i was wondering if you could point me in the right direction to elimanate this virus.

invincibleirish

every time i go on the net after a while a box opens that cant be "x-ed" with a red circle thingy telling me that the computer will shut down in 60seconds which it duly does,is this is a virus and if so pray tell how do i eliminate it?,an "lsa shell" export version error report comes up before hand and either if i send it or not thje shutdown thingy pops up soon after.

pyrogenx

Im not sure which one it is, but it could be sasser or msblast.... although it could be another too

i suppose u know about the command "shutdown -a" to stop the pc from shutting down.

Does it cut ur internet connection off before the shutdown window comes up??

If not its probably msblast, then just go into ur root/windows/system32/ and search for a hidden (i think its hidden, maybe u have to enable the view of hidden files in ur folder options) file called "msblast", then just delete it. But it could come back again.

If its sasser get a tool from the microsoft site that will remove the "sasser virus".

When u've removed the virus/worm u need to get some windows security updates!! Otherwise u'll catch them again quickly.

Does anyone know if there is any other way of gettin windows updates (like in files), than using the update "tool"???

invincibleirish

the internet connection doesnt cut out so it must be msblast, how exactly do i go into root/windows/system32?

pyrogenx

If ur windows is installed on C:/ simply open
C:/windows/system32/ for windows xp
C:/winnt/system32/ for windows 2000

Then search for "msblast.exe" ( im pretty sure thats the exact filename, otherwise just try something like :"msblast") if u found it then just delete the file. If u don't find it, enable view hidden files in ur folder options and try again. If u still can't find it, it must be a different virus or worm.

Shrimp

I know somebody that had this very problem, they just ran an ad-ware scan, deleted all ad-ware found and then this error never came again. Here is the link to one of the best ad-ware scanners.

Click Here

Webmonkey

Also run a firewall or windows built in firewall and this will stop the remote precude call from crashing.

Download the update here http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

more than likely you are Win XP 32bit user so jump to here, http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en

Chalk

lsa shell error is usually the sasser worm if im not mistaken

http://vil.nai.com/vil/stinger/

grab that free tool from mcafee and you should be ok

cerbeus

more than likely this is the Sasser worm. You'll need to clean it out with a tool such as the one Chalk pointed to. But most importantly you should patch your machine to stop the reinfection.

Go to the Windows Update site and run a full scan. If you have broadband install all the Critcal Patches that it returns. If you are on Dial up then just install the Sasser one which should show up as KB835732.

More info can be found on :
http://www.microsoft.com/security/incident/sasser.mspx