Lsass.exe oddities

Date: Sat, 1 May 2004 14:58:40 -0700 (PDT)
From: Henry Linneweh <>
To: Todd Mitchell - lists <>, 'Ejay Hire'
Subject: RE: Lsass.exe causing shutdown in IE.

McAfee's Stinger takes care of this, or at least supposedly does. maybe some of you guys on the ISP sides can
place a copy in a public ftp for your users.

What I've noticed from looking at a few people who were infected with it
is, IE and OE gets toasted with OE returning the 0x800ccc15 which on XP
has to deal with a bad McAfee install, and or timeouts. Now, I had this
one person I was on the phone with who had this error but was still open
to ping via DOS prompts and actually resolve out, and have information
returned to him. For a quick fix without having to reinstall I had him do
a system restore to a few weeks back, then reconnect and download stinger,
voila, fixed.

Currently running NMAP on the company's /18 to figure see if we can
notify users of this issue.

Below is output of the session with addresses stripped

sil@mvi:~> ping 216.x.x.x
PING 216.x.x.x (216.x.x.x): 56 data bytes
64 bytes from 216.x.x.x: icmp_seq=0 ttl=251 time=6.351 ms
64 bytes from 216.x.x.x: icmp_seq=1 ttl=251 time=17.575 ms
64 bytes from 216.x.x.x: icmp_seq=2 ttl=251 time=15.147 ms
64 bytes from 216.x.x.x: icmp_seq=3 ttl=251 time=23.916 ms
64 bytes from 216.x.x.x: icmp_seq=4 ttl=251 time=6.343 ms
64 bytes from 216.x.x.x: icmp_seq=5 ttl=251 time=8.788 ms
64 bytes from 216.x.x.x: icmp_seq=6 ttl=251 time=15.620 ms
--- x.x.x.x ping statistics ---
7 packets transmitted, 7 packets received, 0% packet loss
round-trip min/avg/max/stddev = 6.343/13.391/23.916/6.056 ms

McAfee's Stinger is copyrighted software. Redistribution without
permission or license from McAfee may not be wise. McAfee's sales
people are very particular about not letting people redistribute
their software without paying McAfee.