Am I being HACKED!??

[KikAsH]

Ok..... here's my problem,

It all started in the early hours of Friday morning. First my CD-Rom's light flashes and then my entire system hangs! I started up my PC in safe mode, checked out my virus and firewall logs and there it was....... LSASS EXPLOIT initiated by some freakin IP that i can't recall right now. So i ran a virus scan, (I use PC Cillin with the latest virus DAT) and it removed some or other SD_Bot virus. Thinking that my problem had been sorted out, i logged back onto the net only for it all to happen AGAIN!!

After restarting my machine, I quickly logged onto the net to DL the latest McAfee Stinger, logged off and then run a scan with that. Sure enough, it found another SD_Bot worm/virus and deleted it. To cut a long story slightly shorter, all my attempts to restore my PC to it's former "happy browsing days" failed miserably as I kept experiencing the same system lockup scenario I described earlier.

So I formated my PC and did a fresh install of everything....... updated ALL of XP's updates, my virus DAT files, you name it.

Everything was running smoothly again until about 1hr ago, when EXACTLY the same thing happened to me again! This time the firewall logs pointed out another exploit...... MS05-039_Plug and Play Explloit!!! A subsequent full system scan (Spyware & Virus) didn't find anything this time round.

PLEASE HELP, i'm losing my mind here!

[hamin_aus]

Sounds like it might be some variant of the SASSER virus, normal AV will clean it, but unless you apply the MS patch, you will just keep getting reinfected...

Sasser Patch

Try that, and let us know what happens.

[KikAsH]

Thx for the reply jamin_za.

That was one of the first things I did once i had a fresh install of XP Pro SP1. Should I install SP2?? I've been hesitant to do it cause my first experience with SP2 wasn't exactly fun!

[hamin_aus]

Yes, please, for the love of all things decent, install SP2 - the benefits far outweigh the drawbacks!

[Dom]

I agree... the current SP2 installation file that's available seems to work pretty well! I've been up and running on SP2 for quite a while now, and I've got no complaints.

[hamin_aus]

Ya, you gotta make sure some dodgy services, like remote registry, and and some annoying ones like that bladdy security center are turned off.
But after that it should be all smiles

[Iceblade]

SP2 turns out to be a must when you wanna stay online

Also try avast anti virus,
it's free but believe me it kicks NAV outa the park

[hamin_aus]

Never used Avast myself.
Iceblade, maybe put that in the Neat Stuff to D/L thread.

KikAsH, If you have PC Cillin Internet Security 2005, you're doing alright.
I use that and admit to visiting some rather shady sights, but have never had any problems

Resistance is futile, you need to load SP2.
Probably on top of a fresh install of XP.

[KikAsH]

Thanks for the advice guys.

I'm busy downloading the latest SP2 release right now. (The one i've got on disc I KNOW is some buggy beta version )

I just hope my PC doesn't suffer from any LOCKUPS while i'm DL'ing cause I haven't installed a DL manger since my format, just using Firefox's DL Manger tool!

Anyway, thanks again

[hamin_aus]

Good luck.
Keep us posted!

[Bio-Hazard]

As soon as you finish a new install of SP1 and you connect to the net, you get the LSASS exploit. It's as if windows knows to look for it straight away. If you don't have SP2 and have to do it the long way (installing SP1 then upgrading to SP2) Make sure you have the latest M.S. patches for for LSASS, MSBLAST etc. Install the patches before thinking of connecting to the net.

If you've had problems with SP2. Downloading the latest drivers for EVERYTHING you have will sort it out.

And off topic quickly while you're mentioning avast, mcaffee, nav scanners. Check this out.
http://anti-virus-software-review.topte ... itdefender

I just converted from AVG (got major bugs lately) to Bitdefender. It is awesome and uncompairably better than AVG Free. The price is definately worth it. Under R100 for a years subscription.

[Kiran]

Hey kikash,

Hope your problems get sorted out.

Just a quick suggestion. When you have some free time, why don't you try out Linux (I recommend Ubuntu). If you like it, you'd be happy to know it's argueably alot more secure than Windows.

Just some advice. Use it, don't use it.

[BinaryNrWith_A_2init]

To be honoust I dont know how the MS patch against the Lsass virus works. Or what its there for.

Even if you have it installed if some application would do a shell command
like TASKKILL -IM LSASS.exe /F you would get the exact same effect.

"WindowsXP shutting down after 30seconds"

Meabe it blocks the "known" LSASS virus but someone else could easily
make another LSASS virus.

KikAsH Sometimes i like to be hacked.
Like to know the enemy and how it goes about.

[hamin_aus]

To be honoust I dont know how the MS patch against the Lsass virus works. Or what its there for.

Even if you have it installed if some application would do a shell command
like TASKKILL -IM LSASS.exe /F you would get the exact same effect.

"WindowsXP shutting down after 30seconds"

Meabe it blocks the "known" LSASS virus but someone else could easily
make another LSASS virus.

KikAsH Sometimes i like to be hacked.
Like to know the enemy and how it goes about.

Edit: I dont want to be mean to a newbie, but if you think all the sasser virus did was kill LSASS, then you have not read up on it enough.

This is a good place to start....

[dammod]

If u get the LSASS virus......u r not being hack BTW...LOL!