Flux rss
Search : in
By : Relevance Date Username
Statut : Not resolved

Lsas.Blaster.Keyloger

W12, on Tuesday 5 August 2008 à 11:57:39
Hello,
Hope you can help me ....somone with limited computer knowledge. I recently got a message from saying my internet explorer is infected with Lsas.Blaster.Keyloger and is trying send my credit card and banking details to a remote host. This happens everytime I open a web page. I have AVG free edition set up (i think!) but this did ot alert me. I did not even realise I had win anti vir2008 enabled on my pc.
Am I at risk and how can I remove it?
Configuration: Windows XP
Internet Explorer 7.0
Reply to W12  Report this message to moderators Go to last message

1


  • This message seems useful, vote!
  • Report this message to moderators
danzen, on Tuesday 5 August 2008 à 14:36:12
Hello!
I have the same problem and cannot find a solution for removal anywhere on the net.......can someone make a suggestion? Mine showed up with Power Anti-virus 2009 2.6 software accomanying it......I never have downloaded that software nor have I purchased it. I assume that this worm is designed to force you to buy that software's solution and also may truly utilize your credit info and send it to an outside host.... though I am not certain of this.
Luckily, I do not have any CC info on the com....however all the alert windows, etc are driving me nuts and making my com basically unusable.......Please help!!! Thanks, y'all
Reply to danzen

2


  • This message seems useful, vote!
  • Report this message to moderators
danzen, on Tuesday 5 August 2008 à 14:49:28
Also, my Macafee Suite says that the file tht is trying to access my credit info is as follows: C:\Documents & Settings\Owner.YOUR-588B4A13EA\Local Settings\Temporary Internet Files\Content.1ES\YY0B0326\setupxv[1].exe.
I have tried avast! virus removal tool to no avail. also I have tried the Symantec W32 Blaster Worm removal tool to no avail.
Reply to danzen

3


  • This message seems useful, vote!
  • Report this message to moderators
paland, on Wednesday 6 August 2008 à 17:13:13
I had the same thing. I cleaned out all temp files and cookies (through IE options) and then deleted it from memory (taskbar) and then delete it from your registry (HKEY_LocalMachine/Software/Microsoft/Windows/Current Version/ Run). If you do this then you wont be bothered by these messages.

I have a feeling that the Power-AntiVirus 2009 is in itself the culprit. That is how they are going to access your credit numbers, buy having you buy it.
Reply to paland

4


  • This message seems useful, vote!
  • Report this message to moderators
paland, on Wednesday 6 August 2008 à 17:21:37
Oh, and when you are done, run one of your anti-virus programs and run a full scan. I use the corporate edition of Symantec and it found nothing after I cleaned it out.
Reply to paland

5


  • This message seems useful, vote!
  • Report this message to moderators
W12, on Wednesday 6 August 2008 à 22:34:10
paland
Thanks for your help. Please excuse my ignorance but how do I delete from memory and also from registry.
Can you give me step by step instructions?
Reply to W12

8


  • This message seems useful, vote!
  • Report this message to moderators
willy, on Sunday 23 November 2008 à 21:17:55
I have used your instructions on how to get rid of lsas.blaster.keyloger and have not been able to do so. I'm receiving a program intitled winweb security that brings up the keyloger. I have an icon for winweb at the bottom right of my computer. It pops up the keyloger and wants me to buy their security program. Scam! I have gone through my programs and it is not their. Probably because I didn't buy it. I think if I could delete winweb security the keyloger would also delete. Any suggestions? Thanks.
Reply to willy

6


  • This message seems useful, vote!
  • Report this message to moderators
paland, on Thursday 7 August 2008 à 16:55:22
To delete from memory, just Cntr-Alt-Del and then Task Manager. Then go to the 'processes' tab. You will see the program Power Anti-virus running there. Just remove it.

You really shouldn't go into the registry if you dont understand it. One wrong move and your system is toast.
But, Start / Run / Type in "regedit" (without the quotes)
That will open the registry. Then follow the path I listed above
Reply to paland

7


  • This message seems useful, vote!
  • Report this message to moderators
willy, on Sunday 23 November 2008 à 17:34:29
Did you ever get rid of lsas.blaster.keyloger? If so, how did you do it? I followed the instructions, but I still can't get rid of it. Thanks
Reply to willy

9


  • This message seems useful, vote!
  • Report this message to moderators
 steve, on Monday 24 November 2008 à 13:58:13
I used system restore to an erlier date. seemed to work ok
Reply to steve

Results for

Download Spyware Blaster SpywareBlaster can help keep your system spyware-free and secure. It does not have to remain running in the background. Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted... en.kioskea.net/telecharger/telecharger-59-spyware-blaster
Viruses - Keyloggers A keylogger is a piece of software which records keystrokes, unbeknownst to the user. It is a kind of spyware. Some keyloggers can record URLs of visited websites, emails that have been read or sent, which files have been opened, and even create a... en.kioskea.net/virus/keylogger.php3
Viruses - Blaster / LovSan Appearing in the summer of 2003, LovSan (also known as W32/Lovsan.worm, W32/Lovsan.worm.b, W32.Blaster.Worm, W32/Blaster-B, WORM_MSBLAST.A, MSBLASTER, Win32.Poza, Win32.Posa.Worm, and Win32.Poza.B) is the first virus to exploit the security hole in... en.kioskea.net/virus/lovsan-blaster.php3

Results for

No Windows Update with Windows XP SP3After installing Windows XP Service Pack 3, Windows Update won't work. Windows XP Service Pack 3 installs a new version of Windows Update, but it forgets to register it. try the following: Log on as an administrator, and run cmd.exe, and... en.kioskea.net/faq/sujet-255-no-windows-update-with-windows-xp-sp3
The First Steps to Virus/Spyware/Adware RemovalThe First Steps to Virus/Spyware/Adware Removal Step 1: Delete Temporary Files How to delete Temporary Files? How to delete Temporary Internet Files? Step 2: Get a good all in one Antivirus/Anti Spyware/ Anti Adware... en.kioskea.net/faq/sujet-205-the-first-steps-to-virus-spyware-adware-removal

Results for

Creative sound blasterHello, i need a driver compatible with creative sound blaster where cAN I GET IT? en.kioskea.net/forum/affich-13083-creative-sound-blaster
Sound Blaster Audigy 2 ValueHello, I was just wondering if the sound blaster audigy 2 value is compatable with windows vista home premium. In xp i had it where I could adjust the bass and put in on concert or theatre, and add reverbs, echo, adjust midrange, highs, lows, and 7.1... en.kioskea.net/forum/affich-5854-sound-blaster-audigy-2-value
Lsass.exe error (can't access window)Hello, I've problem on lsass.exe and cannot access my window. I've tried F8 safemode and it still doesn't work. en.kioskea.net/forum/affich-6714-lsass-exe-error-can-t-access-window

Results for

Download VDMSoundVDMSound is a free software " open source " working in emulator of cards sounds for Microsoft Windows. He allows videos games and in applications conceived under MS-DOS to work on the new operating systems. VDMSound emulates cards Adlib and Sound... en.kioskea.net/telecharger/telecharger-440-vdmsound
Download Windows Worms Doors CleanerThe most part of the firewall, particularly the most renowned, use vulnerabilities known in the services of Windows which are allowed by default and that cannot often be made disabled via the configuration of the OS.Even with these services the... en.kioskea.net/telecharger/telecharger-291-windows-worms-doors-cleaner
Download Vista Live Shell Pack - PinkIf you want to have Vista on your computer but your shape is not rather powerful or if simply you cannot have to be paid this version yet? Then resolution is to change the appearance of your good old XP. Vista Live Shell Pack is a topic of office... en.kioskea.net/telecharger/telecharger-771-vista-live-shell-pack-pink

Results for

Processes - Lsass - Lsass.exe Lsass.exe (LSASS stands for Local Security Authority Subsystem Service) is a Windows 2000/XP native system process which manages local security and user authentication procedures via the WinLogon service. It is a local authentication server which... en.kioskea.net/processus/lsass-exe.php3
Viruses - Sasser Appearing in May 2004, the Sasser virus (also known as the W32/Sasser.worm, W32.Sasser.Worm, Worm.Win32.Sasser.a, Worm.Win32.Sasser.b or Win32.Sasser) is a virus which exploits a security hole in the LSASS (Local Security Authority Subsystem Service,... en.kioskea.net/virus/sasser.php3
Processes - avserve - avserve.exe The process avserve.exe (avserve) indicates the presence of the Sasser virus, which, in Windows, exploits a vulnerability in LSASS (Local Security Authority Subsystem Service, which corresponds to the executable file lsass.exe). Here is a list of... en.kioskea.net/processus/avserve-exe.php3