Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Getting angry...


  • This topic is locked This topic is locked

#1
ktownkatman

ktownkatman

    Member

  • Member
  • PipPipPip
  • 168 posts
I was getting an error message "NT AUTHORITY has caused an error in lsass.exe and your system will need to be restarted." then it gives me a 60 second count down then restarts my computer. I scanded it with http://virusscan.jotti.org/ and it said:

AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing




Last file scanned at least one scanner reported something about: Joined.exe, detected by:

Scanner Malware name
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender Dropped:Backdoor.Bifrose.D
ClamAV X
Dr.Web X
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus Trojan-Dropper.Win32.MultiJoiner.11
NOD32 Win32/Bifrose
Norman Virus Control Sandbox: W32/Malware
UNA X
VBA32 X


It realy sucks when i'm in the middle of something and it restarts. Happened about 4-5 times now. btw ad-aware came up clean def file (8-31-05).
  • 0

Advertisements


#2
mpy

mpy

    Member

  • Member
  • PipPipPip
  • 120 posts
You definitely have a virus, most likely a sasser worm.

You must scan ALL of your pc, not just "lsass.exe"

Please click here and follow the instructions.
  • 0

#3
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
what does the sasser do?
  • 0

#4
pogonici

pogonici

    Member

  • Member
  • PipPip
  • 14 posts
can u pls tell what OS do u run?
  • 0

#5
FreddieKrugerGuy

FreddieKrugerGuy

    Member

  • Member
  • PipPipPip
  • 269 posts

what does the sasser do?

View Post


There are alot of different sasser worms and all do different damage on your computer. It's a nasty virus to have and could do some serious damage if it spreads.

Scan your whole harddrive for viruses with AVG or Avast. There are links in my signature.
  • 0

#6
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Umm i have sp1 maybe sp2 im not sure because it doesnt give me the ling in windows updates but HJT says i have sp1. OK ill work on scanning it. would panda work just as well?
  • 0

#7
FreddieKrugerGuy

FreddieKrugerGuy

    Member

  • Member
  • PipPipPip
  • 269 posts

Would panda work just as well?

View Post


Yes, Panda is a great AntiVirus program. :tazz:
  • 0

#8
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Ok ill scan with Panda asap.
  • 0

#9
FreddieKrugerGuy

FreddieKrugerGuy

    Member

  • Member
  • PipPipPip
  • 269 posts
:tazz: Right on!
  • 0

#10
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
11 viruses:




Incident Status Location

Virus:W32/Gaobot.JQK.worm Disinfected C:\RECYCLER\S-1-5-21-1417001333-1580818891-1343024091-1003\Dc1.exe
Virus:W32/Gaobot.JQK.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP30\A0002500.exe
Virus:W32/Sdbot.BCW.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP33\A0002799.exe
Virus:W32/Sdbot.BCW.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP33\A0002800.exe
Virus:W32/Gaobot.JQK.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP33\A0002816.exe
Virus:W32/Gaobot.JQK.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP33\A0002850.exe
Virus:W32/Gaobot.JQK.worm Disinfected C:\WINDOWS\system32\cool.exe
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts
Virus:W32/Gaobot.JQK.worm Disinfected C:\WINDOWS\system32\f.exe
Virus:W32/Sdbot.ftp Disinfected C:\WINDOWS\system32\i
Virus:W32/Sdbot.BCW.worm Disinfected C:\WINDOWS\system32\libsysmgr.exe
  • 0

Advertisements


#11
FreddieKrugerGuy

FreddieKrugerGuy

    Member

  • Member
  • PipPipPip
  • 269 posts
Alot of the infected files are located in the System32 folder in Windows. This problem will have to be dealt with by the experts in the Malware Removal forum.

Please post a HijackThis log there and wait for a response. Tell them what Panda found and also post the Panda scan logfile. :tazz:

Good Luck, hope you system comes out clean!

Freddie
  • 0

#12
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
But Panda removed the viruses didn't it?
  • 0

#13
FreddieKrugerGuy

FreddieKrugerGuy

    Member

  • Member
  • PipPipPip
  • 269 posts
Only if you told it to. Some viruses cannot be removed. In alot of cases the infected file will have to be deleted from the computer.

In your case, alot of infected files are in the Windows folder which means that if deleted, your computer may not function correctly. Did you tell Panda to remove delete the files?

Freddie
  • 0

#14
ktownkatman

ktownkatman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
umm it said "disenfected" and after I ran a second time 3 came up :


Incident Status Location

Virus:W32/Gaobot.JQK.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP33\A0002851.exe
Virus:W32/Gaobot.JQK.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP33\A0002852.exe
Virus:W32/Sdbot.BCW.worm Disinfected C:\System Volume Information\_restore{308F904C-7E38-433E-82A8-E1A1B4507533}\RP33\A0002853.exe
So I dont know how to delete if you mean something other than what it does automatcally.
  • 0

#15
FreddieKrugerGuy

FreddieKrugerGuy

    Member

  • Member
  • PipPipPip
  • 269 posts
Post a HJT log in the Malware Removal forums. I'm not allowed to fix your problem yet. Thanks.

Freddie
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP