Friday, December 01, 2006

More Malware…

Office network down...

After some investigation, I've determined that my PC was the source of the problem.

Although being protected by Avast! AV, something snuck in. When I'm connected directly to the iPStar network for tests, it always leaves my PC very vulnerable.

Checking Network traffic:

performance.JPG
Note the regular spikes in the middle of the graph.

Something was spamming the upload bandwidth, such that nothing could come in too. Thus, I threw open the Task Manager and removed suspicious processes. When I hit the right one, the bandwidth graph went back to normal, and the purple line finally moved upwards and stuff started coming in.

ls.JPG

lsass.exe is the Local Security Authority Service. But lssas.exe is NOT. And it should not be a hidden file either.
In either case, it should never appear in that particular place in the system registry.

Thus killed the lssas.exe in the Task Manager. Removed it from the registry. Deleted it from C:\Windows\System32.

But this may not be the last of it... It's made it's way in once, it can do so again until my AV software gets a new update. Hopefully.

No comments: