Hacktool.lsasssba worm

April 27, 2004

Hacktool.LsassSba is a hacktool that takes advantage of the LSASS Vulnerability, as described in Microsoft Security Bulletin MS04-011.. It provides an attacker a system shell on a specified remote computer.The vulnerability affects unpatched versions of Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003.

The symtoms of an infected computer may resemble the original Blaster variants from August 2003, including:

  • Increased CPU utilization
  • system instability
  • system reboots

Removal

Symantec has release some information about this worm and its removal at:
http://www.sarc.com/avcenter/venc/data/hacktool.lsasssba.html

If your computer is still having problems after following the instructions, you will need to format your computer and reinstall your operating system and applications.