Ok folks, this one has me baffled. I recently updgraded a PC (w/broadband) from 98 to XP, after running NAV. After manually installing SP1, I went online to DL and install the remaining service packs. Almost immediately it was infected with a virus and initiated a lsass.exe shutdown. Suspecting sasser or blaster I ran fixes from symantec and installed the recommended patches (in safe mode). Nothing was detected, but the shutdown sequence was eliminated. However, NAV is disabled, as is taskmgr, any security updates and regedit. I then ran almost every online scanner and Panda caught and killed 2 small.ak trojans, but still no reported viruses. I then was able to install Panda and Armor firewall. Panda caught an attempted re-install of the small.ak trojan. Armor started and blocked attempts outbound on port 135. In fact there were so many that it locked up the software so i could not shut it down. These factors indicated to me it is most likely blaster, but nothing finds it or any other virus. HELP! Sorry if there is not enough information or even too much information is included. Any assistance is greatly appreciated in advance.

I had this issue at work, commonly referred to as "Udectable Sasser". I found nothing to identify it. I even tried (as fruitless as it was) to see if I could overwrite the lsass.exe file. What I did find though, is that whatever it is, is most likely specific to XP. I re-installed 2000 Professional on the infected machine and to this day have not seen the problem again. Another tip I may give, is to keep your computer off the network untill you have already installed SP1 (or 2), Antivirus, and I suggest Spybot. Simply download the exacutable from Microsoft to your computer before you do a format and install of Windows. You can put the service pack on CD, and install it from CD when you're done. Next drop in your AV software, and then Spybot (blocks registry changes). Once that is said and done, I'd then try to single it out from your other PC's and update your Antivirus, spyware, and any security patches from Microsoft.

Maybe? McAfee Inc.

Qtip - The last thing I want to do is a reformat, however I will follow your advice on the re-install with the patches installed off-line if I go that route. I have probably spent 12 hours so far in research and removal techniques, and this is now more of a pride issue *snicker*, so any other suggestions for forum participants will be greatly appreciated. JPQ - as I sais I tried almost all the detection tools including panda, norton, and stinger. Does anyone know the link to the yet 'unreleased to the general public' SP2? Thanks for the help and thanks in advance for any more that people are willing to submit :)

Here you go... http://www.microsoft.com/downloads/details.aspx?FamilyId=049C9DBE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en Iligitimi non carborundum est