**Sasser Virus** Warning, New Strain (again)

Page may contain affiliate links. Please see terms for details.

Sp!ke

Administrator
Joined
Jun 2, 2002
Messages
11,968
Location
West London
Car
SL500 & The Fart Car
***Warning to all***

News just out, the Sasser Virus has mutated again. The existing Microsoft patch (KB835732) will stop you getting infected but if you are already infected, with this variant, the Microsoft removal tool does not clean your PC anymore.

The mutation is simple, the new infected file is lasss.exe instead of lsass.exe.

To fix this, kill lsasss.exe in task manager and then go into the registry HKLM\LM\Software\Windows\Run and delete the lsasss.exe key.

Then go C:\Windows and delete lsasss.exe

Be careful out there. :mad:
 
sounding dumb - but I have lsass.exe (two S's) running - yet have installed MS patch, have hardware firewall (properly set up by IT mate), and antivirus (up to date)

no indication of sasser (pc doesnt shut down / go sluggish)
 
guydewdney said:
sounding dumb - but I have lsass.exe (two S's) running - yet have installed MS patch, have hardware firewall (properly set up by IT mate), and antivirus (up to date)

no indication of sasser (pc doesnt shut down / go sluggish)

Ditto here :crazy:
 
Yes, same here too. I have several copies of lsass.exe on my win2k system which seem to be legit system files. I have sophos AV it's got the latest versions of sasser covered (SASSER - A , SASSER - B, SASSER - D and SASSER - E) & says no infections.

No instances of the lasss.exe file on my system . so I think I am ok.
 
guydewdney said:
sounding dumb - but I have lsass.exe (two S's) running - yet have installed MS patch, have hardware firewall (properly set up by IT mate), and antivirus (up to date)

no indication of sasser (pc doesnt shut down / go sluggish)

lsass.exe (double-s) is your Windows Local Security Authority Service. This is a required component of your operating system. Don't delete it.
 
Do a search for the Lsasss.exe (3 S's) if you havn't got it on your machine and the above Microsoft scanner shows clear then you are OK.

If you have this file then you are infected. (Started finding loads this morning here at work)
 
Sp!ke said:
The mutation is simple, the new infected file is lasss.exe instead of lsass.exe.


Spike, I guess the spelling mistake (lasss.exe ) was a deliberate ploy to confuse us non techies :D
 
steve_bcs said:
Spike, I guess the spelling mistake (lasss.exe ) was a deliberate ploy to confuse us non techies :D

OOOPS you're right LSASSS.EXE
 

Users who are viewing this thread

Back
Top Bottom