4
615 replies to this topic
#1
-
- Members
-
- 324 posts
TMN Friend
- Location: Aberdeen, WA
Posted 13 June 2005 - 06:40 PM
I finally got the lsass.exe plague Saturday!!!!!!!!!!!!! The little window that pops up and tells you "Object Name Not Found" If clicked OK or X it out it will reboot. I did find out that if you wait maybe ten minutes or so that when you close the window it will not reboot. Still a pain. Sunday I went down and bought XP Pro and installed it and guess what? It's still there!!!!!!!!!!!!!!!!! Any ideas on how to rid myself of this pest??????????????
#2
-
- Members
-
- 1,338 posts
Expert
Posted 13 June 2005 - 06:59 PM
lsass.exe = Local Security Authority Service
It is a system process.
It can relate to the Windang.wrom, irc.ratsou.b, Webus B, MyDoom L, Randex AR, Nimos.wrom (so even if you removed these worms lsass.exe is a system process)
It is a system process.
It can relate to the Windang.wrom, irc.ratsou.b, Webus B, MyDoom L, Randex AR, Nimos.wrom (so even if you removed these worms lsass.exe is a system process)
#3
-
- Members
-
- 324 posts
TMN Friend
- Location: Aberdeen, WA
Posted 13 June 2005 - 09:12 PM
Well, I have scanned my puter every which way but sideways including in safe mode. Can't find any virus. If I could just get rid of the dialogue box and not the lsass.exe for sure, then I would be in good shape!!!!!!!!!!!!!! 
#4 Guest_helloimtim_*
-
- Guests
Posted 13 June 2005 - 11:40 PM
I would guess there is something in your start up that would cause this. Start up inspector is a handy little free program that will tell you what is starting when your machine does. Hit the consult button and It will tell you what is important and what is not. Here is a link. http://www.windowsstartup.com/ You can disable the start up process useing this program as well. Alot of people will tell you to use msconfig. I do not recomend doing that unless your 100 percent sure you know what your doing You may by acident kill a start up that windows needs. Have you tried hijack this? Thats a really cool program. After you run it you can do 1 of 2 things. Post the log results in a forum and have someone read them. Or there are 2 auto mated sites that will read them for you and suggest what to delete. If you wish I can give you the links. I have used the automated sites for a year or more. Did what they recomended deleting and never crashed windows once.
#5
-
- Members
-
- 1,338 posts
Expert
Posted 14 June 2005 - 12:05 AM
If you are using Windows XP you can disable all of the start up programs (using msconfig) without harming anything.
#6
-
- Members
-
- 2,844 posts
TMN Sr. Veteran
- Location: Amarillo,TX
Posted 14 June 2005 - 10:42 AM
69 RAT: I don't have XP but I did some web surfing here are some links that might help
http://www.2-spyware...-lsass-exe.html
http://www.enigmasof...=42&productid=4
http://www.computing...&sp=sp&x=28&y=3
http://www.2-spyware...-lsass-exe.html
http://www.enigmasof...=42&productid=4
http://www.computing...&sp=sp&x=28&y=3
#7 Guest_helloimtim_*
-
- Guests
Posted 14 June 2005 - 03:26 PM
I should of said that a bit diffrent but still think the same. If your not sure what you are doing I really really dont recomend playing with msconfig. While yes chaning the startup will not hurt a thing. Some may tend to think they need to play with the boot files. That could turn into a bad thing. That is why I always try to stear thoes that are unsure away from msconfig.
#8
-
- Members
-
- 997 posts
TMN Friend
- Location: Maine-USA
Posted 14 June 2005 - 03:43 PM
Sounds like a sasser variant to me. Heres a link to info on it. http://vil.nai.com/v...08.htm#Symptoms
download and use this to scan and clean it out: http://download.nai....t-i-n-g-e-r.exe
If that doesn't work there is a manual workaround on the first link above.
Sasser is a pain in the butt but I've removed it from a couple of systems. If you want, watch the processes under ctrl+alt+delete then processes tab. If you end the random numbered processes, more will appear. avserve2.exe is the primary process, but the random processes also will restart avserve2.exe. If you're quick enough, you can stop the shut down process. Some systems boot, then auto shutdown within 30 seconds or so of the bootup. EDIT: This is what I had to do with one system that needed cleaning...........
download and use this to scan and clean it out: http://download.nai....t-i-n-g-e-r.exe
If that doesn't work there is a manual workaround on the first link above.
Sasser is a pain in the butt but I've removed it from a couple of systems. If you want, watch the processes under ctrl+alt+delete then processes tab. If you end the random numbered processes, more will appear. avserve2.exe is the primary process, but the random processes also will restart avserve2.exe. If you're quick enough, you can stop the shut down process. Some systems boot, then auto shutdown within 30 seconds or so of the bootup. EDIT: This is what I had to do with one system that needed cleaning...........
#9
-
- Members
-
- 324 posts
TMN Friend
- Location: Aberdeen, WA
Posted 14 June 2005 - 06:05 PM
Wow!!!! So much info!!!! Thank you all!!!!!!! A little recap- I do have the latest S-t-i-n-g-e-r from McAfee and no virus, I have run all virus removal tools from McAfee and no virus. I ran a full system scan in safe mode-nothing. The weird thing is that this started on Saturday when I had XP Home and was still there on Sunday AFTER installing XP Pro!!!!! I also have a great utility called TUT (The Ultimate Troubleshooter) from Answers That Work.com, I think that's the URL. Anyhow, this program explains almost all tasks and services and startups that you have going on at any given time. It then suggests what to do, like delete or disable or don't touch, etc. I can't live without it!!!!!!!!!!!!!!! You do not need to go to Msconfig when you have this. There are tons of other things you can do from this utility. Check it out. In the meantime, I will keep everybody informed as I have just started a case right now with Microsoft on this Lsass.exe issue and they will getting back to me within 24 hrs. PS: Boot INI files, aw, no thanks not a place for me to go!!!!!!!!!!!!!!! 
Cak46-I checked and I do not have Avserve2.exe, not in windows or my registry : 
Cak46-I checked and I do not have Avserve2.exe, not in windows or my registry :
#10
-
- Inactive Moderator
-
- 2,883 posts
TMN Sr. Veteran
Posted 14 June 2005 - 06:35 PM
From searching on http://support.microsoft.com, ity sounds like it could be related to the Sasser worm. More info here: http://www.microsoft...ent/sasser.mspx
#11
-
- Members
-
- 997 posts
TMN Friend
- Location: Maine-USA
Posted 14 June 2005 - 06:41 PM
Quote
From searching on http://support.microsoft.com, ity sounds like it could be related to the Sasser worm. More info here: http://www.microsoft...ent/sasser.mspx
#12
-
- Members
-
- 324 posts
TMN Friend
- Location: Aberdeen, WA
Posted 14 June 2005 - 07:02 PM
Well, I just ran Microsoft's Malicious Software Removal Tool and came up with nada. 
I sure hope that Microsoft comes up with a suggestion that we're all not thinking about. :!:Wow, what a learning curve that would be!!!!!!!!!! 
;) This issue is all over the net. :!:The LAST thing I wan't to hear from them is " You'll have to do a clean install" 
Not!!!!!!!!!!! 
I sure hope that Microsoft comes up with a suggestion that we're all not thinking about. :!:Wow, what a learning curve that would be!!!!!!!!!! ;) This issue is all over the net. :!:The LAST thing I wan't to hear from them is " You'll have to do a clean install" Not!!!!!!!!!!!
#13
-
- Members
-
- 997 posts
TMN Friend
- Location: Maine-USA
Posted 14 June 2005 - 07:06 PM
If you want, download and run a scan with hijackthis then post the results. Might be able to see something running at start up.
Edit: Link to download hijackthis.... http://www.majorgeek...wnload3155.html
Edit: Link to download hijackthis.... http://www.majorgeek...wnload3155.html
#14
-
- Members
-
- 324 posts
TMN Friend
- Location: Aberdeen, WA
Posted 14 June 2005 - 07:13 PM
OK, I'll give it a try. Back soon 
#15
-
- Members
-
- 324 posts
TMN Friend
- Location: Aberdeen, WA
Posted 14 June 2005 - 08:27 PM
StartupList report, 6/14/2005, 8:49:37 PM I already got rid of "House Call Control" It is not something that I'm familiar with at all
StartupList version: 1.52.2
Started from : C:Program FilesHIJACKhijackthisHijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAheadInCDInCDsrv.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1mcafee.comagentmcagent.exe
C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
C:PROGRA~1mcafee.comvsomcvsshld.exe
c:progra~1mcafee.comvsomcvsescn.exe
C:Program FilesLogitechMouseWaresystemem_exec.exe
C:PROGRA~1McAfee.comPERSON~1MpfAgent.exe
C:Program FilesExecutive SoftwareDiskeeperDkService.exe
c:PROGRA~1mcafee.comvsomcvsrte.exe
C:PROGRA~1McAfee.comPERSON~1MPFSERVICE.exe
C:WINDOWSsystem32nvsvc32.exe
c:PROGRA~1mcafee.comvsomcshield.exe
C:Program FilesOutlook Expressmsimn.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesHIJACKhijackthisHijackThis.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon]
UserInit = C:WINDOWSsystem32userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
Logitech Utility = Logi_MwX.Exe
MCUpdateExe = C:PROGRA~1mcafee.comagentMcUpdate.exe
MCAgentExe = c:PROGRA~1mcafee.comagentmcagent.exe
MPFExe = C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
VirusScan Online = "c:PROGRA~1mcafee.comvsomcvsshld.exe"
NvCplDaemon = RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
VSOCheckTask = "c:PROGRA~1mcafee.comvsomcmnhdlr.exe" /checktask
--------------------------------------------------
Load/Run keys from C:WINDOWSWIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM..Windows NTCurrentVersionWinLogon: load=*Registry value not found*
HKLM..Windows NTCurrentVersionWinLogon: run=*Registry value not found*
HKLM..WindowsCurrentVersionWinLogon: load=*Registry key not found*
HKLM..WindowsCurrentVersionWinLogon: run=*Registry key not found*
HKCU..Windows NTCurrentVersionWinLogon: load=*Registry value not found*
HKCU..Windows NTCurrentVersionWinLogon: run=*Registry value not found*
HKCU..WindowsCurrentVersionWinLogon: load=*Registry key not found*
HKCU..WindowsCurrentVersionWinLogon: run=*Registry key not found*
HKCU..Windows NTCurrentVersionWindows: load=
HKCU..Windows NTCurrentVersionWindows: run=*Registry value not found*
HKLM..Windows NTCurrentVersionWindows: load=*Registry value not found*
HKLM..Windows NTCurrentVersionWindows: run=*Registry value not found*
HKLM..Windows NTCurrentVersionWindows: AppInit_DLLs=9vs7sxtxnn585u.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
--------------------------------------------------
Shell & screensaver key from C:WINDOWSSYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:WINDOWSsystem32logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU..Policies: Shell=*Registry key not found*
HKLM..Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:PROGRA~1SPYBOT~1SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
--------------------------------------------------
Enumerating Task Scheduler jobs:
McAfee.com Update Check (DAVE-Martine).job
--------------------------------------------------
Enumerating Download Program Files:
[QuickTime Object]
InProcServer32 = C:Program FilesQuickTimeQTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab
[PCPitstop Utility]
InProcServer32 = C:WINDOWSDownloaded Program FilesPCPitstop.dll
CODEBASE = http://www.pcpitstop...p/PCPitStop.CAB
[{13E23C9E-3018-4AC1-B998-C08BF1814DB0}]
CODEBASE = http://ftp.gurunet.c...GNInstaller.cab
[iCC Class]
InProcServer32 = C:WINDOWSDownloaded Program FilespcpConnCheck.dll
CODEBASE = http://www.pcpitstop...cpConnCheck.cab
[{3334504D-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...C4D/mp43dmo.CAB
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB
[Microsoft.WinRep]
InProcServer32 = C:WINDOWSSystem32Winrep.dll
CODEBASE = https://webresponse....iveX/winrep.cab
[McAfee.com Operating System Class]
InProcServer32 = C:WINDOWSsystem32mcinsctl.dll
CODEBASE = http://download.mcaf...90/mcinsctl.cab
[HouseCall Control]
InProcServer32 = C:WINDOWSDOWNLO~1xscan53.ocx
CODEBASE = http://a840.g.akamai...all/xscan53.cab
[DwnldGroupMgr Class]
InProcServer32 = C:WINDOWSsystem32McGDMgr.dll
CODEBASE = http://download.mcaf...,23/mcgdmgr.cab
[Shockwave Flash Object]
InProcServer32 = C:WINDOWSsystem32macromedflashFlash.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:WINDOWSsystem32SHELL32.dll
CDBurn: C:WINDOWSsystem32SHELL32.dll
WebCheck: C:WINDOWSsystem32webcheck.dll
SysTray: C:WINDOWSsystem32stobject.dll
--------------------------------------------------
End of report, 6,920 bytes
Report generated in 0.016 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
I already got rid of "House Call Control" It is not something that I'm familiar with at all StartupList version: 1.52.2
Started from : C:Program FilesHIJACKhijackthisHijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAheadInCDInCDsrv.exe
C:WINDOWSsystem32LEXBCES.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1mcafee.comagentmcagent.exe
C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
C:PROGRA~1mcafee.comvsomcvsshld.exe
c:progra~1mcafee.comvsomcvsescn.exe
C:Program FilesLogitechMouseWaresystemem_exec.exe
C:PROGRA~1McAfee.comPERSON~1MpfAgent.exe
C:Program FilesExecutive SoftwareDiskeeperDkService.exe
c:PROGRA~1mcafee.comvsomcvsrte.exe
C:PROGRA~1McAfee.comPERSON~1MPFSERVICE.exe
C:WINDOWSsystem32nvsvc32.exe
c:PROGRA~1mcafee.comvsomcshield.exe
C:Program FilesOutlook Expressmsimn.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesHIJACKhijackthisHijackThis.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon]
UserInit = C:WINDOWSsystem32userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
Logitech Utility = Logi_MwX.Exe
MCUpdateExe = C:PROGRA~1mcafee.comagentMcUpdate.exe
MCAgentExe = c:PROGRA~1mcafee.comagentmcagent.exe
MPFExe = C:PROGRA~1McAfee.comPERSON~1MpfTray.exe
VirusScan Online = "c:PROGRA~1mcafee.comvsomcvsshld.exe"
NvCplDaemon = RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
VSOCheckTask = "c:PROGRA~1mcafee.comvsomcmnhdlr.exe" /checktask
--------------------------------------------------
Load/Run keys from C:WINDOWSWIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM..Windows NTCurrentVersionWinLogon: load=*Registry value not found*
HKLM..Windows NTCurrentVersionWinLogon: run=*Registry value not found*
HKLM..WindowsCurrentVersionWinLogon: load=*Registry key not found*
HKLM..WindowsCurrentVersionWinLogon: run=*Registry key not found*
HKCU..Windows NTCurrentVersionWinLogon: load=*Registry value not found*
HKCU..Windows NTCurrentVersionWinLogon: run=*Registry value not found*
HKCU..WindowsCurrentVersionWinLogon: load=*Registry key not found*
HKCU..WindowsCurrentVersionWinLogon: run=*Registry key not found*
HKCU..Windows NTCurrentVersionWindows: load=
HKCU..Windows NTCurrentVersionWindows: run=*Registry value not found*
HKLM..Windows NTCurrentVersionWindows: load=*Registry value not found*
HKLM..Windows NTCurrentVersionWindows: run=*Registry value not found*
HKLM..Windows NTCurrentVersionWindows: AppInit_DLLs=9vs7sxtxnn585u.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
--------------------------------------------------
Shell & screensaver key from C:WINDOWSSYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:WINDOWSsystem32logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU..Policies: Shell=*Registry key not found*
HKLM..Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:PROGRA~1SPYBOT~1SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
--------------------------------------------------
Enumerating Task Scheduler jobs:
McAfee.com Update Check (DAVE-Martine).job
--------------------------------------------------
Enumerating Download Program Files:
[QuickTime Object]
InProcServer32 = C:Program FilesQuickTimeQTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab
[PCPitstop Utility]
InProcServer32 = C:WINDOWSDownloaded Program FilesPCPitstop.dll
CODEBASE = http://www.pcpitstop...p/PCPitStop.CAB
[{13E23C9E-3018-4AC1-B998-C08BF1814DB0}]
CODEBASE = http://ftp.gurunet.c...GNInstaller.cab
[iCC Class]
InProcServer32 = C:WINDOWSDownloaded Program FilespcpConnCheck.dll
CODEBASE = http://www.pcpitstop...cpConnCheck.cab
[{3334504D-9980-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...C4D/mp43dmo.CAB
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB
[Microsoft.WinRep]
InProcServer32 = C:WINDOWSSystem32Winrep.dll
CODEBASE = https://webresponse....iveX/winrep.cab
[McAfee.com Operating System Class]
InProcServer32 = C:WINDOWSsystem32mcinsctl.dll
CODEBASE = http://download.mcaf...90/mcinsctl.cab
[HouseCall Control]
InProcServer32 = C:WINDOWSDOWNLO~1xscan53.ocx
CODEBASE = http://a840.g.akamai...all/xscan53.cab
[DwnldGroupMgr Class]
InProcServer32 = C:WINDOWSsystem32McGDMgr.dll
CODEBASE = http://download.mcaf...,23/mcgdmgr.cab
[Shockwave Flash Object]
InProcServer32 = C:WINDOWSsystem32macromedflashFlash.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:WINDOWSsystem32SHELL32.dll
CDBurn: C:WINDOWSsystem32SHELL32.dll
WebCheck: C:WINDOWSsystem32webcheck.dll
SysTray: C:WINDOWSsystem32stobject.dll
--------------------------------------------------
End of report, 6,920 bytes
Report generated in 0.016 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
#16 Guest_helloimtim_*
-
- Guests
Posted 15 June 2005 - 12:23 AM
Try these 2 links. They are safe and really work great. I have trusted both for over a year and I have no idea how to read hijack this logs. Both sites do the for you. Never crashed my xp once. http://www.hijackthis.de/ or http://www.help2go.c...e=HJTDetective
#17
-
- Members
-
- 997 posts
TMN Friend
- Location: Maine-USA
Posted 15 June 2005 - 01:20 PM
69Rat: Since you're working with MS, might want to show them this entry
HKLM..Windows NTCurrentVersionWindows: AppInit_DLLs=9vs7sxtxnn585u.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
Here is information on what the appinit_dlls does. Could possibly be the problem.
http://support.micro...kb;en-us;197571
I'll continue to research......
Edit: Some viruses are know to use this entry in the registry to load on boot. Try searching for 9vs7sxtxnn585u.* with find/seach for files and see what comes up and where it is. Link for some information on viruses associated with this registry entry..... http://www.google.co...rus&btnG=Search
BTW: Make sure if you have rebooted since last hijackthis that you run it again and make sure the file name hasn't changed for this registry entry....
HKLM..Windows NTCurrentVersionWindows: AppInit_DLLs=9vs7sxtxnn585u.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
Here is information on what the appinit_dlls does. Could possibly be the problem.
http://support.micro...kb;en-us;197571
I'll continue to research......
Edit: Some viruses are know to use this entry in the registry to load on boot. Try searching for 9vs7sxtxnn585u.* with find/seach for files and see what comes up and where it is. Link for some information on viruses associated with this registry entry..... http://www.google.co...rus&btnG=Search
BTW: Make sure if you have rebooted since last hijackthis that you run it again and make sure the file name hasn't changed for this registry entry....
#18
-
- Members
-
- 2,844 posts
TMN Sr. Veteran
- Location: Amarillo,TX
Posted 15 June 2005 - 03:34 PM
69 rat &cak46 I put in this link http://www.enigmasof...=42&productid=4
I tried it & it was a DL for Spy Hunter version 2.0.1086 the site said it would get rid of the
Lsass.exe.I ran it on my OS but I do not have the Lsass.exe virus so I can't say it will remove it .It looked like just another anti spyware program to me.
One thing I found said don't delete Lsass.exe from the system 32 folder
I tried it & it was a DL for Spy Hunter version 2.0.1086 the site said it would get rid of the
Lsass.exe.I ran it on my OS but I do not have the Lsass.exe virus so I can't say it will remove it .It looked like just another anti spyware program to me.
One thing I found said don't delete Lsass.exe from the system 32 folder
#19
-
- Members
-
- 997 posts
TMN Friend
- Location: Maine-USA
Posted 15 June 2005 - 03:50 PM
Quote
69 rat &cak46 I put in this link http://www.enigmasof...=42&productid=4
I tried it & it was a DL for Spy Hunter version 2.0.1086 the site said it would get rid of the
Lsass.exe.I ran it on my OS but I do not have the Lsass.exe virus so I can't say it will remove it .It looked like just another anti spyware program to me.
One thing I found said don't delete Lsass.exe from the system 32 folder
I tried it & it was a DL for Spy Hunter version 2.0.1086 the site said it would get rid of the
Lsass.exe.I ran it on my OS but I do not have the Lsass.exe virus so I can't say it will remove it .It looked like just another anti spyware program to me.
One thing I found said don't delete Lsass.exe from the system 32 folder
#20
-
- Members
-
- 2,844 posts
TMN Sr. Veteran
- Location: Amarillo,TX
Posted 15 June 2005 - 04:09 PM
cak46 I didn't think it was on my ME but since I had DL a new anti spyware program I ran it anyway.It didn't find anything so I guess spybot & adaware are taking care of spyware alright for my os. Because some members were saying how good Kaspersky is I went to their site.The have a beta web search scan(this is not the same thing as their onlie scan for a single file) anyway it scans your pc for viruses like you had the Kaspersky program it just does it online.I ran it twice & it found zero viruses so I guess my AVG is finding everything.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
