Is This A Windows Bug? Windows

my computer was once attack by this software ( i do not wish to call it a virus since its actually one executable file) that creates a copy of itself with the name of the folder which it is in and with a folder icon. So what happend is if you think its just a folder and click then it will the executable will create a process using the following name lssas.exe, winlogon.exe, service.exe and i forgot the other one. WHen you will delete all the exe with a folder icon it keeps coming back since the process it just craeted will just create another one. Now here is the bad thing, when i tried to delete the process it created, taskmanager wont let me since it has the same name with important process running in the system but this fake process runs not in the system but in the user but still i cant delete it. So i end up reinstalling windows and putting deepfrez becuase it was not detected by the antivirus. My question is, is it a Windows bug, I mean it wont let you terminate a process which has the same name with other process that runs in system even though its a fake or runs in user space only?

Edited February 22, 2006 by miCRoSCoPiC^eaRthLinG (see edit history)

It is a virus dude - you think viruses come in the form of exes and accompanying dlls ?? Whole lock, stock and barrel together eh ?It's one of those pesky worms. But there are millions of them which take up the same name as those processes. You need some good scanner to determine which variant it is.Windows of course will protect the processes which are important for it to run - there's nothing you can do about it, in such circumstances except for a full-reinstallation.

Windows of course will protect the processes which are important for it to run - there's nothing you can do about it, in such circumstances except for a full-reinstallation.

so you mean microsoft knows already this problem but didnt do anything about it? I'm sure there is a way that Windows kernel knows if it realy is the important processes that runs in the system or not.

What could they do? If they do impement a protection virus creators will just find ways to bypass it. The best option is to buy antivirus and firewall programs, keep them updated and keep them turned on all the time when your computer is on.Windows will only protect the processes from being terminated (from my experience)... if you open the task manager and try to terminate lssass.exe or something it will just say that it cant terminate because it is a critical system process.

so you mean microsoft knows already this problem but didnt do anything about it? I'm sure there is a way that Windows kernel knows if it realy is the important processes that runs in the system or not.

There's nothing you can do in such a situation. The worms don't overwrite these files - rather they piggy-back them. And even if Microsoft knows about it - what can they do once the worm has already nested in ? NOTHING. As I said, your only option in such a case is to do a full reinstall. And along with that have a decent antivirus installed. I would suggest against the FREE ones. However good AVG and the rest of the free gang might be - they still lack in one respect - regular updates.

Why bother man - where the health of your whole system is at stake. A good antivirus costs you around the $50 range.. and yearly license updates cost about half of that.

Just go to this site: http://forums.xisto.com/no_longer_exists/ and take your pick.

I've tried a wide variety of them - and finally settled down for BitDefender. That's my personal favourite. In past 2 years that I've been using it - not ONE virus/worm ever slipped through.

Regards,
m^e

i don't remember eactly what is this virus name, but may be w32.temp, not sure, but it's an old kind of viruses, it's not risk at all, and you can get it out without formatting, reinstalling windows or even buying anti-virus software, all you need is just getting any online scanning for viruses and malware, you can get this from this link:

Trend Micro co. Online Scan! <<<--- Full online scan.
Hope this will help you getting rid of that virus.

i tried scanning the said worm/virus with Bitdefender but it didnt recognize it. Not even AVG and Norton. I just figure it out how to delete those fake lsass.exe and its companion. SInce they are still loaded even in safe mode the only option is to delete them in Windows Repair mode. Just boot from the original Windows XP CD and choose repair instead of install and delete those file. They are found in APPLICATION DATA in the individual user folder. So the next time the computer starts those executables will not be loaded. It works in theory but havent tried it since i did a full reinstall and used Deepfreeze. But still I installed the Bitdefender back...