To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/malware/0,3800003100,39162022,00.htm

CA antivirus deletes Windows component
Oops...

By Will Sturgeon

Published: Monday 04 September 2006

Some Windows 2003 users have been experiencing problems with the operating system recently after antivirus software from CA wrongly detected part of the operating system as malware.

At the heart of the problem is part of Windows' in-built security, a file called Lsass.exe. This was wrongly detected as a virus by CA's eTrust software and was deleted, causing some servers to crash and fail to reboot.

CA claims to have quickly spotted and remedied the problem and has advised affected users to find out how to fix it here. Users can also get the latest, amended update from the CA website.

The cause of the confusion seems to be Lsass.exe being mistaken for the Trojan Win32/Lassrv.B.

Lassrv.B was discovered in the wild on 24 August and was rated as a very low threat. The problem for Windows 2003 and eTrust users occurred in a subsequent signature update from CA on Friday 1 September.