Am I being HACKED!??
Am I being HACKED!??
Ok..... here's my problem,
It all started in the early hours of Friday morning. First my CD-Rom's light flashes and then my entire system hangs! I started up my PC in safe mode, checked out my virus and firewall logs and there it was....... LSASS EXPLOIT initiated by some freakin IP that i can't recall right now. So i ran a virus scan, (I use PC Cillin with the latest virus DAT) and it removed some or other SD_Bot virus. Thinking that my problem had been sorted out, i logged back onto the net only for it all to happen AGAIN!!
After restarting my machine, I quickly logged onto the net to DL the latest McAfee Stinger, logged off and then run a scan with that. Sure enough, it found another SD_Bot worm/virus and deleted it. To cut a long story slightly shorter, all my attempts to restore my PC to it's former "happy browsing days" failed miserably as I kept experiencing the same system lockup scenario I described earlier.
So I formated my PC and did a fresh install of everything....... updated ALL of XP's updates, my virus DAT files, you name it.
Everything was running smoothly again until about 1hr ago, when EXACTLY the same thing happened to me again! This time the firewall logs pointed out another exploit...... MS05-039_Plug and Play Explloit!!! A subsequent full system scan (Spyware & Virus) didn't find anything this time round.
PLEASE HELP, i'm losing my mind here!
It all started in the early hours of Friday morning. First my CD-Rom's light flashes and then my entire system hangs! I started up my PC in safe mode, checked out my virus and firewall logs and there it was....... LSASS EXPLOIT initiated by some freakin IP that i can't recall right now. So i ran a virus scan, (I use PC Cillin with the latest virus DAT) and it removed some or other SD_Bot virus. Thinking that my problem had been sorted out, i logged back onto the net only for it all to happen AGAIN!!
After restarting my machine, I quickly logged onto the net to DL the latest McAfee Stinger, logged off and then run a scan with that. Sure enough, it found another SD_Bot worm/virus and deleted it. To cut a long story slightly shorter, all my attempts to restore my PC to it's former "happy browsing days" failed miserably as I kept experiencing the same system lockup scenario I described earlier.
So I formated my PC and did a fresh install of everything....... updated ALL of XP's updates, my virus DAT files, you name it.
Everything was running smoothly again until about 1hr ago, when EXACTLY the same thing happened to me again! This time the firewall logs pointed out another exploit...... MS05-039_Plug and Play Explloit!!! A subsequent full system scan (Spyware & Virus) didn't find anything this time round.
PLEASE HELP, i'm losing my mind here!
"YOU MUST BE THE CHANGE YOU HOPE TO SEE IN THE WORLD" Mahatma Gandhi
- hamin_aus
- Forum Moderator
- Posts: 18363
- Joined: 28 Aug 2003, 02:00
- Processor: Intel i7 3770K
- Motherboard: GA-Z77X-UP4 TH
- Graphics card: Galax GTX1080
- Memory: 32GB G.Skill Ripjaws
- Location: Where beer does flow and men chunder
- Contact:
Sounds like it might be some variant of the SASSER virus, normal AV will clean it, but unless you apply the MS patch, you will just keep getting reinfected...
Sasser Patch
Try that, and let us know what happens.
Sasser Patch
Try that, and let us know what happens.
I agree... the current SP2 installation file that's available seems to work pretty well! I've been up and running on SP2 for quite a while now, and I've got no complaints.
\"Two things are infinite: the universe and human stupidity; although I am not sure about the former.\" Albert Einstein
November 10th, 2004; I\'m gonna miss you mom
May 3rd, 2007; Missing you gramps
November 10th, 2004; I\'m gonna miss you mom
May 3rd, 2007; Missing you gramps
- hamin_aus
- Forum Moderator
- Posts: 18363
- Joined: 28 Aug 2003, 02:00
- Processor: Intel i7 3770K
- Motherboard: GA-Z77X-UP4 TH
- Graphics card: Galax GTX1080
- Memory: 32GB G.Skill Ripjaws
- Location: Where beer does flow and men chunder
- Contact:
Never used Avast myself.
Iceblade, maybe put that in the Neat Stuff to D/L thread.
KikAsH, If you have PC Cillin Internet Security 2005, you're doing alright.
I use that and admit to visiting some rather shady sights, but have never had any problems
Resistance is futile, you need to load SP2.
Probably on top of a fresh install of XP.
Iceblade, maybe put that in the Neat Stuff to D/L thread.
KikAsH, If you have PC Cillin Internet Security 2005, you're doing alright.
I use that and admit to visiting some rather shady sights, but have never had any problems
Resistance is futile, you need to load SP2.
Probably on top of a fresh install of XP.
Thanks for the advice guys.
I'm busy downloading the latest SP2 release right now. (The one i've got on disc I KNOW is some buggy beta version )
I just hope my PC doesn't suffer from any LOCKUPS while i'm DL'ing cause I haven't installed a DL manger since my format, just using Firefox's DL Manger tool!
Anyway, thanks again
I'm busy downloading the latest SP2 release right now. (The one i've got on disc I KNOW is some buggy beta version )
I just hope my PC doesn't suffer from any LOCKUPS while i'm DL'ing cause I haven't installed a DL manger since my format, just using Firefox's DL Manger tool!
Anyway, thanks again
"YOU MUST BE THE CHANGE YOU HOPE TO SEE IN THE WORLD" Mahatma Gandhi
-
- Registered User
- Posts: 961
- Joined: 30 Jul 2004, 02:00
- Location: Limpopo
As soon as you finish a new install of SP1 and you connect to the net, you get the LSASS exploit. It's as if windows knows to look for it straight away. If you don't have SP2 and have to do it the long way (installing SP1 then upgrading to SP2) Make sure you have the latest M.S. patches for for LSASS, MSBLAST etc. Install the patches before thinking of connecting to the net.
If you've had problems with SP2. Downloading the latest drivers for EVERYTHING you have will sort it out.
And off topic quickly while you're mentioning avast, mcaffee, nav scanners. Check this out.
http://anti-virus-software-review.topte ... itdefender
I just converted from AVG (got major bugs lately) to Bitdefender. It is awesome and uncompairably better than AVG Free. The price is definately worth it. Under R100 for a years subscription.
If you've had problems with SP2. Downloading the latest drivers for EVERYTHING you have will sort it out.
And off topic quickly while you're mentioning avast, mcaffee, nav scanners. Check this out.
http://anti-virus-software-review.topte ... itdefender
I just converted from AVG (got major bugs lately) to Bitdefender. It is awesome and uncompairably better than AVG Free. The price is definately worth it. Under R100 for a years subscription.
-
- Registered User
- Posts: 403
- Joined: 16 Jul 2005, 02:00
- Location: The Wikiversity, brushing up on my Igpay Atinlay
- Contact:
Hey kikash,
Hope your problems get sorted out.
Just a quick suggestion. When you have some free time, why don't you try out Linux (I recommend Ubuntu). If you like it, you'd be happy to know it's argueably alot more secure than Windows.
Just some advice. Use it, don't use it.
Hope your problems get sorted out.
Just a quick suggestion. When you have some free time, why don't you try out Linux (I recommend Ubuntu). If you like it, you'd be happy to know it's argueably alot more secure than Windows.
Just some advice. Use it, don't use it.
What is this "Microsoft" that you speak of? Washing powder? Coffee? Correction fluid? I can't figure it out. Anyone else know?
-
- Registered User
- Posts: 6
- Joined: 23 Sep 2005, 02:00
To be honoust I dont know how the MS patch against the Lsass virus works. Or what its there for.
Even if you have it installed if some application would do a shell command
like TASKKILL -IM LSASS.exe /F you would get the exact same effect.
"WindowsXP shutting down after 30seconds"
Meabe it blocks the "known" LSASS virus but someone else could easily
make another LSASS virus.
KikAsH Sometimes i like to be hacked.
Like to know the enemy and how it goes about.
Even if you have it installed if some application would do a shell command
like TASKKILL -IM LSASS.exe /F you would get the exact same effect.
"WindowsXP shutting down after 30seconds"
Meabe it blocks the "known" LSASS virus but someone else could easily
make another LSASS virus.
KikAsH Sometimes i like to be hacked.
Like to know the enemy and how it goes about.
- hamin_aus
- Forum Moderator
- Posts: 18363
- Joined: 28 Aug 2003, 02:00
- Processor: Intel i7 3770K
- Motherboard: GA-Z77X-UP4 TH
- Graphics card: Galax GTX1080
- Memory: 32GB G.Skill Ripjaws
- Location: Where beer does flow and men chunder
- Contact:
BinaryNrWith_A_2init wrote:To be honoust I dont know how the MS patch against the Lsass virus works. Or what its there for.
Even if you have it installed if some application would do a shell command
like TASKKILL -IM LSASS.exe /F you would get the exact same effect.
"WindowsXP shutting down after 30seconds"
Meabe it blocks the "known" LSASS virus but someone else could easily
make another LSASS virus.
KikAsH Sometimes i like to be hacked.
Like to know the enemy and how it goes about.
Edit: I dont want to be mean to a newbie, but if you think all the sasser virus did was kill LSASS, then you have not read up on it enough.
This is a good place to start....