Anybody know what causes this?

[V.V.V.V.V.]

Never had to visit here before, but about a half hour ago, my system started initiating self-shutdowns because a file (C:/SYSTEM/WIN32/lsass.exe) kept terminating. Also, a ton of junk files appeared in my C: drive. I promptly deleted them too. Is it a virus, or just a tech mistake and maybe some adware or something? If it is a virus, I'd like to know how to kill it.

Thanks in advance

 

[SculptedCold]

Ok, if I don't see you on MSN again before you get here, you have to get on Microsuck's page here; http://www.microsoft.com/downloads/details.aspx?FamilyId=5FA055AE-A1BA-4D4A-B424-95D32CFC8CBA&displaylang=en
and download and execute the patch for download there.

If you can't access that page (a likely possibility; the worm sends packets to windows update in order to deny you access) then you can get the same update at this location;
http://www.unisa.edu.au/ists/ServiceStatus/VirusInfo/BlasterWormFiles/WindowsXP-KB824146-x86-ENU.exe

You have to install this security update before you can remove the blaster worm.

Once you've done that, try going to http://housecall.trendmicro.com/ again and run the online scanner to remove the worm. If you still can't access that webbie, follow the manual removal instructions from trendmicro below.

MANUAL REMOVAL INSTRUCTIONS


Terminating the Malware Program

This procedure terminates the running malware process from memory.

1. Open Windows Task Manager, press
   CTRL+SHIFT+ESC, and click the Processes tab.
2. In the list of running programs, locate the process:
   MSBLAST.EXE
3. Select the malware process, then press the End Process button.
4. To check if the malware process has been terminated, close Task Manager, and then open it again.
5. Close Task Manager.

Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

1. Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
2. In the left panel, double-click the following:
   HKEY_LOCAL_MACHINE>Software>Microsoft>
   Windows>CurrentVersion>Run
3. In the right panel, locate and delete the entry:
   "windows auto update" = MSBLAST.EXE
4. Close Registry Editor.

NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.


Hopefully after all this your system will be clean. Good luck!

-Sculpy

 

[DE]

Had to come here? You make us sound diseased or something

 

[SculptedCold]

hahahahaha, yeah. turned out not to be the blaster worm after all.

 

[DE]

Is it sorted though?


lsass.exe is a valid system process btw, it's not a virus. Just so you don't go deleting it

 

[SculptedCold]

hehe, I already said that to him, but it was too late. would XP not create a backup copy of important files though? I thought I read somewhere that it did, just so people don't kill their computers so easily.

either way, it's some kind of worm virus he's infected with.....still can't get on the interweb.

 

[DE]

btw, it's the Sasser worm.

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

 

[SculptedCold]

worms are definately the coolest kind of virus.

 

[xenophobe]

worms used to be so unix mainframe.... lol

Now anyone with Windows and Outlook can be infected! yay!

 

[DE]

Melissa!