Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Check_lsa7 What Do I Do?

  • Please log in to reply
2 replies to this topic

#1 PhilLearn


  • Members
  • 9 posts
  • Local time:02:22 AM

Posted 17 September 2007 - 09:28 AM

check_LSA7 in my hard drive (C:\ check_LSA7) seems to be a malicious item.
And in any way, I can't edit or delete it.
Does anybody here has the same experience with this file or such?

I think I'm infected because:
1. My windows XP firewall has been disabled, (was marked for deletion).
2. Safe Mode has also been disabled. My PC automatically restarts if you run it in Safe Mode.

Help me get rid of this problem.

Edited by PhilLearn, 17 September 2007 - 11:16 AM.

Posted Image

BC AdBot (Login to Remove)


#2 buddy215


  • Moderator
  • 13,490 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:22 AM

Posted 17 September 2007 - 11:32 AM

Looking around on the web, this file MAY be associated with a backdoor trojan/keylogger.
If this is the case, you have to assume your computer is completely compromised. Any financial info on the computer can be accessed by the malware. Everything you typed can be retrieved by the malware. Suggest you monitor ALL banking, credit cards, paypal, etc. You should change all passwords using another secure computer.

Post a Hijack This Log in the Hijack This Forum by following the directions in the link below. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,047 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:22 AM

Posted 17 September 2007 - 12:10 PM

Can you tell us the location of the check_LSA7.txt file? Its probably going to be located at C:\.

I am finding this file being reported on a lot of systems with vundo infections. Several folks have been instructed to upload it to jotti or virustotal but it would not upload for analysis.

Follow the the instructions for using Vundofix in BC's self-help tutorial "How To Remove Vundo/Winfixer Infection".

Download and scan with SUPERAntiSpyware Free and then try deleting the file afterwards.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users