Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Sasser worm Lsass.exe help please

29 Aug 2011   #1

Windows 7 64b home
Sasser worm Lsass.exe help please

Hi all. Thought I had problems before, during all my messing around I somehow got the Sasser Worm, Lsass.exe variant.

This thing has actually overwritten my Master Boot Record and locked up my Hdd. Says I need password then shuts down or locks on spot. BIOS also overwritten options grayed out and 'new' shell options added. It had also hijacked my router, using udp mostly, but using aliases under every program I've had the past 10 years, thanks to my legacy desktop.

Hi all. New to forums, been browsing for some time. Need serious help.

Have Asus g73jh bst laptop. Seagate momentus hdd, sata, Intel chipset. Installation came with os partition. Also have old winxp desktop, amd 2400+, nvidia MB, 2 IDE hdd (homebuilt in 2002, yep old).

Here's the situation. Somehow got the virus, when or how can't say, but has to be a few months at least as when my laptop was bricked, started pc for 1st time in at least 3-4 months, and it was fully infected.

The worm has over written my MBR and BIOS, sending false reports of password, so can't post with HD installed. I do have a DVD with malwarebytes, but it's not bootable. Can boot in with recovery cd to cmd prompt, but can't gain any access to sc, wmi, etc. Not anything close to a cmd line expert, just been trying to learn as I go.

I'm locked out of network, so can't download anything, both systems. I was able to run mal on xp machine, isolated 5 Trojans, but don't know how to regain control. Slowly being locked out of various items, mmc's. Locked out of device mgr, but at least can get into os on this.

For laptop, nothing I can do until I can somehow get into system with hdd installed, currently pulled out.

Probably missing details. Oh, this thing has also infected router, creates its own share accounts even after hard reset. Just a mess. Any help would be great.

I'm almost hopeless, and hope you can advise. Have Seagate Momentus, with Ata password (I think) stored on Hd itself, though with MBR and BIOS overwritten, can't tell for sure. It's blocked all access to network, I'm on iPhone atm.

I can't get past bios w/ hdd on to even reformat or restore. It's remapped the onboard mem sector, virtual mount, and I'm no cmd line expert. Man I'm tired, hurricane not enough, dealing with this between outages. Just want to somehow regain access to Hdd and write/pass the the thing 10 times and begin recovering what I can.

Chastity, if you happen to read this, I did create your install CD, maybe a tool there that can help?

Thanks all.

My System SpecsSystem Spec
29 Aug 2011   #2

Windows 7 Home Premium 64 bit

reformat and reinstall

If you can't access the drive to reformat, then get a free Ubuntu disk. Install ubuntu. That will kill the worm. Then if you want to reinstall Windows, your drive will be clean to do so.

That's what I'd do, but others here may have other suggestions. The Sasser is impossible to remove.
My System SpecsSystem Spec
29 Aug 2011   #3
Layback Bear

Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64

Not really sure I have never used it. From what I understand you can boot from it and run a scan.

Microsoft Standalone System Sweeper
My System SpecsSystem Spec

29 Aug 2011   #4

Windows 7 Home Premium 64 bit

If you've got Sasser, a scan is pointless. Your computer will never be clean. You really have no option other than reformating the drive and reinstalling the operating system. If you've never reformatted or reinstalled, it's a bit arduous. You might want to ask a friend who's done it or have a professional reinstall for you.
My System SpecsSystem Spec

 Sasser worm Lsass.exe help please

Thread Tools

Similar help and support threads
Thread Forum
lsass,exe leaking resources (handles)
I noticed yesterday extreme handle usage on my system, over 120k handles, of which 80k were due to lsass.exe which is a unkillable process. The security accounts manager service is not stoppable also which uses lsass.exe. Today after I rebooted I see its not a one off problem and its leaking...
General Discussion
lsass.exe process very high ram usage
iv experiencing slowdowns in my machine, im noticing that the lsass.exe process is taking alot of memory all of a sudden - up to 2GB ! Here: (Win7x64,Vertex2,Gtx460,i7-2600,8gb ram) I wonder what can that be, suggestions plz tnx.
Performance & Maintenance
LSASS.EXE CPU 100% at boot
When I boot my computer (Dell E521/AMD 2Core/4Gig) it starts all of the programs it is supposed to but after a minute or two the CPU starts running at 100%. This will last for 10 - 20 minutes. When I look at the processes running is shows LSASS.EXE running at between 70 and 100% CPU time. ...
Performance & Maintenance
lsass.exe and Spybot
Does anybody know why Spybot places a ton of entries in the lsass.exe?

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:43.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App