Security Basics mailing list archives

RE: Interesting problem

From: "Roger A. Grimes" <roger () banneretcs com>
Date: Fri, 4 Jun 2004 22:44:07 -0400

I'd still be thinking sasser-variant.

Look for the unauthorized executable in memory, and delete.  Review your
Run registry keys and delete the malware.

Roger

************************************************************************
***
*Roger A. Grimes, Computer Security Consultant 
*CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), A+
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by
O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of upcoming Honeypots for Windows (Apress)
************************************************************************
****

 

-----Original Message-----
From: bob martin [mailto:bobmartin_613 () hotmail com] 
Sent: Friday, June 04, 2004 1:22 PM
To: security-basics () securityfocus com
Subject: Interesting problem

Hello all,
We're experiencing an odd problem and I was hoping someone may be able
to give some advice.
Many of our computers are popping up lsass errors and reboot 45 seconds
later.  I immediately thought of sasser, but the windows patch is
installed and our virus definitions are up to date.  Norton doesn't pick
up anything when running a full scan.

Any ideas on this?

Thank you in advance.

_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page -
FREE download!
http://toolbar.msn.click-url.com/go/onm00200413ave/direct/01/


------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Interesting problem bob martin (Jun 04)
- Re: Interesting problem Marcos E. Rodriguez (Jun 07)
- Re: Interesting problem RBabb (Jun 07)
- <Possible follow-ups>
- RE: Interesting problem Roger A. Grimes (Jun 07)
  - Re: Interesting problem Maktub...it is written (Jun 11)