05-22-2005, 09:26 AM
Hi, I happen to come by a computer that puzzled me in what was happening. The computer was acting like as if it was infected by the sasser worm before the patches came out (of course the machine was not infected by the sasser worm), where the computer will force it self to reset in 60 seconds randomly soon after the computer is on. This was even happening in safe mode when networking was enabled. I did some virus scans and after being clean the issue was still present. This machine was running windows xp home and lsass would be in the message for the reset. I wonder what is causing this issue and how I can fix it. Thanks for any help.
05-22-2005, 12:20 PM
Well You've patched it yeah?
It could be that LSASS is being somehow exploited by something else - Have you installed Service Pack 2? It could be that the LSASS.exe or your whole Operating System is damaged/corrupt somehow and it would be better to reinstall the whole lot ;)
What Virus Scanner are you using?
05-22-2005, 07:52 PM
If you don't want to update to SP2, here is a link (http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx) where you will be able to download the patch. Symantec has good virus removal instructions if you would like to remove it manually (http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html). It advises that you should install the patch before starting the manual removal process.
05-22-2005, 08:14 PM
Also get yourself a decent firewall ;)
05-22-2005, 10:17 PM
Hey thanks guys, anyways I just decided to reformat the computer and install sp2, It had more problems then just this, so I figured it would take less time just to reinstall considering there wasn't much on there that needed backup. The computer was running nortan AV 2003 with latest definitions. It turns out the person who has this computer was not doing any windows updates (still at xp sp 1 level) and had no firewall. With 6 different worms appearing in nortan 2003 (interestingly NOT sasser) plus a whole lot of spyware all over the place, even after removing them in safe mode and fiddling around in knoppix Im not surprised if the OS is damaged or something is still lurking around.
05-22-2005, 10:30 PM
Whenever I get given a computer or purchase a second hand one I reformat the disk and reinstall the OS to make a fresh start ;)