I'm trying to help my niece. when she connects to the internet, her system locks up with a screen that says LSA Shell (Export Version) has encountered a problem and needs to close...... If I click on the "for more information" button, I get Error Signature: szAppName: lsass.exe szApp-Ver: 5.1.2600.0 szModNamae: unknown szModVer: 0.0.0.0 offset: 00000000.

I tried to update her NAV (heaven only knows if she's ever done that) but it shut down long before it finished updating.

Does anyone have any idea how to cure this? Is it a virus? Can I just reinstall the original applications CD's that came with the computer?

Thanks!
martha

[This message was edited by martha on 06-27-04 at 04:09 PM.]

Martha, I think you may be infected. Go to the Microsoft knowledge base.

http://www.microsoft.com/security/incident/sasser.mspx

PN

Try HouseCall (http://housecall.trendmicro.com/)... it'll let you know.

-Steven
...I can't do the little things, I hold so dear

Edit...duplicate post

Sounds kind of familiar...had to fix one of those worms at work. First thing to do is skip the AV updating, seems that doing this triggers the worm. Go to McAfee's site and look up the Sasser worm description, there is a direct link to Microsoft's patch that closes the port that this worm exploits. Immediately upon getting your computer working, get to that link and download it (choose 'open' instead of 'save' to make the process quicker). Once this is done it should stop the crashes, then update your AV and then clean out your system.

Thanks guys. As always, I appreciate the help. Andy, that's exactly what the tech guy at Gateway had me do -- worked like a charm. Paul, I couldn't get to the ms site to download the patch because it kept locking up but he had me go to start, run, and type "shutdown -a" which stopped whatever was causing the lock-up and then allowed me to get the patch downloaded. I've now taught my niece about windows updates and regularly scheduled virus definition updates. :-)