Help needed cant shift PC virus - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HUKD, you accept our cookie and privacy policy.
Get the HUKD app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit
Expired

Help needed cant shift PC virus

RockstarRob Avatar
1d, 2m agoPosted 1 decade, 2 months ago
Hi,

My pc developed a virus on Sunday night from a program opened via the free premiership football website featured a few threads down. The item lsas export is on my zonealarm access to the internet list and as I have never noticed this before I looked it up online and found out it was a worm virus. I have tried everything to remove it from AVG free to Microsoft Malicious software removal and even a few full installs and nothing shifts this problem.

I tried Norton with the worm scanner but the virus is stopping updates being installed properly, Is there anything I can do?.

Thanks:-)
Tags:
RockstarRob Avatar
1d, 2m agoPosted 1 decade, 2 months ago
Options

All Comments

(45) Jump to unreadPost a comment
Comments/page:
Page:
#1
Have you tried Avast Anti-Virus, it's what i am using at the moment, does a good job so far. Sorry i cant be of much more help, sounds like a nasty worm.
#2
Are you sure it's a virus?

Lsass.exe is a windows system file. and it needs internet access which is why your firewall allows it.

A quick google search for "LSASS EXPLOIT" which I guess you mean may give you more info.

What effect has this virus had ?
#3
The virus stops and freezes windows update and doesnt allow me update norton beta 2007. I notice no slowdowns with the pc just never noticed that program before on zonealarm. When I reset my pc I installed the full Norton and it woudnt let me download the virus updates.
#4
Lsass.exe is running on my pc and allowed in my firewall.

Sorry can't offer much more help other than googling for "lsass exploit removal tool" and seeing what crops up.
#5
Take a look here: http://www.sophos.com/security/analyses/w32agobotlm.html

Might be useful, it's a worm that blocks anti virus software.

Just another recommendation [same as TheManWithNoName above ementions] for Avast Anti Virus... It catches everything and it's free too.
#6
Or try Kaspersky, or AVG, they are good.

Oh, and have you tried going to the Symantec website and getting a virus removal tool free from them?
#7
Well I tried a few of the anti virus progs and the virus hasnt been recognised, but have just downloaded a sasser worm fixer from Symantec so fingers crossed this should work.
#8
Try McAfee's free stinger program - it can remove most viruses and worms, including sasser and its variants.

http://vil.nai.com/vil/stinger/
#9
RockstarRob
The virus stops and freezes windows update and doesnt allow me update norton beta 2007. I notice no slowdowns with the pc just never noticed that program before on zonealarm. When I reset my pc I installed the full Norton and it woudnt let me download the virus updates.

Rob - first thing I'll say is norton is rubbish... and then move on.;-)

The programme is used elsewhere in your internet settings and managing your connection - as said by Bob.

from what you're saying there is definitely a virus active on your machine - because it doesn't want you to get security updates.

try downloading from >here<
that should let you update the norton definitions- if it successfully updates restart in safe mode and do a full scan.
If you do find a virus and remove it - that may only be half the battle - in all likelihood a modern virus will try and install some adware & spyware in there too. Ad-aware for the win :)

keep us posted and if you want any more help - PM me - my rates are fairly reasonable.


:evil:
#10
Well I just tried the update Christt and downloaded it and it sais I am already running a newer version so wont update. I tried the sassa worm scanner from Symantec and the results were negative.

Not sure what to do really, dont think its a high risk virus but is proving quite frustrating.
#11
christt
Rob - first thing I'll say is norton is rubbish... and then move on.;-)



ok now that we're agreed on that - can you try to download the AVGfree programme. This will let you get the virus scanner installed, then the update files are available from the same page. download them both to start with, then ditch norton altogether before installing. Norton hates having any other security software on your machine.

When you say low threat virus... i disagree - anything that permits your computer to communicate with an outside machine is a serious risk. how confident are you that you have erased ALL financial transactions from your PC?

:evil:
#12
Norton is gone, have istalled Avast and AVG and ran full system scans on them both and both results are all clear. Adaware and spybot scans picked up a couple each and zone alarm pro spyware picked 1 up.
#13
If you want a free year of Kaspersky you can download this...considered the best virus protection in most tests...it's from AOL but you don't have to be a customer.
http://http://www.download.com/AOL-Active-Virus-Shield/3000-2239_4-10568703.html?tag=lst-0-1
#14
[SIZE=2]Remember also, if you're doing a full system scan for spyware etc, its often best to switch off system restore before you do so. Otherwise, anything in here will still be present after running the scan. Remember and switch back on if you use this facility though.[/SIZE]
#15
If the link is incorrect you can get it at www.cnet.com just put a search into the download section for AOL anti virus .
#16
Would it be worth taking the pc to my local pc world, would they be able to get to the bottom of the problem ?.
#17
RockstarRob
Norton is gone, have istalled Avast and AVG and ran full system scans on them both and both results are all clear. Adaware and spybot scans picked up a couple each and zone alarm pro spyware picked 1 up.


Did they pick up programmes or cookies?


:evil:
#18
They'd probably charge quite a bit to sort it...

Have you tried searching for this: W32/Agobot-AA Which looks more like something AdAware or SpyBot might find... Or is the actual process shown in ZoneAlarm Isas Export or isas.exe?
#19
Doh! Just noticed you've tried AdAware and SpyBot... Did you search your computer from the Start menu, Search?
#20
I just did a search and there were 4 files lsas.exe and lsad.dll. one set in the windows 32 section and one set in the i86 or whatever the folder is. I just deleted the later because I read it duplicates the file and uses it. Was I right in doing this?.
#21
Okay... I think you'll be safe deleting all those references, but check this out first: http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/
#22
Also check out this one first: http://www.auditmypc.com/process/lsas.asp
#23
If i had a situation like this I'd format the HDD and re-install windows because I couldn't be 100% sure all the viruses/worms/adware/spyware had been removed.

That said, I tend to re-windows every ~6 months or so as it improves performance in windows anyway. If you do that make sure you install all your antivirus/antispyware/firewall software (with updates) BEFORE browsing the net. These programs tend to be much better at preventing rather than removing an infection.

If you take this (rather drastic but possibly benificial) route, you'll need to backup EVERYTHING on your hard drive. Otherwise you'll lose it.
#24
What Mark says is a good idea, but i've taken it one step further.
I have 2 physical hard disks, one with windows on it (plus other stuff that ends up on it :( ) and a 2nd physical disk, split into 2 logical drives.

I therefore have "c:", "d:" and "e:" drives. Like Mark said, i also blitz my windows drive every so often, and the most i'd lose would be my settings for windows and my msn emoticons lol.

Tis a good idea if your machine can cope and you know how to set it up, cos viruses really does cause havoc once they're in.

With regards to PC World. Be careful if there is anything you might deem inappropriate on there. I am NOT saying you would have, but they're might be. Ask one Gary Glitter

Good luck all the same :)
#25
Thanks for the input guys!!

Just updated Ad-Aware and it located a Trojan!!! so looks like the problem is solved. Still have the lass.exe on the zonealarm programs but that only appeared when I installed msn messenger so looks like problems solved :thumbsup: .
#26
I like http://www.pandasoftware.com/products/ActiveScan.htm

This active scan seems to pick up so much spyware that spybot and spyware doctor don't see, also great for identifying viruses, trojans, worms. The only problem is it doesn't remove them all as its freeware. However if it comes up clean I would be happy my PC is virus free.( i have used avast, kapersky, avg, norton and this seems to pick up the most ).
Ultimately I reformat as well every so often just to be really safe.

You need to run it on IE, so switch over from Firefox first.
#27
Thanks to all who've contributed to this thread...it has provided some useful ideas if I should ever have an unwanted intrusion on my PC..fortunately to date I have managed to get rid of them without much more effort than ensuring I run scans at regular intervals....one thing you learn to appreciate with a PC is good housekeeping.
1 Like #28
If you find people's advice useful please can you leave them reputation. cheers.
#29
Was that a cleverly disguised hint towards yourself eh markwills :-P
#30
markwills
If you find people's advice useful please can you leave them reputation. cheers.


Just given you exactly what you want..some good reputation man!!!
#31
haha cheers ;-)
#32
you could search your hdd for "lmhost" this is a system file that can be opened in notepad but dont ammend it if your not sure ;) I have had a virus before that entered all antivirus programs you can think of in a list at the bottom of this file etc and blocked them from updating etc. if you have any antivirus programs in the list delete them as this is likeley to be the cause.
#33
I was surfing this site on my laptop for a few hours last night and this morning my laptop is busted.

Unable to connect to internet

Runtime error

Isass.exe found

NIGHTMARE !!

Anyone fancy helping me out ? Please ?
#34
Hi Jon. If you are unable to connect to the internet how did you submit your post? When do you get the run time error - what are you doing at the time? Can you give is the exact lsass.eve error and any details that go with it?

I would suggest starting your own thread... I'm sure we can offer advice between us.
#35
I'm using another PC, not the lappy right now.

I turn on the lappy and although it boots up... no icons appear, I do ctrl / alt / delete and can see that Isass.exe is in the list.

I've ended the odd thing and then as if by magic the icons appear and then thats when it shows that the internet cannot connect and run time error applies, sorry for being vague but this is not my 'chosen subject'
#36
First of all Lsass.exe is a genuine Windows process so is probably nothing to worry about. Have you got any anti virus/ad aware software installed on the laptop at the moment? I would restart the laptop and run this first.

There are a number of things that could be causing the problems you have so we needs to narrow it down. Are there more than 1 person that use the laptop? Is it Windows XP home you are running?
#37
[SIZE=2]:thumbsup: I've got to pop to toys r us, with my son, (will look out for some hot deals), so once I'm back I'll sit down and try and help you help me... thanks a million Greg..... [/SIZE]
#38
No problem. I'm sure we'll get to the bottom of it. Another couple of things: -

You didn't say if you have restarted your computer since this happened - have you tried it only once or does it happen every time now?

Did you install anything last night?
#39
Hi Jon exactly the same happened to me as I previously said and my best advice to you is to get hold of Adaware personal:

http://www.filehippo.com/download/d24f8ab0638473e9af779cfbb59530f6/download/

This program removed the trojan that was within the registry and havent had any problems since.
#40
I've just done a search for Imhost and cant find it, what area is it in roughly Ickleo as I would like to make sure no remains of the virus are on my pc. Thanks

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!