|
Posted by Robert J. Rando on December 26, 2005, 4:51 pm
If you were Registered and logged in, you could reply and use other advanced thread options
David,
I'm running in SAFE MODE. I'm trying to execute Start, Run, Shutdown -a
precisely at the time I get the error message but I'm getting locked out of
the start/run command line once the error message comes up. I can't get the
system to stay running for me for more than 10 minutes. This is getting very
frustrating as I can't get any of the MULTI_AV exe files to run for more
than 10 minutes. You have been extremely helpful and I am computer savvy but
I just can't seem to get past 1st base with this one.
Also, how do I specifically block the UDP and TCP ports you reference? I do
have an Etherfast Cable/DSL Router.
Bob
----- Original Message -----
From: David H. Lipman
To: rjrando1@cox.net
Sent: Sunday, December 25, 2005 8:12 PM
Subject: Fw: LSASS.EXE Terminated Unexpectedely Code 1073741819
From: David H. Lipman
Newsgroups:
microsoft.public.windowsxp.device_driver.dev,microsoft.public.windowsxp.general,microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.perform_maintain,microsoft.public.security.virus
Sent: Sunday, December 25, 2005 10:05 PM
Subject: Re: LSASS.EXE Terminated Unexpectedly Code 1073741819
| HELP!! System Shutting down after 10 min with "LSASS.EXE Terminated
| Unexpectedly with status Code 1073741819". I've run the Microsoft
Malicious
| Software tool and it doesn't detect the W32.Sasser.E.Worm. I've tried the
| Symantec tool as well but the system shuts down before it is complete.
I've
| compared this to my other system and the Registry entries for LSASS.EXE
are
| exactly the same. My other system is fine. I have tried virtually every
| suggestion I have found on the Web and still no resolution.
|
| Any suggestions? Bob
|
Way too many News Groups !
There are anti virus News Groups specifically for this type of discussion.
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus
One of the above and microsoft.public.windowsxp.general is all that this
should have been
posted too ! Theefore I have set Follow-ups to those two News Groups.
The following are certainly symptoms of a LSASS buffer overflow exploit via
TCP port 445.
NT AUTHORITY\SYSTEM
'c:\windows\system32\lsass.exe' terminated unexpectedly with status
code -1073741819
or
NT AUTHORITY\SYSTEM
'c:\winnt\system32\lsass.exe' terminated unexpectedly with status
code -1073741819
However, one can NOT assume Sasser. There are several Internet worms now
actively taking
advantage of this vulnerability. Most notable are the SDBot/RBot worms
W32/Sasser.worm.a -- http://vil.nai.com/vil/content/v_125007.htm
W32/Reatle.f@MM -- http://vil.nai.com/vil/content/v_135722.htm
W32/Gaobot.worm.gen -- http://vil.nai.com/vil/content/v_100785.htm
Qhosts.apd -- http://vil.nai.com/vil/content/v_124880.htm
W32/Plexus.b@MM -- http://vil.nai.com/vil/content/v_126167.htm
W32/Sdbot.worm!ftp -- http://vil.nai.com/vil/content/v_128082.htm
W32/Mytob.gen@MM -- http://vil.nai.com/vil/content/v_132158.htm
W32/Radebot.worm -- http://vil.nai.com/vil/content/v_132018.htm
{ W32/Radebot.worm, W32/Mytob.gen@MM & W32/Sdbot.worm!ftp will all exploit
both LSASS and
the RPC/RPCSS DCOM vulnerabilities }
To mitigate the LSASS module buffer overflow vulnerability one needs to
install the
following Microsoft LSASS for WinXP KB835732 --
http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en
One can execute the 'shutdown -a' command line to stop the 60 second
countdown and effect
the installation of the patch. Additionally disconnecting the PC from the
Internet will
keep such an attack from happening and allow the installation of the patch.
When you get the (attached) NT Shutdown message with the 60 sec.
countdown...
Go to; Start --> Run
enter; shutdown -a
It should also be noted that just becuase one gets the (attched) LSASS
shutdown message, it
does NOT mean that one is infected. It means that TCP port 445 is under
attack by
attempting to exploit the buffer overflow vulnerability. A non-vulnerable
system will not
exhibit the (attached) NT Shutdown message.
One *must* use a FireWall and patch their systems to prevent such an
exploitation.
If one is on Broadband a Cable/DSL Router such as the Linksys BEFSR41 can
greatly mitigate
such a threat even if LAN nodes are not fully patched. Specifically
blocking both TCP and
UDP ports 135 ~ 139 and 445 will completely mitigate and of the worms or
hackers trying to
take advantage of MS Networking ports using TCP/IP.
The following tool can be used to find and remove any of the known Internet
worms that will
exploit the vulnerability and should be used ASAP.
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode.
This way all the components can be downloaded from each AV vendor's web
site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot
the PC.
You can choose to go to each menu item and just download the needed files or
you can
download the files and perform a scan in Normal Mode. Once you have
downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe
Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to
run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal
Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by David H. Lipman on December 26, 2005, 5:59 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| David,
|
| I'm running in SAFE MODE. I'm trying to execute Start, Run, Shutdown -a
| precisely at the time I get the error message but I'm getting locked out of
| the start/run command line once the error message comes up. I can't get the
| system to stay running for me for more than 10 minutes. This is getting very
| frustrating as I can't get any of the MULTI_AV exe files to run for more
| than 10 minutes. You have been extremely helpful and I am computer savvy but
| I just can't seem to get past 1st base with this one.
|
| Also, how do I specifically block the UDP and TCP ports you reference? I do
| have an Etherfast Cable/DSL Router.
|
| Bob
Bob:
How you set the TCP and UDP blocks will vary from vendor to vendor and between
different
models by a vendor. You can view the graphic I had attached in a previous reply
for how
they are set on some Linksys models.
Here is the *big* question...
If you disconnect the PC from the network, that is you remove the Ethernet cable
from the
back of the affected computer, do you still get the following message ?
NT AUTHORITY\SYSTEM
'c:\winnt\system32\lsass.exe' terminated unexpectedly with status code
-1073741819
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by David H. Lipman on December 26, 2005, 6:59 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| Any idea why when I do the Start, Run, Shutdown -a I can't get the system to
| still function once I get the error message? Can I copy anything from system
| 2 over to the System that is failing?
|
Nope. This is new. I have NOT seen this happen before. Unless, SHUTDOWN.EXE
has been
deleted.
Attached is the SHUTDOWN.EXE from the Resource kit.
The difference is the sysntax for this version is; shutdown /a
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
begin 666 shutdown.zip
M4$L#!!0``@`(`&)'E2<V4%Y^J2@```!R```,````<VAU=&1O=VXN97AE[%H/
M;!37F7\+-MA;@Q?B3:T6R. L*5<;8[ =#)BR!B^8RN#%ZS]0VYAA/69VL]YU
M=V?X<\+%.<,=RV0CJZ)5JLM5H79.48AZ516U7$J(`P@3XN3@0DFNH2?2XZKU
MV3GY,"(D<IG[?6]FUVO^I'=MI>I.&?F;F?>]][[WO=_[_KPWWLW?ZF73&6-I
M(%UG["0S+B?[_=<ET.S'7IO-7LU^%)2_4["^MD7T3H#(=VA.P2L&@R%%
MV"4)834H^()"98U'Z BU286S9ED=IHPC2W:&AJIGEZ?2`.COW5GEO^+E[/)G
M\?Q>:'[Y()Z_K<PH?P=/AR>-/VM]7IGZ)'1RNQBKMDQGY_M:RX1UC&VP,':=
MS;1\R9*>Q0K0(,=HU[T,-UMRHA;^/HVQ=&906D+@3M ,QEZ]RZN[>0VUI9O-
M:&)+P>298A!7!/C,>CAVG7,8JV/_BPN#R):'5Q<JTCX%S[QZ$"0^_42\!L
M"MM$1<1[69HY=TR*+9_:#NR!PG D[&7F'-RTT*"2^]HYV1?7%]<7U__9R[V"
ML7-/(F[@N0IT&^__"IJ]PJ@_4,;8LZ ?@EXI,WC+P&.4"/@JI =]'^)LB*
M]RLD$_0;4#^H%Q0$_11TP)0[#V,T@.Z6(DSAF0-Z`O1]T,] [:!#H#V@6VBS
M#L\G0>_B?11T`_1!J2'+NAICK40[T'F,_RO0?X)FH/P5T&)0.:@:U P*@/X*
MU OZ$>AGH N@JZ#OK$+\!LT`Y8(6@U:!JD'-H##H`NB'H%= IT!CH$N@ZZ"[
MJPR=O@O=ND$OE=Z/.>4F(^DPMJ# 9*Z;6D?AV6;&>R$XM6YZHC.NHA!CM:YU
M-35()K72KE!(J0SL9@G>IO4U6QCS2+521TB1/+*JM(7V!MUAWQY?0-HM4=X0
M!(^X1Q+$X'YA;RC\E*#(HB)TB/LI;P="$64A8]M#:ECPACHZ544*"\CPNR1?
M<+<0@3B!Y F[]@ND2ND*JL"^VC]^9FQC:[/)Z*C:[*ZHW(=20V(@4DK^(+
M!86]OD! $!5%ZNA4!"4D>#$4E `3>X4@21<[.P,^KTBM(]"N30CSV4$_28CL
MCZ"G$.F4O+YVG]16:!6$3>U4%99(/S48P9S:!,IUO(,:@>)!D55LX+=7)-
M,#@U%FCG0@"0K,J0L#^DHD-$YLJ%@HHOJ$IKV7WS> HR(_O2,/5EP0ZJ%:
MQ-!M2TV=E2LHB()7%H->*:D=+4]0VLMGM/#S-/SC<9Y<UC\SU'\`UJ1[Y'.4
M_Y/##=^ZWZO@+Z9<`WC 0X*GX!H(><5 TJD*V><!L2FX1PSXVB:AP#R28] 6
M6PI"!D81!:-ATE>#8H<$V1$)XMHBA9"U):3XO-)"8)N$1Q8!GM<K&8H2WYP1
M3/?;JA11.+0<LF0-=O.,U0?%70$I,;=)U!-P8]SP'DQ.J)7$""T1A15?T!M0
MVZ15@G69.8T.7P1=`@%S]*G*6Y>C55TJ&#<Q:%1ET:$+763.%J+3:%M
M(=Z*0Q11V]M]7A]0XO.,1$CEE' RV;ODWL$FSS#M(14HA(PI!B6%&S#6/S'S
MO4 QHG+Q[6H@L%=X7"0+0P%2?.FT0KU'XO8'Q%_A\#)EA+T6.3\C42&1("
MHB(5\CQ6"]L6$9J6%Q8)>\,^. Y/*QY%ZI3Q6ETHK OO%Z'0-V%/RU:N+"[
MK10>)FSV><.A2*A=L5KK(^)N`.6IJJ^KK&G<(C0M7=LB-#4WKS>U0V%I!=UJ
MZ5:W:M\^//,V>S;FM30M7=\B6*W)KGM]B@Q A$X11UE)H:#1J5+OYA#;6
ML(6J>/:U9F;ZVFEP6E!:OMV^/02':J"/J$?,B"*2?1F:4L!"-].@0A2>S:@;
M*7A O.&"N4?OXA$;87UI169F!9DG*9H(G$GE^,$>?Z$@++LS%(GXR*+;U#"%
M89*/P15?AX0-@- IA7TAQ%J>)DA1:.B5>;+ 2 4\@AL:BI1#=@=#8:Y =68*
M6 ^(D4(*1,"'HB4$&F,DEXGT0-?$-P@^1V,(CI$Q[A08S.G73AU=-+#N$+VR
M+T@A,:0&DGL0L9U6+XF.E9L2^DMFFB<DPG" \+U 4MQ,!&-HVE1<1,5"H4UJ
M%]6 TF+-VQS9G9>JB1@4Q+8V'ZTDL$@8F-#4(>Z#'RQ?09DK+'K)0%NL2]=G
M9FX(A>&Q#TZ1B0T`++>BKLZUI6Y3S995M$Z36$K"TO63:%*H,-"+)$QO4IKU
MGK3.MP![91_6FN(6CR245W=3XMW.<QNE$(EREK !J7()[3RM;3XQ$-HM[ KM
M*X U>D72`\/RQNTTF7M'3ID&-TO>$AH"0,)7I&UKA&(K&1I7BB)29UC:XPNI
M$=@OW[%@7UOC)@`\K)GVJQZ%;)G4VA1L#S47E12M+"IQE32;VW,=UV^6,\LG
MR]F4KS#UVFC/:*6GH='OU.T_L3'+]M..N<SBSWSCNA.%OH+US#+^8K\_XS0#
M>_L;3EYN?W$P_23J;\QAEO[XZ]F,:6M>1;GG+;UXX#7J>?/'GUS._U3[1/L7
M[3-P;_Y8>[OFS>%IXR]J;_=\-'V\GPOB%0]KY[+QIL4?CO>7Y2HSW/$F*V,K
M6[+>*()X]5N:FB%_@.$;!EVGZ$ QZ!KXY#%FB;:<B[9<B*I#NCT+M3([B!P7
M=5W2[1DH^BU1UQ7=+F">4=<',=<I=[3K6K3KNFY/0VW[X0$U?42&Y&BI`/6T
M4D9];/I5_YR^###TJWT_P> >7<TXO0LP_B#_C.?R'8_<@/<EIZ%$@_LXM0/_
M\ITE/Z+CJ<S8V]/D,O1J].CV"0R\^FR?8QUF,+-X8+@0'74U1UMS!Q5N_7V/
M?%# ,*740!Z:0Z^DB&Z_A7JY"%QWGX,SQL X7@:&-JL<]_QTJLR?58+[ZO-]
M)6@3G56$NU+<\V:.9ZO[."ENZ$6*WJ>GQQA4MX]"L#\=)1KF_00W3N.?(X74
ME-,LY_"R_4I"@/T2WE*DJR]IKM'6'4UOG;&1V6JNK*HJ9>>2;&"HBMD_=]F6
MO(N9*)4]<5&95Z7,`K"Z:I/GH'[DF_&_F\%8WTL8:Z3TY(M+,4?F[EN\GD](
MKIX[B70N)CDRU\]TNXSA1S+H;<A&[4B:KF9Q!"Z TV+HT3,J-#2>W@81L:[K
M[7 5+.SV6->_C9]X&2HNH4.PXJY2-VFJK;WG[E.J-7YLEJD*R@&4;[/)<E"U
M.C([W=YI,SW3<+98_77XVV?:9</?+AK^YM8N^A?XV]&;^Z=NGS>'UN&ZVR]Q
MB="FJ77')/;&Q+Y6I0KM/5VVL#HS?F,:@'Z"2A'U2URWQ81E#O1]1';"$OS?
MYER!.^(V@H]"3WW#:P1>HW8S=L"1XY\)"+<7#^#]R]I-8(B7$F*"YQ>*/^YO
M:FNH/V=UKVU6'=T'+<WJ@E2XZAPYVIN$F!&7+HPX[JV]'TWM(E \^4(%@F5_
MK-IAZQN _*UN8RVT-0.)6(GN)<D0^$ A996.1\?[U=SZ>KG?SBSUNMTVQ]2W
MYUU]9$.LTI'C<>->#NFG:*7/9<%7*OQI\A$[V<!DIYX[,W@_U6K Y+03;Z9J
M+[YMHF$O(FLZ/TP^HRTIH(62S:I?^N'#34H!S,YD8)0%_L6GG\_A>6$=Y86%
MZ01W=/X^3)Q<04YI^_4I/>?YEY^^]$AJ3^IC])_23_F+U'[*5S%B4;*?,5)T
MOL!E3!ENBJ+*`O^RT_+<R>%Z%E%'9O1L?]'/Y,C"9.!MGCLU\/:=XE[7NJ.E
MJ>=<Y=F>T<4P6M/E#SART1TNW[\=[U^]SS '*QWSZ.,2&:>A#XSQ=;)#;I'U
M\%?.-6SR:O&'?HL'7IC"LY?3FG KC58Z; \UTMS/-=+<WV^D.0\S4KD_F=#]
MBR'G,H\N]XNBJ-'&$YD]E_+%H0I"X23/F'8;#^8>N1M,SV Z/6@CHI>2\,'T
M9U"F?^7H]AP;1Q\+`:.>IY?20NF*([<>8M-X'2V'-F:$E]7C:AZDE\TAZ7+Y
MH20]Y6Q]^%E)?MP$]O[6>Y.CVDX:7G+X#^W_C^GI:6[_M-7K93EN;?NUW
MR8V)!],=3NQ,WC'G^HXI[ST?1:[&-NV%/V,0]N;D*3U"K5V5IW:&?)K!:?
MY:FDSC,9#;M>F<PF_T#9!*RAI+%U_1.W-</*4JW+GI.TEV14>YP;S/PI26!H
M5C[0YK$:J4N@G<6FXNS3HP?2&#MJ/Y0+Z?!O_V,D]93C>_1?WF..8]R)VT_X
M'Z,%.>7(L7#V(WCP2$!U_TA;*][INV#[9Q(/4<&Q'0O)4]KC6$9_%@DXX*@X
M4N=PFETIRRDIJ6\O=KU@5CMRN7MN=1=_C PW#\%$H&""IV,!GD;X,H(@=]X'
MY1?A\['P.Q.+R;,F/P-HIQS'@(6Q^T_(<?X^3*/S^>[D=NP9#M;1NC3GJO<4
MN?LS0<TN_EA/I]J>\P=[WCSH[#Z0YLQ3GT23"B<F9M,..&S.(SDKJ4_W9WG*
M;!V1[FDP*48>^&A*7R<UBI47NIQKJ/;(L7(:[4#O<6JC+2$K=!X>R#XT@27
M2E!E%)*.SBQ?JHCE:Q5/>;/R:(JQ8T)O\L/.B./H1@L:+"]OSC[<A]Y3(ZA
M#9/^PF=,:@_O1\OX]Z')< AOV:<W(J?6'7Q"V=@37ZO\MJHJ^] _0P5Z_@+/
MGGBFXNZ)SU#*AYTT1%S,/O13L_YOS?HBJI\'SN'Y-(>-T^$@K]+1#/%_WG F
M>(,Y(O#7^&FS_#,"EA_$0B*PD(GLA,<$6RA?X_P#!2?7QX+HZ/@SQ%\T$/
MX\:S@G_Q_8'@EW]$X(?60C(<J%_Q/#0<>(P],E]T&$M.S^!!YTH\::FS#V??
M:J:^J9#<F^Q,2+!-*1YH>OH<1;,S:0Q;FXEYT/)(+IUYS*C)S*T%M2\>,%)/
MEJ=!*R7O;]1+J_EF1"]UX]GWJED@9EWS1'71,GZ3N".^JZI5_M.6?3QA#4
M:6(R[ZI.Z';&@_L=M^SF*8\ZQERWW VH)#VR; FN;N_G"T/OVWLN8F6TBZ9I
M4H;B'Q9,KRL>,#X>I,U'AXM)^^5-D*\NWO>90>N:>'"[&NWMU'9TK#1@<+Q
M"0#A/^.(Z]IV(T]0=OGU^ EM#:4+_7UY&P=O&VD]=OBVLD"6P6C0[0&^1LKL
MV.9K_H5;S1QSJ;OK6K.:V]WUZV9U;LQUS9U(U<9)"/UGHNM.6W)?\'YK\< .
M4YL"3T/,=:516U,UAZP`QZ?W-?6:UG(]7[V2W_*!<=#.`M,UIG6-YKOB:)+?
M=2/JNJ/;2WA^Q!)EX91(YTDKEHU:\Q)>:/'H0.:D#<.@G^6?;_U!_AGMPN5/
MFVCPGG;&G][8Z-[:R*6.<EO$:3V#3HQ/C]JF8V><.#<65:G\I&A1'_,;WQ3.
M<0!Z.;(%YNGW;RR43H>[\? TR+0NV!_G>28O_VSL`JEQ6A_O28+<)E+Q7U 0
M.#PVH>LRM]7$EK[$V*>XC3IW?!D==L96CV<?FHNWQ@;_-.RYR9<YBDYZ@]&.
MH+V:P3_RF#O9O9IK.!%MF7#'7+8$/]IBT]5;T8'$:V867+A%*QLL6FE.NJ
MS9!AJ,!?3/G&6=O U5^4X%9RB.S59,VNK*>[LHY1YGJVB3X2JIAS,[</O-31
M&F(EC(\N^J)FZK%H&[_OQ'UH"$OKU^7%F+_<7<PL;<?YCS+:HHOHV7/N.4]#
M8U2*#[HFJ$S(/L]C:-I@>D$EI/"T4F2^Z?87R*5FO0!EHU#S.2K9GZ>2[?@!
M*F1$9Y6@<7P/]#W>[>01<;:\LYB6]25#</SKJ).SZ("5@5N<CK(]YS(T^W,D
MI_Y8S'7,K<TZ1B>=6/WSM3%7KSNV^86MNOT9WC]'3N-G,^IZE9E=]]'8RZ/J
M,]W?R,L^_!+8&U X.N/0@))6GJ?>!%M-2[*LY<+>&50:05"DWQBRF(NR1QFD
M,J.;C[BWQM<8*IW5I+A6?Z16MW>;<,*S<6F;Q]JB_%=[\#SMWUO.=G]#R/[K
M=M1P??ZKMU=?=(@6=]$K-EJ]H2&9?HXAT\QXBM,V;VI%[+#E/+4$LGKY?*.
MX=Z9\EN1,WB'G;#>E-_<O?PD8X"2Y:;P=JXP?N]7G<(+EC$&)V5E*;Q3X G@
M74OA/;J:L7.V+WX7].?"5-4CAK:H4WM\@!E2I@G@;)87^#X&*B"I']'
MT+>6^[D>WU^B0X.KUK.I9DMA6R# GIW6(08"(2_LQ](:4<)!G[>CDRVSM/J4
MD,A63Q.54 !Z\CJU,\PNL59IGT]A5:QUF[>3Y"M2F&V8QIDLQEI%;T=;(,BV
ML=;6W=)_MW<^P'$==QW?D^7X3R3;34/J#$ZK-,+C#JY]EB5;3DWNG>Y.UEFG
MDRJ=;$_'<#GIGJ2+3W?'W<F6#1VKH6T,$UKW#R$$PYCBDN*4XAD")#1A1 ,T
M!#N8FJ&EM1P#Z1"@$\Q0VM Z"=_?[K[W]O?NR:E+F3$T[V*]V\_^=O>W?]_N
MO?UMZM.Y0BE7G:R)%L18HI>TU6EQ/_QJ=IWV?4SGZ/5:58A?1<C\?3.U>G8B
M7\" 6X!,)9L=+T_3_E_4NG)/*-><BB&;JU2R]<,5D"^27K0C(3N5*^6+=G6K
M$ ,C>V+#&9E-\;C(T@:):KDX44'?"R6A3"%7MT?DZS;GG7Q4W"ZB4HU,^8#M
M;="HB;6A5+E*;B(EWXDZ'!"@F6Z:6W#*3W-57K_JC%&AU'='R\/%.JIW/3
M5'O_0?5$FTRT.QK?$QU*;NU0>C\H$BA9';^X1++.NVDMOR)$;*9:M4NNW#.B
M'!!B\Y(B:GX?D/?)[T:;\="M>H1@>U6%2,L0)[8K*IM5-Z0^4\S-%F]JC
MUOMNC_;)*@.;(#9"KZEG*JH5]R>&TXF44QJ3RA]I#([=9X^CQ;V;2-P^6!BW
MU5RI1EL,-,3(X3%4&R*KHD=4H^+!4+(6E^\AO?!2%]?YB"QC(U M*AYJ&JWD
M$97:5X&QN&G$KBO'4+FFVT*L2/LHADGA(9T;E=(0O61%.N4FVD'@Q/$^+:/<
M":QBDK*49.L;L.O5PCAB_E9HV)XL`%5CQ5P-JHA?E_JAX=0H/Y^2KB3Z2%1\
M&*4VH;6B5B/$UT-0K_[>F8*3/?%+0NG44Y[5:FVFO,2+DTDDFRS51=AP9^Q9
MU,96$9NRQP^ ]<S4ZV7TE.-("4VH?%AGYB-4JHZW%+;SF)!23+WEGDXYF0
MU@`)1R6?MF&E]P_6V[(FXR_$FG94UZUT@\AD& _&+B7KJK]&69KT5JI;Q7
MJTN-./"D\:3%YT6BE%?%($9'$L-.*_WANO;OO[:_VF-J['L:R)50LE7'9J1-
M_RO5B[G2=*[DE.&(W K64RT?JNGV'PT;VUC?O&Z(ZR:YMQCU.$?[C_?A3K8P
M>,3.K<#]8=S)#.0,[C1M?%;:PYA72-;G91\G-M<DYE[Q<4IK&SA6M'/[<=^
M>Q_N5J@Q?!5P!O`Z^$@O4X%L!7(&,G&QJ=XF<6X?.+\/.+\,N+\"N+<&F#
M$\#7@!\?%N(EP__83[I;Q>5U?!1S6R/>M>_#?-KPW[<7^AOA*PB_UO"?'75-
MHI1-%\*?,.17BF&10(J#^&1$4L1P3XOE(BK9*!C=]XD53"XN4F(7P@Z C> 3
M3=[H\[K<R[-8A*NN[6Y=6#"="^=7X9_G*^4=HZ^6LQ?/GGT>2+9Y7[W%GE
M/J?=7SW]W.G/G<:?B\I]4?N?O>C$)N">=V)L;7'\E7NA!?EX#?^NMDH5SK>\
MNO#"I5<7%JX*[7;\R;WJY4LON]>EER_[_57XA4L++SCA_?&WPO_52R\@?D<?
MUU]E^*(,_^K"55TB%QU_[6YU\F_8#Z[29H0!Y==8O@WE_X;UU>"^@2X:H]IH
M)Q5:.?5PU8GG:53%M4S<)MXB'D6?D2L0,2;*8D;4T3=&Q)3\E@<Y)&B!LASL
ML*B!V6):QKR$+/9$+_I3&XH@A!8_A_[5[XV[0^K>)&Y![Z=?/NY'&FGTSA1Z
MH]/+U=4D97>B-^]$2L=#)#N!M*N(>R]6=B6M20WNM&'3J,+=16,,PGU,AAN6
M34).+V@$&5+AWBY^"R7QGU+>J0$5U^W0DG3\A/3;BY@*T(-TI+AZ4+94ZN2N
M0$=%4TB!_*KPS8%0S>R&:Y//-E*UYN?$O.;+,2:.Z%JT11&?-M1Q44S*\>L#
M4I]1L13K@-7P?_WU#WCM1?K]+OQ6XW- UNDF^5%UJ?Q7HE0>P-\IZ;\>=5[0
MJ42A?07?"F(<&M=U6=5T+=81PFMA.7%0UNRDU(ZD<V[;<=+9CI7%2DBI=,RZ
M;(/TA"PO:B.UAO9*5WR-RNM2Y/:/Q0ZDY.75*8>:> AULQIQ>7XAG?Y2<1JU
MO KY4>E[K5OY]VO_:>D?A<28;+-U7WE^3,N5I%P"<K.R-,RVMEJV_96ZG
MSS1*<L;-X7JT>VJAMKB;A5L*+7['#;<>-6\C3S7(3LKVG\'?65E>&Q ZA^_4
MIK9 G^VXCZ/<<K+MC^N4:N)=>FP0.O[;Q=/BQV7\U+\K1JV:>G2@'*GO.GK$
M0D@^#CEUD-?^->D?D_UI7,;&^^E*U,2GH?%/"\K'B&R5==F>O>M$$_W N0>^
M6?Q-H%V.8#RCT2R+>QHI#4JYIYO_[34UYH;TR*ON$1U/,S[^Z=IW0B1%Z59U
M"?3*WF4CYI(<$X7X6RD3%IWXMT/>Q^1(M)YZCMMV*(>'W59#%Y4B7=M0NR$W
MWKAL,>,R/:]VY3K,F#6I<#<;X?AX2-<6L1$U$S;^;E%VXS*]I!S!;%FW.<3@
M:>9/IY>V]&+TLY%[DJ0<59 7TG 2;8!Z3B-K$[\M4]R!C_KA\QZI[Z"6*>AT
M:UV(=CE7S<C^2OVO:(RQ=*UH/M.L^M./BG"([A6QF5ZMB)S[LF_NO=N&D4
M?)Z-1\?QO4_VBHKTW1Q:;\P+OM^+SD=H\YTS(';J"7@[;F0KL:F0%_I\"#4>
MO((EPW%++5R6!,BT#X?E1:N7)<(E'8EN6F"MD..F,==.:Q2#;N[MI56.0
M[L[P>4ZBB3"M;$S2VWW,)8T:?B$CEP]U[Z-WL6$5#R%_"82,T)]+^3[2OUZ
M-*0W0R'QOYR6/F&BLE6G%5HCS%]P0L8I%/?Z9)H,F<5CMMQ0;6K4OV:H_XO$
MR2F=/J)R2K\YW.7V0&+MF>T[MJ/%;;CC>NK4:0GT/O!_U%9_4.0Z=*;WE3>$
MSC<^N8Y2?>H'7ZK7D3J]6WZS3M\D-PZ9LG-Y]9Y"B-=>=YY)GUCEV/<Y)+]2
MS8)"[G/KIU9@/<#(*L@L9V072 LC)Q%J#2/T(_JMC,R#K&7D.%SK&/G4,K5S
MPR/GD58[(]M;\+Q@9 !D(R/Q6X0(,[*L1>T3BI58AN1KY\,Z:#C#P#8C&2
M::7UO$D>@$P?(S,@*49^!62(D5:0#"./(J?[&+D3,OL9.0*9>QGY&DHUS\@[
MEPLQQ<A'$:K(2 $R%4;.O46(.L]7J]J!XY$[T'Y^EI%-K>KUB$?^#C(?9*0/
M,L<8>0CD09ZOU:HU>.0TR"<9>0]B?IB1]X.<8&00Y"0CW<C[*4;^$:E_AI'O
M(M1G&?D'M,,SC&Q$/(\SLA,E_P2/!Z7Z%",?1R[F&1EO4?N0/'(%:3W+R K$
M<Y:1GIO0$QC9#_(WC!P$^0HO9Y"+C)P!N<S(GX.\R,C?@[S$R+=!OL''!.A\
MA9$?`_DFUQGD%4;V@%QEI *"1;9!?@&DF9$_`EG.R%^!M##20N,/(^^D>1
M[2C5M8R\%V0=(S\'TL;(KX&T,_('(!L8.0>RD9%_!@DS\D]H/YV,)*%A-R/?
M`MG)R-,(93&2QI@0YZ$@T\=S2N,/(^UH=4.,7,:J-L/(8RUJ%Y[1HD#V,_(7
M(/<RL@2]*<\(_0K^IXS0$OLL(_OP[RL\+?Q[D9%3].<6D]#[D'9&[L+7%".[
M?(T?Q=3\C)VC7)R-?PM?P6]GS`K?SC/P$;B=N-4D5-^M'3/((;AE&_IK,
M3AA9AF7Z*49V@[S(R!3(%48^!/(*(Y\'V7F;24+-T.=M)ND"R3,R#?+!M2;Y
M>9!CC/P)R-5U)ODZ2/,=)EF_%+V2D;?1RE62-DW(WNG;[S#)/2!'VTR2`ZG=
MDTE:D*^O,K(.Y-.;33*&_E7<8I+'0*J,? -DEI%F=RWLD/>@[X2WFN0+(-L8
M.=?J_%;@D.^V.K\Y.&3I*N>7"H?\!L@<(RUX$GV8D8^VJ!,\O1K\/7IZ,O*O
M"/4X(T]B_'Z6D?]"K[W(2!E]ZPHC_X*TFCL=DLUF9\>S.?F[6Y-!CHAF1@J0
M6>XC1T2+1VI':$>>6.,2NNY'?85-F4RA7K2[F<Q!R*08N0]DR M%T^FB7<J8
M\:0&XL7B/A9J%*&F&%E',R)&'@/Y)"-/@#S,R!::R1@Y59M%3WID2FW0/.41
M_7+I,QZ95>2S1BB[,#E5%V=86EUTPJN9+]H8*IY@,N^"S%.,O!UDW@PU4)O$
M4X3)K(;,;-25J1^0*Y*YJ"FS!#(G/9D)M<>*3J_U9%Y"J;:[)%N5&R!%F,DL
M0,;R9 X5\O4IC$@QEV0*T_3+\AJ/3"5+-4349I!#I7R\.-D>,V-^$C%OB)GE
M$Z/Y'Y,Y16V,D4= .AGY19#N&"^Q#F'Y2%1<9J$J: D;XR;)@80960W2&?=:
M2S%/Y_H<?-A<V570<SUBE_+N";]J/7@+GB79O8720*Y0B@UG],Y5%UE;MHE(
M)!NSLN%MO>E4TE)G+$;:HU'+\=B1Z$^G+?<@1N:7LN)]<'HG,S+?GGXKENI)
M6XL>ULBD8W%K(-YG13HC79$N.D8GTI4K'8YTT2%;D2XZOBC2-9T#&(-/L5SS
M`O9:?0/Q?HO.=(QT.0<A1;H*-9(ME"8C77184:2+TK9$EC*^MY2GG:-&_KMW
M]<0'+.>Z59%OGUB76DT_V[K$@'/DI$[\,T)+.[[#KM#;;"7C'U)-.6=W8D
MZA.3O*1V6X.#?<GK32IN#0TD^Z\OJ9Z$E>X=[+5&WJ#6XPEK()J.4N5%NJ94
MK3M'#"I%O+J+=+&F%8_NMB)=<8@<IL!TS*!6W3EHL#T^Q!)+1*U47RQEZ=,'
MS<S(5F<H42K74;F.[EY5[NB/QWHL"BF/O$(X,X'ML12B5P<21MIC/3SUN-47
MZZ,J0_SJ%"U*C4I0'U5(S=Q6.?9R&HU;O7U#"4L=N>>5B2H1%< Y;8]4KI<K
MC6JC<Z5W#^VV1MR ARAA\W0_J"&/]_-2CD6M7?%TG*4L94P%RA-:"3=<.&KI
MOI&V[7R?7:QX>B3ZXE9_LK?7TMN<(UT=D<XPM%'GXZ'#0@]]0EZ$S$N=@AWH
M3PY8^G0K'?O>J7)T.NG%O64HUINPW(XY(NO6L46 6#8F#Y54>Z.M;I&5G=WH
MV]2HJ&_S<[,B'<[!66[4M2/FWM]$J5X]C+%BND33E!2>W]G16M7]7CL2K53D
M!"9;K-2.:#$YMNR5CS/ZUJ<>X=DI/4B0K-S:3BH".V?OX2N&KM%*'&5/49/M
M!3VBY3..!C8Y6[(/*?U40O7QJ9Z9B0F[VH$'L3Q++8;A<Z:J%4K1D70Z@MHD
MY@I>`--JP5/ M%VP.LS8/1,&+XY&2P:K(^Q&Y1HT^ .X9@U6IYD",V_P5.)&
M#A[G9B,>-TP@O(1=2P@/:2,II[:8>811A#XK"2\=PXC'@SX+"K,X3*L%(WZ_
M]8^GH,_6PF@&W.;"\&"F%YY6C188+!5IA^%)>S9C&ACF&5QQKI[KHPS-?(%M
MNV(H%&RJ9117H,F6U6'4<H#IEE$2?A,NPZO!MLH*-^:)5U*0>7&VE09Q0>
M&=4Q-4WK,-ZK7",QKT(,,R_6V UK+]ZN'9LOL\MHBQ@V/G@F51S'6#*>V8PA
MY5J2&:*&/9DY?GAV-H%MA2+EQHZ&F&.3YJ7L6*9Y*3CV:2038"-I)NI:K_FU
MEC9LP1%(<TH^K'(K-]Z0@@<X::EF=6WSNJ5GL68,((ZED1<\J&22`T.#PYEL
M/#$2&TX.90:'L]K8TU#C6J5PC2RF1U.IQOC%49V \L_TC:;[L_%H)DJ_-.A#
M2ATC3Z?52UO1K&D_JGVT!R],;1SH&\L]$T%C+-*VIXZ3&:!"FS+FX?GQ7#4/
MO)5@-J%)MERB8AG#@ZWD.6DI:FKF6<)F'3O8(AZ$GLNUB@UJ(\I05C0.YKR.
M?.6IAV^O^#P#VZ#BXAEE6<RCBY7,RL^Z3G_F)HH4;=YH2SQ[1U5>`EJCDC=U
MU,5GI'[-1TUCN3FFNN(:3Z#%GSV!3YW%'AZ+/!MX6CCD:-^??/0!ISXYC:
MBL!I1N"#T/?X:7SP^!\Y_.'@?RR80[HYF+-AG W4C4-TT @<-)8TCB)'G0)H
M++R Z6-C^4GC8M'X\/0/\[X!_J@,UYAFX)*@,55E>"H"UPF+KQ""U@;^54'@
M4^N&277P=-J<2/MGS$%S9=_$N''JR69Q#3.SAID6GV.QN8DYTSBJ6E=CXXQ,
M3: ](PHKLB4242M]:X>U0^](E/\?FA4K;RZ/W;>_L+5[VW[WY'-[UOXALY"E
MMWE_V"1?PHIFL>("O<L[ILNI62PY3V_RODG%)=W++]![O'[#G][B_7Z3?,%/
MUZWT#F]O$]DV*#>]P:/SFFY3>PHNT/N[+S<+YI5R!NI;=W[88^].YN6<CY
M_]6MOD!O[CXBG/A:OT3O[?Z2WG7)W;+M!;NR]"_L^T_O0>[:U&?/06;8FQ
M&]79[?OF]?_S^F]02P$"% `4``(`" !B1Y4G-E!>?JDH````<@``# ``````
M`````" `````````<VAU=&1O=VXN97AE4$L%!@`````!``$`.@```-,H````
!````
`
end
|
| Similar Threads | Posted | | lsass.exe | January 7, 2007, 1:48 pm |
| What does lsass.exe-System Error mean please? | August 30, 2007, 5:14 pm |
| On shell code of DCOM | February 23, 2006, 10:16 pm |
| Error Code 0x8007043c - some suggestions please | February 1, 2008, 7:31 am |
| Re: Microsoft Security Advisory (912840): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution | December 29, 2005, 2:21 pm |
|
XML site map