lsass.exe, system restart Options

[Yume]

Es tūlīt sākšu grauzt galda malu. Man katras 3-4 minūtes ir restarts , jo redzieties lsass ir izdomājis ka grib pieļaut čupu ar ķļūdām un izslēgties.
Kas tas ir? Un ko ar to dara?
Tāda lieta kā system shutdown man ir atslēgta, Nortons vīrusus neredz, a man šis mūžīgais restarts jau nierēs sēž.
varbūt kāds būs tik gudrs un pateiks kas un ko ar to jādara?

[MareX]

Kaa jau agraaak "edg" mineeja tas visticamaak ir Sasser viirusa paveids -> links (liidziigs gadiijums)...

Vari pameegjinaat izdariit sekojosho...

1) Atrodi kaadu Sasser removal tool (ieteicams jaunaako)... piem Symantec, Microsoft, McAfee AVERT Stinger.

2) Lejuplaadee manis jau iteikto SafeXP.

3) Ieteicams jau laiciigi pamekleet kaadu ugunsmuuri... piem Microsoft (Win XP iebuuveetais), citi...

4) Atvieno datoru no interneta un jebkaada datoru tiikla...

5) Palaid Sasser removal tool (ieteicams to dariit nostarteejot datoru Safe Mode)... seko instrukcijaam...

6) Palaid SafeXP un saliec vismaz shaadas opcijas (iteicams)...
* Disable Remote Desktop support
Prevents your machine from having the ability to be remotely controlled by a system administrator or via the internet.
* Disable Remote Registry service
Disallows remote computers to access and modify the registry on the local computer.
* Disable RPC Locator service
Prevents your machine from using a specially malformed argument to be executed with system privileges by an attacker. The Locator service is not enabled by default except on Windows 2000 domain controllers and Windows NT 4.0 domain controllers
* Disable Windows Update service
Changes Windows automatic updates to manual mode(jo dazhi viirusi prot Windows Auto Update izmantot sev par labu).
* Disable UPNP/SSDP service
UPnP is a set of communications protocol standards that allow networked TCP/IP devices to announce their presence to all other devices on the network and to then inter-operate in a flexible and pre-defined fashion. There are currently limited UnPnP devices available and due to a recent security flaw it's advisable to disable this service. This also allows you to disable Universal Plug and Play Network Address Translation discovery which uses the Simple Service Discovery Protocol (SSDP) to reduce bandwidth and increase security.
* Disable support for DCOM
Distributed Component Object Model, or DCOM, provides a method for distributed network applications to communicate with one another. This setting allow you to disable support for DCOM.
* Disable the POSIX Subsystem
Windows 2000 and XP still come with the POSIX subsystem which allows the use of Unix commands against your system.
* Enable Windows File Protection
Windows File Protection (WFP) protects certain files that are key to the Windows 2000/XP operating system. These files are protected to prevent deletion of key files, unauthorized updating, and file damage that may be caused by viruses.
* Protect Against SYN Flood Attacks
Windows includes protection that allows it to detect and adjust when the system is being targeted with a SYN flood attack (a type of denial of service attack). When enabled the connection responses time out more quickly in the event of an attack.
* Prevent Denial of Service Attacks
Denial of service attacks are network attacks that are aimed at making a computer or a particular service unavailable to network users. These settings can be used to increase the ability for Windows to defend against these attacks when connected directly to the Internet. It also eliminates DHCP vulnerability.
* Disable listening on TCP port 445
Disables the raw SMB transport to cause malicious NetBIOS attacks and protect users from inadvertently exposing files on their computers, and also to block worms which spread via open file shares.

7) Pirms pievienot datoru atpakalj internetam (datoru tiiklam)... ieteicams uzinstaleet un aktivizeet kaadu no 3. punktaa mineetajiem ugunsmuuriem.

Good Luck!!!