Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > lsass.exe

Reply
Thread Tools

lsass.exe

 
 
Chuck Bollinger
Guest
Posts: n/a
 
      08-06-2005
I went up to Process Information to find out what this is because the
upgrade of Zone Alarm I have keeps alerting me to "dangers". I wasn't
totally reassured because of some reference to worms and such. Said to
check the path: It's in WINNT/System32. Interestingly it's the only
file that's in all upper case 33KB size.

You can tell that I'm pretty unsophisticated about this stuff. Could I
ask what the group thinks about this and what I should do about allowing
or denying it permission to open svchost -k?

Thanks



 
Reply With Quote
 
 
 
 
David H. Lipman
Guest
Posts: n/a
 
      08-06-2005
From: "Chuck Bollinger" <(E-Mail Removed)>

| I went up to Process Information to find out what this is because the
| upgrade of Zone Alarm I have keeps alerting me to "dangers". I wasn't
| totally reassured because of some reference to worms and such. Said to
| check the path: It's in WINNT/System32. Interestingly it's the only
| file that's in all upper case 33KB size.
|
| You can tell that I'm pretty unsophisticated about this stuff. Could I
| ask what the group thinks about this and what I should do about allowing
| or denying it permission to open svchost -k?
|
| Thanks
|

That's what I have -- C:\WINNT\system32\LSASS.EXE, 33KB.

Looks like it is the correct file and the FireWall software is over exuberant in its
warnings.

Just in case, you can use the following tool to scan your computer for Internet worms and
other viruses.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove
viruses and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendorís web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
 
 
 
Jon Tullett
Guest
Posts: n/a
 
      08-12-2005
Chuck Bollinger wrote:
> I went up to Process Information to find out what this is because the
> upgrade of Zone Alarm I have keeps alerting me to "dangers". I wasn't
> totally reassured because of some reference to worms and such. Said to
> check the path: It's in WINNT/System32. Interestingly it's the only
> file that's in all upper case 33KB size.
>
> You can tell that I'm pretty unsophisticated about this stuff. Could I
> ask what the group thinks about this and what I should do about allowing
> or denying it permission to open svchost -k?
>


lsass.exe is the local security authority service. It should be safe,
but you might want to run it through a virus scanner first to be
certain: worms such as MyDoom have been known to use the same (or
similar looking) filenames.

Why does lsass want to use svchost for? Probably for remote admin or
remote login, but I'm not 100% certain.

-J
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Advertisments