Question:
Urgent help! I found an LSASS.EXE file in wrong directory! Could it be a worm?
2009-01-23 03:04:45 UTC
My C:\Documents and Settings\All Users\Application Data\Fearghus contains an lsass.exe file and I suspect it as a worm?

Can anybody give me some info? I want to get rid of it but it could not be removed!

Thanks!
Twelve answers:
Phonics
2009-01-27 15:19:59 UTC
The Microsoft LSASS.exe file is essential, however, a virus or worm may have simply created a second LSASS.exe file, or named itself LSASS.exe. This is a characteristic of the worm MYDOOM.L

The trick is to know whether the file is legitimate or not.

Good anti-virus/antimalware software will let you know.



Use these powerful tools free:

Avira Anti-Virus (highest rated detection, Kaspersky is excellent too but not free) -- www.avira.com



Malwarebytes Anti-malware --

www.malwarebytes.org/mbam.php



SuperAntispyware --

www.superantispyware.com



Spybot Search and Destroy --

www.safer-networking.org/



One or all of these should find and eliminate the problem.

You may want to also try a scan in Windows safe mode. Restart, then press F8 before the welcome screen. Choose Safe Mode.

Safe mode loads only the bare minimum for Windows to operate, so your monitor may only display 640 x480. Avira may not work in safe mode but the others should. Good luck!
The Noodle
2009-01-23 03:11:20 UTC
The process lsass.exe serves as the Local Security Authentication Server by Microsoft, Inc. It is responsible for the enforcement of the security policy within the operating system. This process checks whether a user’s supplied identification is valid or not whenever he or she tries to access the computer system.



With the execution of the file lsass.exe, the system acquires security by preventing the access of unwanted users to any private information. The file lsass.exe also handles the password modifications done by the user.



The process lsass.exe mainly operates in the system through its ability to create access tokens. These tokens encapsulate the file’s security descriptor, which contains the necessary information to process user authentication such as data on which user holds access to the system and whether the access is mandatory or discretionary.







Note: lsass.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.



Note: lsass.exe is registered as a downloader. This process usually comes bundled with a virus or spyware and its main role is to do nothing other than download other viruses/spyware to your computer. This process is a security risk and should be removed from your system.



~



Since you can't seem to delete it the first thing to try is hold down shift then press delete while the file is selected, this removes it without putting it in the recycle bin, alternatively you can download AVG or Zonealarm, these are free virus programs and work well.



Zonealarm Download:

http://www.download.com/ZoneAlarm-Firewall-Windows-2000-XP-/3000-10435_4-10039884.html



AVG Download:

http://free.avg.com/download-avg-anti-virus-free-edition
2009-01-23 03:08:07 UTC
The process lsass.exe serves as the Local Security Authentication Server by Microsoft, Inc. It is responsible for the enforcement of the security policy within the operating system. This process checks whether a user’s supplied identification is valid or not whenever he or she tries to access the computer system.



In short: Its not a virus.
2009-01-23 03:13:32 UTC
lsass.exe should be located in windows\system32. if it happens to be sitting somewhere else, then most probably it is a virus/worm. Take note that lsass.exe can crash your system and may activate everytime you reboot your computer. So, get rid of it before it wreck havoc on your computer.
barrick
2016-10-25 14:38:41 UTC
C. he remains a thief. He must have stayed there for a lengthy time period to work out if someone ought to come again searching for it, or he must have given it to the employees in case someone ought to come again or call asking about it. and because that he grow to be of route waiting to be certain who the owner grow to be, he must have again the entire component, not purely the archives. He did the incorrect component. he's deceptive and grasping. Returning the archives, besides the actual incontrovertible reality that perchance more effective appropriate than not some thing, isn't sufficient. obviously the owner needs the computer again too. Your pal ought to favor a similar if the tables were became.
. ʌvʌvʌ .
2009-01-23 03:12:24 UTC
"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC.









weary_ronin
2009-01-23 03:08:30 UTC
Do an online virus scan if you dont have one installed on your computer- Trend Micro and Panda Software certainly offer these for free, and they should be able to pick up if it is a virus of some kind.
infestation_of_souls
2009-01-23 03:08:51 UTC
Maybe... Your best guess is to go with the best anti-virus software out there - Avast.



http://www.avast.com/



All you need to do is give them your email address and you're set forever. They update several times a day, and usually catch the best of them.



Good luck!
DУϨL∃ҲIC bunny
2009-01-23 03:15:35 UTC
Yes it is most probably some kind of virus/worm. you should definitely run an antivirus scan.



Check out this page:

http://www.neuber.com/taskmanager/process/lsass.exe.html
2009-01-23 03:11:23 UTC
its a windows system file, it prevents unauthorised access
crazy.highlander
2009-01-23 03:11:50 UTC
yeah man i got that and it killed my computer,



get rid of it!!
robert r
2009-01-23 03:08:02 UTC
use malwarebytes


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...