nanog mailing list archives
Re: Lsass.exe causing shutdown in IE.
From: Jeff Workman <jworkman () pimpworks org>
Date: Sat, 01 May 2004 17:05:41 -0400
--On Saturday, May 01, 2004 4:18 PM -0400 Henry Yen <henry () AegisInfoSys com> wrote:
On Sat, May 01, 2004 at 03:09:12AM -0500, Ejay Hire wrote:We're starting to take calls from users about an LSASS.EXE error causing XP to do the 60 seconds till forced reboot, and the normal blaster mitigation and turning on the ICF isn't fixing it. I've been able to reproduce it on one machine locally. Is anyone else seeing it?Sasser (windows) worm. http://isc.sans.org/diary.php?date=2004-04-30
This affects Win2k too. I had to deal with it earlier today. It was my experience that after the machine rebooted a few times it would stay up and allow you to remove the offending files and processes, and apply the appropriate patches.
What I like about this worm is that it's extremely easy to identify hosts on your network that are infected. Just run an nmap scan of your network and look for hosts with TCP port 5554 open.
-J -- Jeff Workman | jworkman () pimpworks org | http://www.pimpworks.org
Current thread:
- Lsass.exe causing shutdown in IE. Ejay Hire (May 01)
- RE: Lsass.exe causing shutdown in IE. Christopher J. Wolff (May 01)
- Re: Lsass.exe causing shutdown in IE. Henry Yen (May 01)
- Re: Lsass.exe causing shutdown in IE. Jeff Workman (May 01)
- RE: Lsass.exe causing shutdown in IE. Todd Mitchell - lists (May 01)
- RE: Lsass.exe causing shutdown in IE. Henry Linneweh (May 01)
- Re: Lsass.exe causing shutdown in IE. william(at)elan.net (May 01)