SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Enthusiast
    Join Date
    Sep 2005
    Posts
    49
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation LSASS.exe Worm. How to kill it? Help needed!

    Hi,

    I am really having a hard time getting rid of this worm on one of my PC's. It's one of those LSASS.exe worms that keeps restarting my PC. I've got some anti-worms and removal tools but whenever I run any of these programs it automatically restarts the PC. It looks so smart that even when I search google for "lsass.exe worm removal" it knows that I am trying to get rid of it and so it automatically restarts the PC when I hit search in Google! It doesn't happen for other keywords! Is it so intelligent?!

    I tried the shutdown -a command but to no avail! It still restarts the PC whenever a removal tool (program) is started.

    Is there any way to get rid of it without formatting the hard drive?

    The infected PC runs Win XP Pro SP2.

  2. #2
    SitePoint Enthusiast
    Join Date
    Oct 2007
    Posts
    77
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by chem3 View Post
    Hi,

    I am really having a hard time getting rid of this worm on one of my PC's. It's one of those LSASS.exe worms that keeps restarting my PC. I've got some anti-worms and removal tools but whenever I run any of these programs it automatically restarts the PC. It looks so smart that even when I search google for "lsass.exe worm removal" it knows that I am trying to get rid of it and so it automatically restarts the PC when I hit search in Google! It doesn't happen for other keywords! Is it so intelligent?!

    I tried the shutdown -a command but to no avail! It still restarts the PC whenever a removal tool (program) is started.

    Is there any way to get rid of it without formatting the hard drive?

    The infected PC runs Win XP Pro SP2.
    Just a suggession,
    Try running a potent anti-virus like avg in safe mode and see what happens.

    regards,

    ajos777

  3. #3
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,629
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    I would consider a reformat--those lsass.exe worms are rather nasty.

  4. #4
    SitePoint Wizard silver trophy Crazybanana's Avatar
    Join Date
    Mar 2003
    Location
    In tha fruit cellar
    Posts
    1,379
    Mentioned
    32 Post(s)
    Tagged
    1 Thread(s)
    first make windows see hidden files and folders + system files.

    clear all your temp files, this be the files inside the folder "temp", "temporary internet files" (do not touch any folders in temporary internet files if you see any), and the hidden "content.ie5" inside temporary internet files (do not delete any files named "desktop".

    then reboot into safe mode ("F8") as admin and run this tool and this tool and see what happends. then you reboot into normal mode and run it again.. if still having problems you can try post your hjt log here after doing this.

    all this can be done from safe mode.. and do the "shutdown -a" if you need more time to do this...

    Good luck
    Who's to doom when the judge himself is dragged before the bar


  5. #5
    ..back with a vengeance... Ingoal's Avatar
    Join Date
    May 2002
    Location
    Benningen, Germany
    Posts
    6,260
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Some good points there by Crazybanana...while you're at it, I would add Spybot S&D to the mix (boot into safemode like suggested and let it do it's thing)...

    Ingo
    Advisor - Community Team
    CHD-magician + + =
    Some of my sites: [1|2|3|4|5|6|7|8|9|10]
    Newest site: ZZ.GD - t dsn't gt mch shrtr thn tht

  6. #6
    SitePoint Enthusiast
    Join Date
    May 2008
    Posts
    93
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    buy a mac
    London IT support & outsourcing Company
    IT support contract estimation

    Kimson Solutions : The IT partner for small and medium businesses


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •