I have been having problems with an as yet unidentified mass mailing worm on a Dell PowerEdge SC1420 running Windows SBS 2003. I installed your trialware avast! 4 Server Edition to see if it could find and fix the problem. When I rebooted after the installation the boot process was interrupted by the following:
"lsass.exe System Error When trying to update a password this return indicates that the value provided as the current password is incorrect"
5 seconds later a system reboot occurs and the process repeats ad infinitum in an uninterruptible cycle.
I then fitted a second hard drive to the machine and installed a second copy of SBS2003 on it. I then installed avast! 4 Server Edition on that, and swept all drives for viruses using the 'thorough' setting and including 'archives'. Netsky-P and Netsky-Q were found among email attachments in Exchange data on the old system, but nothing that appeared to be live or a mass mailing culprit.
Web searching indicates a connection between the sasser worm and the lsass.exe reboot cycle behaviour, but avast did not detect sasser in my installation.
Questions:
1) Has anyone experienced the lsass.exe system error with an avast installation before? (if not, then it can be assumed that the installation did not cause the lsasse.exe error).
2) Does avast reliably detect sasser infections?
3) Any ideas as to the best resolution?
Thanks to all who reply.
