lsess.exe ?

Hi Kairos,

You're infected. LSESS.exe is a new worm that takes advantage of a vulnerability in the Windows' LSASS.exe file.

Microsoft has reported this in a bulletin.
http://www.microsoft.com/technet/securi...4-011.mspx

Winapa.exe is a new one but I suspect it's working with lsess.exe so that when you remove it, winapa.exe just restarts it and vice versa.

This is a typical situation where you can take advantage of some of WinPatrols unique features.

First, go to Active Tasks and find both program and anything else that looks suspicious. Using the CTRL key you can select multiple programs on WinPatrols task list. Select the mystery programs and click on Kill Task.

Now, go to the Startup Programs List and find every instance of Lsess.exe and winapa.exe. Lsess actually adds itself in more then one location.
Right-Click on the lsess.exe title and select "Delete File on Reboot".
Then click on the title and click the Remove button.

When you have removed all entries regarding lsess.exe and winapa.exe reboot and if anything was removed you'll have a clean system.

Another entry you can look for will be in your Services list. Lsess.exe installed an Internet Relay Chat client that can be disabled.

This is a fairly new one so let us know how it works out.

[ Voor 6% gewijzigd door Halfkakkende op 29-10-2004 09:45 ]