The original version of this page can be found at : http://forum.bullguard.com/forum/8/HELP-SASSER-S_517.html
Posted By : dabamrak - 5-4-2004 6:10
My computer reboots much and gives the same problem as MS. and Mcafee tell about a sasser worm. But MS says i am not infected en Mcafee couldn't find any virusses :S, what the hell is wrong, my computer says: lsass.exe has shutdown, and your computer will reboot in 30 secs. :S:S, what is wrong :/, can anyone help me??!?! It drives me crazy hop
              Joost
 
 
ps. sorry for my english, i am not very good at it :)
 
 
 
                THX!

Posted By : Destroyer - 5-4-2004 7:20
http://www.bullguard.com/news/default.aspx?ViewId=536
 
 
Here you go, a link to download the anti-sasser, if it finds nothing, come back and tell me smile
 
BTW, english is a lot better than mine ;-)

Posted By : Dedeyes - 5-5-2004 4:28
None of the tools work I have been through all of them .
Symantec ,Sophos ,Bullguard ,AVG ,Mcafee ,And microsoft ,they all say I am not infected .
I followed instructions on how to manually remove it from the registry and the adserve .exe is not there .

I have installed the MS security update .

The only way to stop this thing from rebooting and shutting down Lsass is to go online ,if you don't you can expect to be rebooted within 2 minutes and if you disconnect you've got about half an hour before you get shut down .
Makes me wonder why it wants me to be connected because there is no activity unless I open a page .

I noted another guy mentioned it was still ther even after he reformated , I don't see how thats possible but it could be it seems invulnerable so far .

Posted By : Petria - 5-5-2004 11:47
Did you run a full scan with Bullguard?

In order to stop the restarting process on the NT systems you should perform the following actions:
Go to Start -> Run and type services.msc then press ENTER
In the 'Services' window find the service: "Remote Procedure Call (RPC)" - and not the "Remote Procedure Call (RPC) Locator" - go to the Recovery tab and choose the following action for all the 3 failures: "Take no Action".

Also please make sure that you have the latest Windows updates from Microsoft:
http://windowsupdate.microsoft.com/

Another suggestion: make sure that you enforce complicated passwords to log into your computer.

Posted By : Destroyer - 5-5-2004 5:14
Is there a file name 'avserve.exe' in the processes tab ?

Posted By : rusty - 5-5-2004 9:48
my removal tools couldnt find the virus until i disabled my main protection. Once i turned bullguard off....used my removal tool from bullguards website....then it could see the virus and deleted it. For some reason when i had bullguard active the removal tool wouldnt detect the virus....maybe cuz bullguard was blocking it from accessing the files with the virus. Hope this helps.


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard