This has me curious... after I sent my friend home Sat, he came back Sunday
because it had a couple of errors and he couldn't get into control panel. When
he shut it off, he got an error about other users logged on... oh, and what I
thought was spyware and a home page redirector was messenger service. I
rebooted and got an LSA Shell crash error (do you want to send it... message)
- googling associates it with a virus (blaster?) but the only symptom we had
was general goofiness - it didn't exhibit other symptoms.
I scanned it here for both viruses and spyware (he did at home too, on my
recommendation after getting the popups) and everything was clean - I disabled
the messenger service (with the port blocked on my firewall it took me a while
to figure out what it was, as I couldn't repro a browser popup <g> I keep
forgetting about that annoying thing) and so far, he's not getting errors.
Would access via the messenger service be able to lock him out of the control
panel (it was some error about not having permissions). Can that service/port
be used to install (or attempt to install) malware? (I believe it would result
in the 'another user is accessing - do you really want to shut down' message.)
We don't know what caused his problem - other than a huge Norton update - it
was something that required a reboot and it failed on the reboot. I don't know
if his lsa shell crash was just a coincidence or something more...
-----Original Message-----
ZA informed me this morning that the LSA Shell (Export Version) was
trying to access the Internet [or maybe it was trying to act as a
server... I don't remember any more]. I got worried that I'd somehow
gotten infected with some virus or another but two different scans report
me as clean [trend micro and panda].
I found the program
Directory of C:\WINDOWS\ServicePackFiles\i386
08/04/2004 12:56 AM 13,312 lsass.exe
1 File(s) 13,312 bytes
Directory of C:\WINDOWS\system32
08/04/2004 12:56 AM 13,312 lsass.exe
1 File(s) 13,312 bytes
So it looks like it is some Microsoft thing, although I tried googling
for it and mostly got confusing (mostly-non) information about it. What
is it? Why, after being installed eight months ago, would it *today* do
something that would attract ZA's attention? Should I ignore it, give it
internet access, remove it [I assume, since it is an MS thing and it is
running as SERVICE that it is some 'service' I could disable, yes?]
/bernie\
--
Bernie Cosell Fantasy Farm Fibers
mailto:[EMAIL PROTECTED] Pearisburg, VA
--> Too many people, too few sheep <--
--
----------------------------------------
WIN-HOME Archives: http://PEACH.EASE.LSOFT.COM/archives/WIN-HOME.html
Contact the List Owner about problems: [EMAIL PROTECTED]
Unofficial Win-Home List Members Profiles Page
http://winhome.wavijo.com/
--
----------------------------------------
WIN-HOME Archives: http://PEACH.EASE.LSOFT.COM/archives/WIN-HOME.html
Contact the List Owner about problems: [EMAIL PROTECTED]
Unofficial Win-Home List Members Profiles Page
http://winhome.wavijo.com/
