|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
07-17-2009, 03:11 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2009
Posts: 1
OS: XP Pro SP3; Vista Home Premium
|
LSA Shellu - lsass.exe
I first noticed this "threat?" a few nights ago. I plugged my external in to my personal laptop (Vista Home Premium) and my Norton 360 v3 (SONAR) notified me of a file attempting to modify my registry. The process was blocked and both my computer and external are clean (according to 360). 360 picked up 2 files, 1 process, and 3 registry entries. The files were:
C:\users\(username)\lsass.exe (external drive):\start.exe - The autorun.inf file was also modified to reflect running start.exe. I began trying to find to find the root of the problem the next day. I knew there was only one system that I plugged my external into. That system is a for work and is not on my network. This system runs Win XP SP3 with Symantec Endpoint. I updated the virus definitions and ran the scan. Nothing found. I looked in C:\documents and settings\Administrator\ and there was the file lsass.exe (Icon is hidden and looks like a printer with a red check mark above it). The start.exe file has the same icon. Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run lsa shellu = c:\documents and settings\administrator\lsass.exe (XP) lsa shellu = c:\users\(username)\lsass.exe (VISTA) I have found 2 other Vista systems, 1 XP System, 3 external HDDs, 1 iPod, and 1 xD card from a camera. Due to the nature of my job (along with everyone else I work with) internet access for personal computers does not exist. We only have access for our work systems. Symantec Virus updates are the only exe file I can download. All other exe and zip files are blocked. Has anyone else ran in to this threat? |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
07-17-2009, 04:44 AM
|
#2 (permalink) | |
|
Moderator, Analyst, Security Team
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP
|
Re: LSA Shellu - lsass.exe
Hello and Welcome to TSF.
We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a Quote:
--------------------------------------------------------------------------------------------- Please follow our pre-posting process outlined here: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply. Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply. |
|
|
|
|
|
| Thread Tools | |
|
|
