Thread: LSASS.EXE Terminated Unexpectedely Code 1073741819
View Single Post
  #8  
Old 01-05-2006, 02:42 AM
Robert J. Rando
 
Posts: n/a
Default Re: LSASS.EXE Terminated Unexpectedely Code 1073741819
David,
What is a NAT router and where do I get one? I believe I got this virus
installing a corrupted
system download exe 0of SpyDoctor of all things.
__________________________________________________ ______________________________
You have listed various AV software which may find such worms as;
W32/Radebot.worm ,
> W32/Plexus , W32/Gaobot.worm and W32/Reatle that Exploit the LSASS Buffer
> Overflow
> Vulnberability via TCP port 445, but you left out the most important part.
> Exploitation
> mitigation.
>
> The patch associated with KB835732 is not mentioned. Nor is using either
> a software
> FireWall or a NAT Router. If these are NOT used the user will just get
> re-infected or just
> keep on getting the message...
>
> NT AUTHORITY\SYSTEM
> 'c:\windows\system32\lsass.exe' terminated unexpectedly with status
> code -1073741819
>


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:OJ%23dktcCGHA.2124@TK2MSFTNGP10.phx.gbl...
> From: "Rick "Nutcase" Rogers" <rick@mvps.org>
>
> | Hi,
> |
> | It's a worm. When the message appears, click start/run and type
> | "shutdown -a" (without the quotes) to halt it and then download some up
> to
> | date Antivirus scanning software.
> |
> | Free virus removal tools:
> |
> | http://vil.nai.com/vil/stinger/
> | http://www.emsisoft.com/en/
> | http://free.grisoft.com/doc/8/lng/us.../nid/3001#3001
> | http://www.f-secure.com/download-purchase/tools.shtml
> |
> | Also, you may use this free on-line scanner:
> | http://housecall.trendmicro.com/
> |
> | Symantec also distributes many free removal tools that are
> virus-specific:
> | http://securityresponse.symantec.com...ools.list.html
> |
> | Many are best run in Safe mode to minimize interference. Most will
> resist
> | removal in normal mode where they are active.
> |
> | How to start in Safe mode:
> | http://www.rickrogers.org/fixes.htm#Safe%20mode
> |
> | Emergency system tools:
> | http://www.dougknox.com/xp/utils/xp_emerutils.htm
> |
>
> Rick:
>
> You have listed various AV software which may find such worms as;
> W32/Radebot.worm ,
> W32/Plexus , W32/Gaobot.worm and W32/Reatle that Exploit the LSASS Buffer
> Overflow
> Vulnberability via TCP port 445, but you left out the most important part.
> Exploitation
> mitigation.
>
> The patch associated with KB835732 is not mentioned. Nor is using either
> a software
> FireWall or a NAT Router. If these are NOT used the user will just get
> re-infected or just
> keep on getting the message...
>
> NT AUTHORITY\SYSTEM
> 'c:\windows\system32\lsass.exe' terminated unexpectedly with status
> code -1073741819
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>


Reply With Quote