CA Inc. has published a technical document explaining server crashes in relation with the detection of the Win32/Lassrv.B virus. Windows Server 2003 is affected by the problem following the update
of CA'a eTrust Antivirus software. "There are issues with a malware sample and Vet DAT signature 30.3.3054. The realtime/scheduled scan policies need to be temporarily switched to the Inoculate engine and the signatures updated on the machines. As of September 01, 2006, Vet signature 30.3.3056 will address this; please download the updates," informed CA in the technical document.
"CA quickly discovered and fixed an issue which temporarily caused some customers to detect a problem in their Lsass.exe files," stated Bob Gordon, spokesman CA.
The 30.3.3054 signature update determined the flagging of the Windows Lsass.exe process as infected with the Win32/Lassrv.B virus and the consequent removal of the malicious software. In this context, with an amputated Lsass.exe process in the operating system's security mechanism, the Windows Server 2003 was rendered inoperable and failed to re-bot.
Additionally CA Inc. has made available a workaround, delivering instructions that would result in getting the operating system up and running again.