PDA

View Full Version : Persistent LSASS heuristic.backdoor



dugger
2010-10-06, 16:02
I have installed AVAST - and maxed sensitivity, SUPERantispyware and now Spybot.

Superantispyware consistently detects:-
Heuristic.Backdoor
C:\DOCUMENTS AND SETTINGS\DOG\APPLICATION DATA\SYSWIN\LSASS.EXE
C:\DOCUMENTS AND SETTINGS\DOG\APPLICATION DATA\SYSWIN\LSASS.EXE
..but fails to remove and on reboot they just reappear. I looked into microsoft security info and they gave SASS removal tool which failed to remove and it seems that this problem should not affect service pack 3 anyway?

Symptoms include emails being sent from my hotmail account to my contacts list while I'm online and the disappearance of my sent emails from same account...my virgin.media email account seems unaffected.

Is this a new form of LSASS? Spybot seems to have missed it too.

Any help?

tashi
2010-10-06, 17:54
Hello dugger,

Please see the forum FAQ which also includes instructions on posting a preliminary DDS log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Then start a new topic, copy paste the DDS.txt log into it and a volunteer analyst will advise you when available. :)

Best regards.