Lsas.blaster.keyloger
Solved/Closed33 responses
I have the same thing with system sercurity and the lsas.blaster.keyloger popup and cant get rid of it i need help please . It says I too have 38 things wrong and my nortons 360 says there is nothing wrong with it.How do i get rid of it. Thankyou very much.
Here's the cheap fix:
Boot into safe mode (Holding down F8).
Look in c:\Documents and Settings\All Users\Application Data
There is a file there that is all numbers such as: 85331323 or 46937130
Delete the sucker.
Reboot and all is well.
Boot into safe mode (Holding down F8).
Look in c:\Documents and Settings\All Users\Application Data
There is a file there that is all numbers such as: 85331323 or 46937130
Delete the sucker.
Reboot and all is well.
This is exactly what needed to be done! After 24hours of pulling my hair out and grinding my teeth in anger I came across this lovely persons idea.. At first my computer didn't start in safe mode, but tried again and when hitting f8 I hit enter too and it started the computer in safe mode. Relieved!!!
Literally, if your fortunate enough to remember the date you got the virus, go straight into restore and re-boot from that date.
I'm so happy, it doesn't even seem that it ever happened at all and so feel my gratitude should be shared! I hope you guys can solve this problem too. Good luck!
Cheeri-o
Literally, if your fortunate enough to remember the date you got the virus, go straight into restore and re-boot from that date.
I'm so happy, it doesn't even seem that it ever happened at all and so feel my gratitude should be shared! I hope you guys can solve this problem too. Good luck!
Cheeri-o
c:\Documents and Settings\All Users\Application Data
Do you know where this is in vista windows???? I have done the cntrl-alt-delete, and downloaded spybot search and destroy, deleted my temp files. when I reboot the little darn thing came back. I tried to find the documents and settings but I don't know where to look in vista.
thanks,
Do you know where this is in vista windows???? I have done the cntrl-alt-delete, and downloaded spybot search and destroy, deleted my temp files. when I reboot the little darn thing came back. I tried to find the documents and settings but I don't know where to look in vista.
thanks,
help me pls I cant figure out how to do this. Pretty computer savvy I am in safe mode and searching the for Look in c:\Documents and Settings\All Users\Application Data but I cannot find the number file and I dont think I am doing it right. can you please guide me? I am going into Search on the start menu.
webdoctor
Posts
2
Registration date
Friday December 5, 2008
Status
Member
Last seen
December 6, 2008
5
Dec 6, 2008 at 10:50 PM
Dec 6, 2008 at 10:50 PM
You are infected with WinWeb security a bogus antivirus software which produces false reports and attempts to have you purchase WinWeb security. You need to remove it. Instructions can be found here https://www.bleepingcomputer.com/virus-removal/remove-winweb-security
as i understand it this virus has been renamed system security 4.5. i tried all of the suggested solutions to no avail, including pulling up the task window and deleting. For me it did not work. i tried to down load mc affee and it kept logging off aol and internet explorer ( i tried downloading on both systems) eventually i found windows live one care through the microsoft site, so that i knew it was genuine and had no problem downloading. it worked ,i was left with a small square blue and white icon whichi put into the recycle bin. as a bonus i have th windows one care on three months trial and do not have to pay anything until the three months expire. i supposew i could decide not to go ahead with the purchase but this system seems to be so good it would be daft not to. note you do need to remove any external spyware and the like before you download. the srcurity settting that come with your system do not need to be removed or settings change. to be sure that all is ok go to control panel and click on security and it will give the status of the three settings firewall antivirus etc. hope this is useful
Didn't find the answer you are looking for?
Ask a question
I had this problem and finally got rid of it by going into safe mode (restart computer; before it loads hit F8; when safe mode screen appears, hit enter) In Safe Mode, I then updated my Adaware program and ran it. Adaware got rid of the spyware and my antivirus program and all other programs functioned again. I then got out of safe mode and ran my Adaware program three more times and scan with my Trend Micro Antivirus program two more times. Everything is working fine again.
thanks to whoever figured out that booting in SAfe-mode was the way to go.
I couldn't do much else from there, but at least was able to do a System Restore, got rid of the lsas.keyblogger, then upgraded to the latest Norton and feel safe once again.
That was horrible, and I was really really frustrated, thought I'd have to reinstall the entire OS to get rid of the sucker. thank you thank you again! - pb
I couldn't do much else from there, but at least was able to do a System Restore, got rid of the lsas.keyblogger, then upgraded to the latest Norton and feel safe once again.
That was horrible, and I was really really frustrated, thought I'd have to reinstall the entire OS to get rid of the sucker. thank you thank you again! - pb
Hey. I cannot start in safemode. I have tried f8, f7, going to run... then typing msconfig and nothing will come up. I am not the best with computers... Any ideas?
thank you very much for the safe mode and system restore idea..It worked like a champ and you are my hero...
Please help i tried Careys ideaa and when i try to delete it says access denied
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Apr 3, 2010 at 07:33 AM
Apr 3, 2010 at 07:33 AM
Hello,
Please download Malwarebyte to your desktop:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, rename it explorer.exe
Install Malwarebyte and update it.
Request a FULL system scan
Please, I would appreciate your feedback
Regards
Please download Malwarebyte to your desktop:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, rename it explorer.exe
Install Malwarebyte and update it.
Request a FULL system scan
Please, I would appreciate your feedback
Regards
I got the sam one but the only thing I found to remove it was to reinstall windows if you have you software than cool
I recently had this worm. After attempting all the suggested remadies, to no avail, all I did was click the decline or the X. I did this for about 2 or 3 weeks then it didn't appear anymore. This worm is just a scam for people to purchase useless software in the amount of $45.00.
Just be patient. Don't fall for this scam.
Just be patient. Don't fall for this scam.
The correct way to get rid of this pesty pop up and to get ur computer back to the way it was before. shut down computer. Restart, hit f8 before load up. This will take you to safe mode and don`t freak out cause everything will appear large. This will enbale you to get to restore of your computer. Restore computer to earlier date, before this sucker attacked ur computer. This should fix it.
just trying to offer some help here, since I got some myself - :-)
When you go to System Restore, the default restore point dates are today and yesterday, but theres a checkbox where you can request earlier dates. Go back as far as you can to when you first think you got the trojan, and restore to the day or week or whatever before then, and restore.
That got rid of it for me, then I updated my Norton, all clean now, thank goodness! good luck -pb
When you go to System Restore, the default restore point dates are today and yesterday, but theres a checkbox where you can request earlier dates. Go back as far as you can to when you first think you got the trojan, and restore to the day or week or whatever before then, and restore.
That got rid of it for me, then I updated my Norton, all clean now, thank goodness! good luck -pb
Thank you so much Carey, boxcar84our and pb!!!!! You are life savers! Our little laptop was the second of our computers to get this thing and I was very close to tears and totally frustrated until I tried your suggestions. Our main computer has now been away with the computer fix-it guy for three weeks. He said that he had to completely wipe the hard drive (luckily I saved all our important files elsewhere) and I'm really scared about how much he's going to charge us now. Well I'm feeling rather chuffed now. Thank you friends!!!!
Thanks sooo much.. I work online and got it from FB thats it not using that anymore.. I was about try cry then I couldnt find where to restore in vista safe mode, as kept saying was open already kept going in and out of safe mode then it opened restored to day before and it works worm free, could not of done it without you all thanks so much
I agree, Carey is my new best friend! I rebooted in Safe Mode, and did the restore thing and all seems well! Thanks to everyone!
g
g
you cam F disk and remove all partitions and do a reinstall. if you any files that you need try putting them on a disc or external hard drive or memory stick. Than run the F disk( https://support.microsoft.com/en-us/windows/create-and-format-a-hard-disk-partition-bbb8e185-1bda-ecd1-3465-c9728f7d7d2e ) than run a reinstall ... this works for very bad infections. hope this helps =)
I tried following the instructions at https://www.bleepingcomputer.com/virus-removal/remove-security-tool but Security Tool would not let me run mbam OR rkill. It also prevented me from killing the processes through task manager. Here's how I fixed it:
1. Start in safe mode by holding F8 while starting up
2. Press windows key + r to open a run dialog
3. Type msconfig
4. Click on the startup tab
5. Select the item that is all numbers. Its "Command" should be "C:\ProgramData\##########\#########.exe" where the #s are random numbers
6. Click OK and reboot in normal mode
Security Tool should now be temporarily disabled so you can run mbam as explained in the link above.
Good luck!
1. Start in safe mode by holding F8 while starting up
2. Press windows key + r to open a run dialog
3. Type msconfig
4. Click on the startup tab
5. Select the item that is all numbers. Its "Command" should be "C:\ProgramData\##########\#########.exe" where the #s are random numbers
6. Click OK and reboot in normal mode
Security Tool should now be temporarily disabled so you can run mbam as explained in the link above.
Good luck!
My son's laptop got this virus today and I managed to remove it using Carey's instructions, now I'm SuperMum! Thanks Carey!
Hi
I used Ambuscias' method and it worked very well indeed. Why do I need to rename the malware tool explorer?
But many thanks
Murmurings
I used Ambuscias' method and it worked very well indeed. Why do I need to rename the malware tool explorer?
But many thanks
Murmurings
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Apr 6, 2010 at 03:57 PM
Apr 6, 2010 at 03:57 PM
Hello,
It is just in case we had not identified the virus correctly and that we were dealing with a rogue.
Regards
It is just in case we had not identified the virus correctly and that we were dealing with a rogue.
Regards
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Apr 17, 2010 at 04:34 AM
Apr 17, 2010 at 04:34 AM
Hello Pixie,
I sympathize with you, but please be more specific, explain "no matter what I do", "other command", "anything I ask".
Thank you
I sympathize with you, but please be more specific, explain "no matter what I do", "other command", "anything I ask".
Thank you
Dec 26, 2008 at 11:17 PM
Mar 31, 2010 at 02:33 PM
May 4, 2010 at 11:25 AM