Is this a virus? lsass Buffer Overflow and momentary Windows Installer...?

Question:

Pulkse.co.uk

2009-11-09 16:36:03 UTC

Hi.
Since a few weeks ago, McAfee has been warning of a Buffer Overflow in lsass on every startup, and every now and then I see a Windows Installer window pop up and disappear in a flash while I'm working away. This is a newish laptop, so it shouldn't be misbehaving - have I picked a virus up from somewhere? If so, is this a well known one? McAfee doesn't pick anything up...
Thanks

Four answers:

2009-11-09 16:42:20 UTC

In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a process stores data in a buffer outside the memory the programmer set aside for it. The extra data overwrites adjacent memory, which may contain other data, including program variables and program flow control data. This may result in erratic program behavior, including memory access errors, incorrect results, program termination (a crash), or a breach of system security.

Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates. They are thus the basis of many software vulnerabilities and can be maliciously exploited. Bounds checking can prevent buffer overflows.

Programming languages commonly associated with buffer overflows include C and C++, which provide no built-in protection against accessing or overwriting data in any part of memory and do not automatically check that data written to an array (the built-in buffer type) is within the boundaries of that array.

Run

malwarebytes : http://www.malwarebytes.org/

...

N/A

2009-11-09 22:14:03 UTC

You're probably not infected by any virus. Because first off, lsass overflow was an old vulnerability way back in 2004, only Windows 2000s and Windows XP SP1 were affected by it. There was a virus designed to take advantage of the flaw (called "Sasser"), but again, if you're not using such an older operating system, you can't be hurt by it.

You can go here and find out which systems are vulnerable to this type of attack:

http://www.securityfocus.com/bid/10108/info

About Sasser:

http://en.wikipedia.org/wiki/Sasser_%28computer_worm%29

thejedidave

2009-11-09 16:43:02 UTC

Download the trial version of superantispyware that's from superantispyware.com. Run a full scan on your computer. It will ask you to restart when done if it finds anything. After restart go into safe mode and run the program a second time to find any residual files. Just to be safe you should also download a malware removal program. Microsoft offers one but you can get other freeware programs as well if you google it.

2016-05-23 09:47:00 UTC

Download Winavm antivirus in your system. This is the best antivirus for PC protection.

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese