Spyware, Viruses, & Security forum

General discussion

Sasser questions

by jonah jones / June 20, 2004 4:37 AM PDT

a zone alarm alert informed me that LSA shell export version was trying to access the internet...

i said "no" and started looking for info....

according to AVG, i'm clean
Symantec says "no sasser worm found"
a search on my PC says that i have 4 copies of lsass.exe, but they are all dated 2001 (XP pro)

questions: do i have the worm or not? if yes, what now?

Discussion is locked
You are posting a reply to: Sasser questions
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Sasser questions
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Sasser questions
by dawillie / June 20, 2004 8:09 AM PDT
In reply to: Sasser questions

lsass.exe is part of the XP o/s.
if both Symantec and AVG say no worm you do not have a worm.
hope this helps.
lsass.exe listens on port 500 for UDP and if ZA tells you that your LSASS is trying to connect, you are well to deny although I am unaware of any decrease in functionality as a result of the denial.
david williams

Collapse -
lsass - lsass.exe - Process Information
by Marianna Schmudlach / June 20, 2004 10:26 AM PDT
In reply to: Sasser questions

lsass - lsass.exe - Process Information

Process File: lsass or lsass.exe
Process Name: Local Security Authority Service
Description: Windows Local Security Authority Server Process handles Windows security mechanisms. It verifies the validity of user logons to your computer or server. Technically, the software generates the process that is responsible for authenticating users for the Winlogon service.
Company: Microsoft Corp.
System Process: Yes
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
Common Errors: N/A

Collapse -
Re: Sasser questions
by shurtu1 / June 26, 2004 2:22 PM PDT
In reply to: Sasser questions

I have the same thing happen to my computer today, and I ran a Norton scan on my computer. It said there were two problem files-I thought I deleted them. But still my computer kept rebooting itself. Finally I looked for the lsass.exe file and found 4 of them as well. I downloaded the removal tool and that said there was no worm. So how can that be? I have the same problem as you--so if there is not the sasser worm on it then whar is going on?

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.