Crashing

G

Guest

Guest
Archived from groups: microsoft.public.win2000.file_system (More info?)

When i log onto the internet my pc loads a litle box that
says System shutdown, you now have 1 min to save any work
in progress, it says its due to C:WINNT/system32/lsass.exe
anyone know what i should do?
Send me an E-mail with any support,
thanx Ed =)
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.file_system (More info?)

Hi - sorry, no e-mail replies...

You've been infected by the Sasser worm. This means you didn't apply Windows
Updates (at least not very recently - patch for this came out April 13) and
don't have a firewall enabled....

For WinXP: If you can't stop your computer from restarting:

As soon as your computer reboots and Windows loads, click Start, then Run.
In the box, type the following:

shutdown -a (then click OK)

[for Win2k, shutdown.exe is part of the resource kit and the correct syntax
is
shutdown /a]

Then see http://www.microsoft.com/security/incident/sasser.asp and
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

McAfee's Stinger tool to remove Sasser: http://vil.nai.com/vil/stinger/

MS removal tool for Windows 2000 SP2 and up, or Windows XP:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;841720

Enable your XP firewall (or get a third party one if not on XP or even if
so - www.zonealarm.com has a free one) and run Windows Update regularly to
keep your OS patched to the gills. You also need good antivirus software and
need to keep it updated regularly. As mentioned, the patch for this exploit
was released April 13th...but there are plenty you do need. Perhaps want to
enable the autoupdate feature of Windows Update and subscribe to the
security bulletin announcements at www.microsoft.com/security.

Edward Grovenor wrote:
> When i log onto the internet my pc loads a litle box that
> says System shutdown, you now have 1 min to save any work
> in progress, it says its due to C:WINNT/system32/lsass.exe
> anyone know what i should do?
> Send me an E-mail with any support,
> thanx Ed =)