Security Basics mailing list archives
RE: Interesting problem
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Fri, 4 Jun 2004 22:44:07 -0400
I'd still be thinking sasser-variant. Look for the unauthorized executable in memory, and delete. Review your Run registry keys and delete the malware. Roger ************************************************************************ *** *Roger A. Grimes, Computer Security Consultant *CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), A+ *email: roger () banneretcs com *cell: 757-615-3355 *Author of Malicious Mobile Code: Virus Protection for Windows by O'Reilly *http://www.oreilly.com/catalog/malmobcode *Author of upcoming Honeypots for Windows (Apress) ************************************************************************ **** -----Original Message----- From: bob martin [mailto:bobmartin_613 () hotmail com] Sent: Friday, June 04, 2004 1:22 PM To: security-basics () securityfocus com Subject: Interesting problem Hello all, We're experiencing an odd problem and I was hoping someone may be able to give some advice. Many of our computers are popping up lsass errors and reboot 45 seconds later. I immediately thought of sasser, but the windows patch is installed and our virus definitions are up to date. Norton doesn't pick up anything when running a full scan. Any ideas on this? Thank you in advance. _________________________________________________________________ MSN Toolbar provides one-click access to Hotmail from any Web page - FREE download! http://toolbar.msn.click-url.com/go/onm00200413ave/direct/01/ ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Interesting problem bob martin (Jun 04)
- Re: Interesting problem Marcos E. Rodriguez (Jun 07)
- Re: Interesting problem RBabb (Jun 07)
- <Possible follow-ups>
- RE: Interesting problem Roger A. Grimes (Jun 07)
- Re: Interesting problem Maktub...it is written (Jun 11)