LSASJ.EXE from ATS alert (not a virus)

There is an add or a process on this website that has tried to inject the LSASJ.EXE Trojan on my system from ATS.

I advise the administrators to find it and remove it.

It's entirely up to you, but it might help if we knew more information. It's a huge board. What forum were you in? We're you logged on to ATS at the time, lurking, did you actually click on an ad, etc.?

reply to post by Maxmars


This was a virus that created a registry entry by exploiting "Windows Setup".
When your 'media fastclick' ad for the Travian Browser Game in Japanese appeared, the virus executed. I may have clicked on the ad by mistake.

reply to post by ren1999


is it this one

\SureThing Shared\stllssvr.exe

If the intrusion was 'blocked'... it may have just been triggered , or timed.... by one of your clicks on an ATS AD...

i know you've already gone to your 'System Restore' & cleaned all the attempted malware from your PC/Laptop


i've run into plenty of 'threats' here and other places, but investigation tends to point out that tracking crap is is the issue rather than CP crashing trogans TroJans....

best of luck....

I've run into this a lot on this site as well.

But when you point it out, you get told it's just your machine, not their servers.

...except that it only happens on ATS.

*Shrug*

reply to post by PrimePorkchop


Funny thing is, I have been a member here for over 4 years and NOT ONCE have I ever encountered a virus from this website. Considering I visit this website several times a day methinks it really IS users PC's that aren't properly protected, rather than ATS.

Learn to use Firewalls/Anti-virus/Anti-spyware properly people.

I've been on and surfing now for over 12 hours

Nothing on my machine

Been to almost every forum

Interesting that it would be ATS and not hit my machine, don't you think?

hmmmmmm

Just as I replied to another member who voiced a similar concern via the ATS contact@ email address:


We pay for a service which constantly scans both the servers and our ad
networks to ensure a safe, clean virus-free environment for our users.

The majority of 'fake fraud alerts', 'we scanned your system and found all
of these infections' come via email and often lie dormant .... awaiting a
random trigger point to activate them. The 'trigger point' can be anything
from a certain date/time to even waiting for your web browser to access a
given domain or URL.

This makes it quite difficult to determine their Actual point of origin,
which typically leaves the user to suspect they came from a particular
website or what have you.

My suggestion would be to download and run 'ComboFix'.
It is an anti-malware software designed specifically to detect and eradicate
these type 'faux infections' ... as well as any rootkits which may be present on the
system.

You can download it from the following link:
This is a direct download link for ComboFix

Download and Save it to your desktop.
Then double-click the icon to run the program.
When asked if you wish to download/install the Windows Recovery Console,
you can but it's not necessary.

Other than that ... just follow the prompts ... nd allow it to run through
Thoroughly until you're presented with the log file it will creat upon
completion.

Depending upon the level or extent of 'infection' it may need to restart
your system and run again - LET IT.

You'll be back up and running, clean as a whistle, in about 20-30 minutes.

Let me know if you have any questions or need further assistance.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

On a side note:

I'm on the site about 12-14 hrs a day and have never had any issues regarding attempted hijacks, downloads of malicious codes or software or anything else that would seem suspicious in nature.

Yet here I sit, for nearly the past year and a half, running virtually 'naked' on the web

Windows XP Pro
Absolutely NO anti-anything software
and Absolutely NO windows updates aside from Service Pack 2 (which came with this particular xp pro release)

I'm not going to tell anyone, "Oh. It must be your machine" ... but given all of the above you would think this machine would be but a mere paperweight by now - Nope ... runs like a champ.

Actually, I had to download the latest Combo Fix ver the other day to run on a client's PC.
So I decided, "What the hey!? I'll run it on mine too." If only for the lulz.
clean as a whistle, nothing was found nor detected.

LSASJ.EXE?


After a through search of the Network security boards, I could find no information of a LSASJ executable. Not that it could not exist, but if it does it would be considered a "Zero day" virus...

Are you sure the EXE was not a LSASS.EXE.

"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC or server. Lsass generates the process responsible for authenticating users for the Winlogon service. This is performed by using authentication packages such as the default, Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates then inherit this token.

The lsass.exe file is located in the folder C:WindowsSystem32. If you find a file named that elsewhere on your computer the improperly located file may be a virus.

reply to post by ren1999


There's no known virus/trojan/malware in the wild of that name. However, there is a lsass.exe process in windows that has often been confused with malware.