Date: Sat, 1 May 2004 14:58:40 -0700 (PDT)
From: Henry Linneweh <hrlinneweh@sbcglobal.net>
To: Todd Mitchell - lists <lists@ciphin.com>, 'Ejay Hire'
<ejay.hire@isdn.net>, nanog@merit.edu
Subject: RE: Lsass.exe causing shutdown in IE.
McAfee's Stinger takes care of this, or at least supposedly does.
http://vil.nai.com/vil/stinger maybe some of you guys on the ISP sides can
place a copy in a public ftp for your users.
What I've noticed from looking at a few people who were infected with it
is, IE and OE gets toasted with OE returning the 0x800ccc15 which on XP
has to deal with a bad McAfee install, and or timeouts. Now, I had this
one person I was on the phone with who had this error but was still open
to ping via DOS prompts and actually resolve out, and have information
returned to him. For a quick fix without having to reinstall I had him do
a system restore to a few weeks back, then reconnect and download stinger,
voila, fixed.
Currently running NMAP on the company's /18 to figure see if we can
notify users of this issue.
Below is output of the session with addresses stripped
sil@mvi:~> ping 216.x.x.x
PING 216.x.x.x (216.x.x.x): 56 data bytes
64 bytes from 216.x.x.x: icmp_seq=0 ttl=251 time=6.351 ms
64 bytes from 216.x.x.x: icmp_seq=1 ttl=251 time=17.575 ms
64 bytes from 216.x.x.x: icmp_seq=2 ttl=251 time=15.147 ms
64 bytes from 216.x.x.x: icmp_seq=3 ttl=251 time=23.916 ms
64 bytes from 216.x.x.x: icmp_seq=4 ttl=251 time=6.343 ms
64 bytes from 216.x.x.x: icmp_seq=5 ttl=251 time=8.788 ms
64 bytes from 216.x.x.x: icmp_seq=6 ttl=251 time=15.620 ms
^C
--- x.x.x.x ping statistics ---
7 packets transmitted, 7 packets received, 0% packet loss
round-trip min/avg/max/stddev = 6.343/13.391/23.916/6.056 ms