Troubleshooting ASP.NET Machine Account and Sasser Worm

[Mudvaynelethaldosage]

I'm having a few things happen on my computer that I'm curious about. I'm not sure if it's a problem, but it's arroused my suspicion.
Recently, I've noticed that when my pc goes to a screen saver and I move the mouse to use the pc again, I have to click on my account again to log back on. I'm not sure why, perhaps someone changed a setting on my pc, although I'm puzzled at who that could be.
Upon investigation, I noticed that there are 3 accounts on my pc. My administrative account that I use, a guest account which I disabled, and "ASP.NET Machine A..." I've never noticed this before and am really curious. I clicked to change the password because it is password protected (even though I don't know the current password) and got a message saying shutdown initiated by NT AUTHORITY\SYSTEM. I had 60 seconds, and lost the majority of that getting a working pen. It listed a couple files which I didn't write down.
Now here's what I found on it in my system log:

The process winlogon.exe has initiated the restart of GRIFFIN-5J6NUSQ for the following reason: No title for this reason could be found
Minor Reason: 0x6
Shutdown Type: reboot
Comment: The system process 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp .

I have recently installed Mcfee virus scan and firewall on my system and have had problems with it previously. The VShield On-Access Systems Scanner has issues of some sort with my operating system. Here's the part of the message I get to send an error report when I try to run my antivirus

NT On-Access Scanner service. has encountered a problem and needs to close. We are sorry for the inconvenience.


I run Windows XP Professional with SP1. I don't keep it completely updated, as I'm on dial up and live out of town. T


I know I should try uninstalling McFee from my system and use something else.
I'm not sure about the crash I had. From what I could find in a search, 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with status code -1073741819, people that have the sasser worm have this problem. I've scanned for sasser and don't have it. It may be possible though that there are other similar worms that the removal tool I used doesn't remove.
Does anyone have any other ideas? I'm going to try a couple more things.

Thank you

 

[-Job-]

The ASP.NET account is created when you install the .NET framework and it's used by the ASP.NET worker process in IIS, you shouldn't delete it, you might need it in the future if you decide to use your IIS, it also shouldn't give you any problems. Changing the password wasn't a good idea because it's a system account and maybe Windows interpreted it as malicious action and decided to shutdown, or maybe it crashed for some reason (changing the password of an active/logged-in service, ...)
Also, Lsass.exe is good and a vital system process, isass.exe is some worm/virus. I don't think you have isass.
There is the option to have the computer lock when it goes to screensaver, for security, so that you have to type the password again. You can change this, right-click on your desktop, select properties, in the screensaver tab make sure the box "on resume, password protect" is unchecked.
If you're curious about changes in your settings you should review the recent history of your computer and see if there's any software that you installed that might have been responsible for it, or, if someone else also uses your computer, ask him/her if he/she changed any settings. But i don't see anything to worry about as it is (except of course for the Mcafee thing).

 

[ravenprp]

for sharing your experience and concerns about potential issues with your computer. It sounds like you have already taken some steps to try and troubleshoot the problem, such as checking your system logs and running virus scans. It is always a good idea to regularly update your operating system and security software to help prevent any potential issues or vulnerabilities.

In regards to the "ASP.NET Machine Account," this is a system account that is created when ASP.NET is installed on a computer. It is used for running ASP.NET applications and does not require a password. It is normal to see this account on your computer.

As for the error message you received about lsass.exe, this could be a sign of the Sasser worm. However, it is also possible that it could be caused by other issues. I would recommend running a thorough virus scan using a reputable antivirus program and also checking for any available updates for your operating system. It may also be helpful to check for any recently installed programs or updates that could be causing conflicts with your system.

If you continue to experience issues, it may be helpful to seek assistance from a professional computer technician or contact the manufacturer of your antivirus software for further support. It is always better to err on the side of caution when it comes to potential computer issues.