Windows component deleted by CA antivirus
Some Windows 2003 users have been experiencing problems with the operating system recently after antivirus software from CA wrongly detected part of the operating system as malware.
At the heart of the problem is part of Windows' in-built security, a file called Lsass.exe. This was wrongly detected as a virus by CA's eTrust software and was deleted, causing some servers to crash and fail to reboot.
CA claims to have quickly spotted and remedied the problem and has advised affected users to find out how to fix it here. Users can also get the latest, amended update from the CA Web site.
The cause of the confusion seems to be Lsass.exe being mistaken for the Trojan Win32/Lassrv.B.
Lassrv.B was discovered in the wild on 24 August and was rated as a very low threat. The problem for Windows 2003 and eTrust users occurred in a subsequent signature update from CA on Friday 1 September.