lsasrv.exe - Dangerous
%sysdir%\lsasrv.exe
Manual removal instructions:
Antivirus Report of %sysdir%\lsasrv.exe:
%sysdir%\lsasrv.exe
W32.Mydoom.AG@mm is a mass-mailing worm.
It uses its SMTP engine to send emails.
1. Creates the following copies of itself:
%System%\lsasrv.exe
%System%\version.ini
[path of execution]\hserv.sys
2. Adds to auto start using Shell value:
"Shell" = "explorer.exe %System%\lsasrv.exe"
3. Infects the HOSTS file.
Blocks access to antiviral sites and to Microsoft update.
4. Sends e-mails.
Removal:
Remove it from startup using RegRun Startup Optimizer.
Restore the HOSTS file using RegRun Anti-Spyware.
Stop the service and set it to disabled state.
Remove files.
| %sysdir%\lsasrv.exe | Malware |
| %sysdir%\lsasrv.exe | Dangerous |
| %sysdir%\lsasrv.exe | High Risk |
It uses its SMTP engine to send emails.
1. Creates the following copies of itself:
%System%\lsasrv.exe
%System%\version.ini
[path of execution]\hserv.sys
2. Adds to auto start using Shell value:
"Shell" = "explorer.exe %System%\lsasrv.exe"
3. Infects the HOSTS file.
Blocks access to antiviral sites and to Microsoft update.
4. Sends e-mails.
Removal:
Remove it from startup using RegRun Startup Optimizer.
Restore the HOSTS file using RegRun Anti-Spyware.
Stop the service and set it to disabled state.
Remove files.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.