lsass.exe

Discussion in 'Computer Security' started by Chuck Bollinger, Aug 6, 2005.

  1. I went up to Process Information to find out what this is because the
    upgrade of Zone Alarm I have keeps alerting me to "dangers". I wasn't
    totally reassured because of some reference to worms and such. Said to
    check the path: It's in WINNT/System32. Interestingly it's the only
    file that's in all upper case 33KB size.

    You can tell that I'm pretty unsophisticated about this stuff. Could I
    ask what the group thinks about this and what I should do about allowing
    or denying it permission to open svchost -k?

    Thanks
    Chuck Bollinger, Aug 6, 2005
    #1
    1. Advertising

  2. From: "Chuck Bollinger" <>

    | I went up to Process Information to find out what this is because the
    | upgrade of Zone Alarm I have keeps alerting me to "dangers". I wasn't
    | totally reassured because of some reference to worms and such. Said to
    | check the path: It's in WINNT/System32. Interestingly it's the only
    | file that's in all upper case 33KB size.
    |
    | You can tell that I'm pretty unsophisticated about this stuff. Could I
    | ask what the group thinks about this and what I should do about allowing
    | or denying it permission to open svchost -k?
    |
    | Thanks
    |

    That's what I have -- C:\WINNT\system32\LSASS.EXE, 33KB.

    Looks like it is the correct file and the FireWall software is over exuberant in its
    warnings.

    Just in case, you can use the following tool to scan your computer for Internet worms and
    other viruses.


    Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
    (.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
    remove
    viruses and various other malware.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode. This
    way all the components can be downloaded from each AV vendor’s web site.
    The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file.

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to allow it to download the needed AV vendor related files.

    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Aug 6, 2005
    #2
    1. Advertising

  3. Chuck Bollinger

    Jon Tullett Guest

    Chuck Bollinger wrote:
    > I went up to Process Information to find out what this is because the
    > upgrade of Zone Alarm I have keeps alerting me to "dangers". I wasn't
    > totally reassured because of some reference to worms and such. Said to
    > check the path: It's in WINNT/System32. Interestingly it's the only
    > file that's in all upper case 33KB size.
    >
    > You can tell that I'm pretty unsophisticated about this stuff. Could I
    > ask what the group thinks about this and what I should do about allowing
    > or denying it permission to open svchost -k?
    >


    lsass.exe is the local security authority service. It should be safe,
    but you might want to run it through a virus scanner first to be
    certain: worms such as MyDoom have been known to use the same (or
    similar looking) filenames.

    Why does lsass want to use svchost for? Probably for remote admin or
    remote login, but I'm not 100% certain.

    -J
    Jon Tullett, Aug 12, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Plz help

    lsass.exe has terminated system shutdown in 60secs

    Plz help, May 2, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    6,976
    Plz help
    May 2, 2004
  2. bgordon
    Replies:
    3
    Views:
    15,246
    Reid Decker
    May 31, 2004
  3. Bob Thompson
    Replies:
    9
    Views:
    89,015
    HajraPeti
    Jan 11, 2011
  4. Silverstrand

    Do you know your lsass.exe from your isass.exe?

    Silverstrand, Nov 14, 2006, in forum: Front Page News
    Replies:
    0
    Views:
    682
    Silverstrand
    Nov 14, 2006
  5. =?Utf-8?B?Um90ZW0gQXJub24=?=

    logonui.exe and lsass.exe cpu usage when more than 20 user account

    =?Utf-8?B?Um90ZW0gQXJub24=?=, Feb 5, 2007, in forum: Windows 64bit
    Replies:
    5
    Views:
    2,149
    Dshai
    Feb 7, 2007
Loading...

Share This Page