...
>
> > No. I mean lssas.exe it is a known virus. I know the lsass.exe is a
> > valid and critical part of the os. As I understand it this virus
> > embeds itself in the os and takes over part of the functions of the
> > lsass.exe services.
>
> > On Dec 9, 10:30 am, Tom <t.wyck...@verizon.net> wrote:
> >>DBLWizardwrote:
> >> > Howdy All,
>
> >> > I need some help. I have a development server that is connected to
> >> > the internet. I just got this lssas.exe virus removed from my machine
> >> > and cleaned up the registry. In the process I used Security
> >> > Configuration Mangager to properly configure windows firewall for all
> >> > the services that are running and updated the lasted updates from
> >> > Microsoft for Windows 2003 and Sql Server. I also run IIS, DNS and
> >> > DHCP on this server. I disabled all the forwarding from my linksys
> >> > wrt54G router so nothing is getting forwarded to my server.
>
> >> > This morning when I came to my server Symantec had quarantined another
> >> > version of the lssas.exe from my machine. Can somebody help me figure
> >> > out where my vulnerabilty is and how these are getting put on my
> >> > server.
>
> >> > I use this server to remote into other machines but do not do any
> >> > email on this machine itself and the virus software on the other
> >> > servers is not throwing up any flags.
>
> >> > Thanks
>
> >> > dbl
>
> >> Do you mean lsass.exe? If so, it's a valid part of the operating
> >> system. Part of security services.
> >> If it's really lssas.exe, then you indeed have a virus.
 
You must log in or register to reply here.

Similar threads

V
Anyone help with Windows server 2019 keeps failing updates with error 0x800f0986
Replies
0
Views
53
Verricom
V
T
How to configure Remote RADIUS Server with local server
Replies
0
Views
27
Tadas Gečas
T
H
How to Enable TLS 1.3 on IIS Web Server with Windows Server 2022 for Enhanced Cloud Service Security?
Replies
0
Views
17
Himanshi Mahour
H
N
In our server the Active Directory Authentication Library for SQL Server 15 is installed and we are getting vulnerabilities against it . Help me to ge
Replies
0
Views
15
Nikhil Bajpai
N
T
On attempting to install Windows server 2022 I get a "No device drivers were found." error.
Replies
0
Views
32
Ted Christensen1
T
Back
Top Bottom