Windows component deleted by CA antivirus

CA's eTrust software wrongly identified Windows' in-built security as malware, and a fix has been made available
Written by Will Sturgeon, Contributor

Some Windows 2003 users have been experiencing problems with the operating system recently after antivirus software from CA wrongly detected part of the operating system as malware.

At the heart of the problem is part of Windows' in-built security, a file called Lsass.exe. This was wrongly detected as a virus by CA's eTrust software and was deleted, causing some servers to crash and fail to reboot.

CA claims to have quickly spotted and remedied the problem and has advised affected users to find out how to fix it here. Users can also get the latest, amended update from the CA Web site.

The cause of the confusion seems to be Lsass.exe being mistaken for the Trojan Win32/Lassrv.B.

Lassrv.B was discovered in the wild on 24 August and was rated as a very low threat. The problem for Windows 2003 and eTrust users occurred in a subsequent signature update from CA on Friday 1 September.

Editorial standards