Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

ETrust definition build 30.3.3054 nuking Windows Server 2003

September 1st 2006 in Uncategorized

ETrust is misdetecting lsass.exe as Win32/Lassrv.B, leaving servers unbootable. 

Instructions on how to recover lsass.exe and get your server going again, and how to stop Etrust from immediately re-deleting lsass.exe can be found here:


I really do wonder, sometimes, how much testing happens before definition builds are released – "server down" is a seriously bad event.

Note: The SBS team have also posted about this problem on their official blog:

When you restart Windows Server 2003, the computer may display a gray screen or may appear to stop responding:

Edit 10 September – more important info:


2 comments to...
“ETrust definition build 30.3.3054 nuking Windows Server 2003”


We suffered from this and as it displayed the same symptoms as sasser/blaster it took a while to get to the bottom of it. Eventually on a call to Microsoft the engineer asked me what AV I was using and immediately knew the problem was caused by CA, so obviously they had dealt with a few calls.

4 hours in total to work out what was wrong and fix it, who in CA should I send the bill to?

Don B

Yes who will pay for the support time, we had 3 servers go total support time > 12 hours. We also found out from Microsoft, CA where very quiet and didn’t say much on their web site.

I’ve had to change over to default skin while we work out some weird problems – hopefully things will be worked out soon.

Previous Entry

Ok, so I’ve commandeered the kids’ games computer to test upgrading to Vista RC1 – my primary interest being how it handles an upgrade of a system that has been joined to an SBS managed network.
The upgrade started at 6.00pm local time, and here it is 9.07 pm and we’re still going.
The install failed with […]

Next Entry