LSAS.EXE

  • Thread starter Thread starter Otto Bruckner
  • Start date Start date
O

Otto Bruckner

Does anybody knows more about that Virus (Trojans).
It turns off McAfee & also ZoneAlarm and no AntiVirus Defense Program knows
it.

It startup is like the Gaobot (same registry settings) and it wants to make
connection to an IRC. The weird thing was that i can't terminate it in the
Task manager i have to restart with a boot disk and to delete it!

Strange or not
 
Otto Bruckner said:
Does anybody knows more about that Virus (Trojans).
It turns off McAfee & also ZoneAlarm and no AntiVirus Defense Program knows
it.

It startup is like the Gaobot (same registry settings) and it wants to make
connection to an IRC. The weird thing was that i can't terminate it in the
Task manager i have to restart with a boot disk and to delete it!
Click to expand...

Are you sure that is quite the right name?

There have been several new bot net agents from various families found (a
few are quite widespread) the last few days, and although I've seen similar
names, I don't recall precisely that...
 
Sorry, this is not the name of the virus. This is the name of the file,
which is loaded.

In the meantime i have discovered more info about that:
Its name is Agobot (Gaobot) and it uses the security holes of Microsoft
described in MS Bulletin MS03-001 & MS03-026.

Startup files could be also SCVHOST.EXE, WINHLPP32.EXE and LSAS.EXE (the
last one seems to be a newer variant and McAfee DAT4297 doesn't find them)

regards
Otto
 
Back
Top