Hi, there's probly allready a thread about this, but I couldn't find one. Has anyone else encountered the "LSA Shell" virus? Well, it seems to be getting everyone today(and yesterday). My friend got it, aswell as my dad's entire workplace(they have government computers, so obviously this thing is good at gettin through security), and got ours aswell. Right now, I'm running in safemode, and trying to fix the problem. Has anyone else managed to remove it? If so, what all files do I have to change/remove for my system to be clean again? They had about 20 systems in at the local computer store, with the exact same thing, so if I were to take it in, it would be a long wait. Any help would be greatly appreciated. Thanx,
Apparently, it's called the Sasser worm(because it messes up the mandatory system process, Isass) and I found information on fixing it here. To be able to have time to download the fix, you will have to be in safemode with networking, or else have at connection presumably faster than DSL(I have a connection similar to DSL, and it only got half done downloading before the virus kicked in and shut down my computer).
seems to me like if all of your ports are stealth ports you are safe... I do not know much about this, but it scans ranom ips, I guess a mini port scan, I mean it needs to go through an open port and all.
Yeah, I can easily see how it could get through our home computer, as we have no firewall, just an ancient version of McAffee. But I found it rather shocking that it could get to my dad's federal machines, as security is top-notch on them. Have you had any trouble with this Peo? (today or in the past)
BTW, I seem to have successfully removed it. All you have to do is go into "Safemode with networking" and download the updates in my above post.
nope, I installed the update this mourning. But I would be vulnerable because I have 3 ports open. Http, shoutcast, ftp, and I am in a dmz on my router, so I would be in the same boat as you. I have this sophos virus scanner, that is up to date, runs in a prompt... its pretty awesome, but thats about it. My mom is safer then me lol, because she is behind the firewall. But she is more likely to get something, she is always giving me stuff because she opened attachments... I put norton on her machine because I was sick of getting her germs.
The virus seems to have corrupted my sound driver(SoundMAX Integrated Digital Audio) before I took care of it. It is playing all the system sounds fine(ie: alert sound, error beeps, etc.), but it won't play any other sounds. Also, when I open programs that require the audio driver(ie: Windows Movie Maker, Sound Recorder, etc.), it brings up the following error message:
<insert app name> cannot record or play back because a sound device is not installed. To install a sound device, go to Control Panel, click Printers and Other Hardware, and tehn click Add Hardware.
I went to the control panel, but wasn't able to fix anything from there. Can someone help me?? Thanks,
To reload your sound driver, delete it in Device Mgr. Then reboot. Windows will reload it. If the file is truly corrupted, you'll need to download a new version from the Internet or install from your driver CD. Note: sometimes the only way to really get rid of the existing driver is to do it in Safe Mode (remove all audio-related drivers listed in the Dev. Mgr. - there may be several duplicates), so I'd suggest doing it that way in the first place.
Close all that you have worked on
You ask far too much