[HAPPYCAMPER]

The information in your threads has been extreemly helpful in the past thank you for this site.

I have been working on my daughters computer. She has an emachine monster 600.

I replaced the hard drive with a 80G drive and loaded XP home(SP1). Seems to work ok until I try to download anything from the internet. It freezes up then I get a critical system process shut down.

Perhaps if I could update to SP2 this might solve the problem but at the moment I am in a catch 22.

C:\windows\system32\lsass.exe
failed with status code c0000005 or 1073741819

MS status codes for this error cover windows 2000 but not XP. I have not read anything in any of the threads covering this issue. I'm thinking I may have a hardware issue perhaps memory or Bios.

Any Ideas ???

[Advertisements]

Problems with lsass.exe are commanly caused when your infected with Sasser Worm.
Go to the following link to scan for it:
http://www.microsoft...ve/default.mspx
If u get a clean bill, also try these steps. (link).
If in any step, u detect an malware infection go to the Malware Removal Forum.
Otherwise, U may continue this thread.

[darth_ash]

Problems with lsass.exe are commanly caused when your infected with Sasser Worm.
Go to the following link to scan for it:
http://www.microsoft...ve/default.mspx
If u get a clean bill, also try these steps. (link).
If in any step, u detect an malware infection go to the Malware Removal Forum.
Otherwise, U may continue this thread.

[HAPPYCAMPER]

 ewido_Scan_3_report_20050727.txt   1.1KB   117 downloads  ewido_Scan_3_report_20050727.txt   1.1KB   117 downloads  ewido_Scan_3_report_20050727.txt   1.1KB   117 downloadsWell here I am going thru the process. I know this old computer is not worth the time but the learning experience is priceless. Thank you for bearing with me so far.

I am determined to leave this computer off line until it is clean and reasonably safe therefore I have physically unpluged the cable and am moving programs via cd burner.

Since I am not online yet I can not update the definitions but so far I have cleaned most of the recognized malware files but there are four exceptions. I have scanned with ewido and ad-aware serveral times and keep trying to delete three registry keys and a file in the system32 to no avail.

Using reg edit trying to remove the registry file they are designated as predetermined and cannot be removed. How do I go about removing these keys??

also in windows\system32 ewido says rdrv.sys is infected but of course I cannot remove it because it is in use.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:10:54 PM, 7/27/2005
+ Report-Checksum: F606A936

+ Scan result:

HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning
C:\WINDOWS\system32\rdriv.sys -> Trojan.Rootkit.k : Cleaned with backup


::Report End
Logfile of HijackThis v1.99.1
Scan saved at 1:52:47 PM, on 7/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Messenger\msmsgs.exe
E:\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1122319165069
O23 - Service: AOL Instant Messenger (AOL Instant Messenger) - Unknown owner - C:\WINDOWS\rofl.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iTunes MusicService - Unknown owner - C:\WINDOWS\USBBay.exe
O23 - Service: Windows Process Moniter - Unknown owner - C:\WINDOWS\winmon.exe (file missing)

At this point I feeling pritty brave and I'll take anything off.

Edited by HAPPYCAMPER, 27 July 2005 - 03:15 PM.

[darth_ash]

As i said in Post#2;
Pls. Go to the Malware Removal Forum and post the logs. Not here.

Edited by darth_ash, 28 July 2005 - 01:34 AM.

[HAPPYCAMPER]

Sorry And Thanks.