6 days to activation of OS - get Sasser

[northridge 2]

I have delayed activating my latest XP install to see if previous problems were solved.Some days ago I noticed I had a Isass.exe file but it didnt appear to do any harm so I left it. It said it was part of a system file.Today, with 6 days to activation I am getting constant warnings of a corrupt file (Isass.exe).I made sure the relevant Windows security update was in and ran the sasser removal tool: when I next looked there was a big warning message that wouldnt go away.Reboot. Same.I use Eset Nod32 antivirus, uptodate.Thinks: is this a boobytrap put in by Msoft to force me to activate?

[TechguyMaxC 516]

lsass is a system fileMS does not put viruses in Windows. That would be the dumbest business move EVER. People are too paranoid. You need to do scans from safe mode. Run an AV scan in safe mode, also download Malware Bytes Anti-Malware and run. If that doesn't clean it up, you need a professional to do it for you.

[Plainplane 6]

From an online source:

The process lsass.exe serves as the Local Security Authentication Server by Microsoft, Inc. It is responsible for the enforcement of the security policy within the operating system. This process checks whether a user

[northridge 2]

So it wasnt Sasser: no reason that it should have been, seeing as my OS and anti-virus are bang uptodate. No longer even sure what lead me to think it was SasserThought it very odd that after finding the .exe file on my C: drive it then appeared on two others, and that after sitting there for a few days it started perturbing, to the point that a warning dialogue was always present.At the same time burning decrypted and shrunk dvds all went wrong - buring rubbish or files out of sequence - and I imagined that my pc was shutting itself down. I have reinstalled my OS a million times - almost always close to the limit, and have never had this much bothersome behaviour.I ended up reinstalling XP and the .exe files have disapeared.So why would a system file that deals with ID and security start acting up at the end of the 30 day pre-activation period? Thats why I thought it might be a built-in bug to annoy users so much they activated even when they werent ready.Thanks for your repliesNicholas

[Plainplane 6]

It is always possible that the exe itself had become infected. It would be very difficult to tell but it seems that may have happened.Were the latest security updates for your computer installed? Some times I worked with instances where that if a copy of Windows wasn't activated, not all of the security updates were made available to the user and so they were unknowingly vulnerable.Also, it may be time for a different antivirus.

[northridge 2]

"Also, it may be time for a different antivirus. "Is that a very gentle way of suggesting the Nod32 may not be very good - in itself or in its rigour when updating?If I remember rightly it was recommended by people at either Flight1 or Aerosoft.Just confirmed that my pc was pretty sick at that point: the two dvds I decrypted and shrunk were rubbish: I thought they were burned badly but in fact they were copied badly: never happened before. Anyway, squeakyclean XP now - so far. Nicholas

[TechguyMaxC 516]

Nod32 is decent. There's no single AV software that stands head-and-shoulders above the rest, but there are some that are better than others. I would never recommend anyone use any of the "big name" corporate AV products from the likes of Norton, McAfee, and Trend Micro, certainly. What I've found as a PC technician over the course of this decade is that the more famous the product, likely the worse it is. Especially if the company advertises their product anywhere outside the internet (meaning print, tv, radio). Recently I've been using Avira which has done an excellent job. Prior to that it was AVG. I still recommend AVG to my customers. Even more recently MS Security Essentials has popped onto the scene and in my testing so far has done well. Still not ready to recommend over AVG though.