Help - How to prevent lssas.exe get installed?

D

DBLWizard

Howdy All,

I need some help. I have a development server that is connected to
the internet. I just got this lssas.exe virus removed from my machine
and cleaned up the registry. In the process I used Security
Configuration Mangager to properly configure windows firewall for all
the services that are running and updated the lasted updates from
Microsoft for Windows 2003 and Sql Server. I also run IIS, DNS and
DHCP on this server. I disabled all the forwarding from my linksys
wrt54G router so nothing is getting forwarded to my server.

This morning when I came to my server Symantec had quarantined another
version of the lssas.exe from my machine. Can somebody help me figure
out where my vulnerabilty is and how these are getting put on my
server.

I use this server to remote into other machines but do not do any
email on this machine itself and the virus software on the other
servers is not throwing up any flags.

Thanks

dbl
 
T

Tom

DBLWizard wrote:
> Howdy All,
>
> I need some help. I have a development server that is connected to
> the internet. I just got this lssas.exe virus removed from my machine
> and cleaned up the registry. In the process I used Security
> Configuration Mangager to properly configure windows firewall for all
> the services that are running and updated the lasted updates from
> Microsoft for Windows 2003 and Sql Server. I also run IIS, DNS and
> DHCP on this server. I disabled all the forwarding from my linksys
> wrt54G router so nothing is getting forwarded to my server.
>
> This morning when I came to my server Symantec had quarantined another
> version of the lssas.exe from my machine. Can somebody help me figure
> out where my vulnerabilty is and how these are getting put on my
> server.
>
> I use this server to remote into other machines but do not do any
> email on this machine itself and the virus software on the other
> servers is not throwing up any flags.
>
> Thanks
>
> dbl
Do you mean lsass.exe? If so, it's a valid part of the operating
system. Part of security services.
If it's really lssas.exe, then you indeed have a virus.
 
D

DBLWizard

No. I mean lssas.exe it is a known virus. I know the lsass.exe is a
valid and critical part of the os. As I understand it this virus
embeds itself in the os and takes over part of the functions of the
lsass.exe services.

On Dec 9, 10:30 am, Tom <t.wyck...@verizon.net> wrote:
> DBLWizard wrote:
> > Howdy All,
>
> > I need some help. I have a development server that is connected to
> > the internet. I just got this lssas.exe virus removed from my machine
> > and cleaned up the registry. In the process I used Security
> > Configuration Mangager to properly configure windows firewall for all
> > the services that are running and updated the lasted updates from
> > Microsoft for Windows 2003 and Sql Server. I also run IIS, DNS and
> > DHCP on this server. I disabled all the forwarding from my linksys
> > wrt54G router so nothing is getting forwarded to my server.
>
> > This morning when I came to my server Symantec had quarantined another
> > version of the lssas.exe from my machine. Can somebody help me figure
> > out where my vulnerabilty is and how these are getting put on my
> > server.
>
> > I use this server to remote into other machines but do not do any
> > email on this machine itself and the virus software on the other
> > servers is not throwing up any flags.
>
> > Thanks
>
> > dbl
>
> Do you mean lsass.exe? If so, it's a valid part of the operating
> system. Part of security services.
> If it's really lssas.exe, then you indeed have a virus.
 
V

Volodymyr Shcherbyna

Actually, everyone can make any process in XP as a 'system critical
process'. See my recent post
http://msmvps.com/blogs/v_scherbina...-case-of-task-manager-that-does-not-kill.aspx .
It actually means, that lsass.exe can be not a worm lsass.exe, but some
spyware that masked as a lsass.exe worm. I suggest you to scan your
harddrive by nod32, in order to find any local copies of spyware/virus.

--
Volodymyr
"DBLWizard" <ibflyfishin@yahoo.com> wrote in message
news:0d68e8f7-a65a-473a-bcbf-a131d7fe7e97@y43g2000hsy.googlegroups.com...
> No. I mean lssas.exe it is a known virus. I know the lsass.exe is a
> valid and critical part of the os. As I understand it this virus
> embeds itself in the os and takes over part of the functions of the
> lsass.exe services.
>
> On Dec 9, 10:30 am, Tom <t.wyck...@verizon.net> wrote:
>> DBLWizard wrote:
>> > Howdy All,
>>
>> > I need some help. I have a development server that is connected to
>> > the internet. I just got this lssas.exe virus removed from my machine
>> > and cleaned up the registry. In the process I used Security
>> > Configuration Mangager to properly configure windows firewall for all
>> > the services that are running and updated the lasted updates from
>> > Microsoft for Windows 2003 and Sql Server. I also run IIS, DNS and
>> > DHCP on this server. I disabled all the forwarding from my linksys
>> > wrt54G router so nothing is getting forwarded to my server.
>>
>> > This morning when I came to my server Symantec had quarantined another
>> > version of the lssas.exe from my machine. Can somebody help me figure
>> > out where my vulnerabilty is and how these are getting put on my
>> > server.
>>
>> > I use this server to remote into other machines but do not do any
>> > email on this machine itself and the virus software on the other
>> > servers is not throwing up any flags.
>>
>> > Thanks
>>
>> > dbl
>>
>> Do you mean lsass.exe? If so, it's a valid part of the operating
>> system. Part of security services.
>> If it's really lssas.exe, then you indeed have a virus.
>
 
D

DBLWizard

lsass.exe is a valid and necessary process for windows 2003. That is
not the issue. I have already removed the problem lssas.exe from my
computer. I am trying to understand how it got there in the first
place. I do have SQLServer installed on this sytem along with PC
Anywhere and Pervasive v8 database server.

On Dec 21, 4:11 am, "Volodymyr Shcherbyna"
<v_scherb...@online.mvps.org> wrote:
> Actually, everyone can make any process in XP as a 'system critical
> process'. See my recent posthttp://msmvps.com/blogs/v_scherbina/archive/2007/12/20/the-case-of-ta....
> It actually means, that lsass.exe can be not a worm lsass.exe, but some
> spyware that masked as a lsass.exe worm. I suggest you to scan your
> harddrive by nod32, in order to find any local copies of spyware/virus.
>
> --
> Volodymyr"DBLWizard" <ibflyfis...@yahoo.com> wrote in message
>
> news:0d68e8f7-a65a-473a-bcbf-a131d7fe7e97@y43g2000hsy.googlegroups.com...
>
> > No. I mean lssas.exe it is a known virus. I know the lsass.exe is a
> > valid and critical part of the os. As I understand it this virus
> > embeds itself in the os and takes over part of the functions of the
> > lsass.exe services.
>
> > On Dec 9, 10:30 am, Tom <t.wyck...@verizon.net> wrote:
> >>DBLWizardwrote:
> >> > Howdy All,
>
> >> > I need some help. I have a development server that is connected to
> >> > the internet. I just got this lssas.exe virus removed from my machine
> >> > and cleaned up the registry. In the process I used Security
> >> > Configuration Mangager to properly configure windows firewall for all
> >> > the services that are running and updated the lasted updates from
> >> > Microsoft for Windows 2003 and Sql Server. I also run IIS, DNS and
> >> > DHCP on this server. I disabled all the forwarding from my linksys
> >> > wrt54G router so nothing is getting forwarded to my server.
>
> >> > This morning when I came to my server Symantec had quarantined another
> >> > version of the lssas.exe from my machine. Can somebody help me figure
> >> > out where my vulnerabilty is and how these are getting put on my
> >> > server.
>
> >> > I use this server to remote into other machines but do not do any
> >> > email on this machine itself and the virus software on the other
> >> > servers is not throwing up any flags.
>
> >> > Thanks
>
> >> > dbl
>
> >> Do you mean lsass.exe? If so, it's a valid part of the operating
> >> system. Part of security services.
> >> If it's really lssas.exe, then you indeed have a virus.
 
You must log in or register to reply here.

Similar threads

S
How to get back pre-installed MS apps?
Replies
0
Views
41
Sneha Pandey
S
L
Sending emails using System.Net.Mail
Replies
0
Views
71
leodomitrovic
L
S
How to successfully activate my transferred Windows 10 pro copy?
Replies
0
Views
74
Seshadri Ramaswami
S
R
How to prevent windows disconnecting wifi during internet outage.
Replies
0
Views
71
Richard_9929
R
R
IIS server delivers an old, expired SSL Certificate, giving ERR_CERT_AUTHORITY_INVALID
Replies
0
Views
93
RanAground
R
Back
Top Bottom