+ Post New Thread
Results 1 to 7 of 7
Windows Thread, lsass.exe in Technical; OK, this has been bugging me all morning, and before I do a wipe and reinstall windows I am wondering ...
  1. #1


    Join Date
    Sep 2008
    Posts
    1,806
    Thank Post
    332
    Thanked 262 Times in 214 Posts
    Rep Power
    120

    lsass.exe

    OK, this has been bugging me all morning, and before I do a wipe and reinstall windows I am wondering if anyone can offer some suggestions for getting rid of this annoying virus/malware problem. I've got a new machine which is locking me out of the task manager and regedit (error msg - restricted by admin) and I have narrowed it down to lsass.exe which I have managed to get rid of it in safemode with malwarebytes. The problem I have is although I can then get into the registry and task manager, as soon as I try to log in normally the files have recreated themselves and the problem persists.

    What I want to know is where is this file being recreated from? I have also found reg entries for dido.exe and akaro.exo which seem to be linked, but I cant find any files which when deleted remove lsass permanently.

    Any ideas?

  2. #2
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,355
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    You mean the Microsoft Local Security Authentication Server service?

    Be wary as there is a trojan which has a process called Isass (the capial I in the default windows font looks the same)

  3. #3
    thomass's Avatar
    Join Date
    Nov 2009
    Posts
    20
    Thank Post
    0
    Thanked 5 Times in 3 Posts
    Rep Power
    11
    It may be the W32.Sasser worm, see here for removal instructionsW32.Sasser.Worm Removal - Removing Help | Symantec

    penfold - have you tried SuperAntispyware to remove the trojan
    Last edited by thomass; 28th January 2010 at 02:11 PM.

  4. #4


    Join Date
    Sep 2008
    Posts
    1,806
    Thank Post
    332
    Thanked 262 Times in 214 Posts
    Rep Power
    120
    Quote Originally Posted by Jamo View Post
    You mean the Microsoft Local Security Authentication Server service?

    Be wary as there is a trojan which has a process called Isass (the capial I in the default windows font looks the same)
    Nope, not unless MS creates a reg key which blocks you frmo accessing the registry and Taskmanager

    @thomass - I'll give that a go. Seems it might be easy for a rebuild but I wanted to avoid that.
    Last edited by penfold; 28th January 2010 at 02:23 PM.

  5. #5
    BJC
    BJC is offline

    Join Date
    Dec 2009
    Location
    West Mids
    Posts
    39
    Thank Post
    2
    Thanked 1 Time in 1 Post
    Rep Power
    0
    did you disable system restore before running malwarebytes?

  6. #6


    Join Date
    Sep 2008
    Posts
    1,806
    Thank Post
    332
    Thanked 262 Times in 214 Posts
    Rep Power
    120
    Quote Originally Posted by BJC View Post
    did you disable system restore before running malwarebytes?
    Yup, although I forgot at first.

  7. #7


    Join Date
    Sep 2008
    Posts
    1,806
    Thank Post
    332
    Thanked 262 Times in 214 Posts
    Rep Power
    120
    Got it sorted now. The only thing I did differently was to also run an AVG removal software as the lsass.exe was showing as associated with AVG(even though AVG has never been installed) and I remember seeing some spyware like this before.

    Thanks for those with the suggestions anyway.

SHARE:
+ Post New Thread

Similar Threads

  1. DSStore.exe
    By E1uSiV3 in forum Windows
    Replies: 8
    Last Post: 20th July 2013, 03:47 PM
  2. Annoying csrss.exe final.exe virus
    By AXE in forum Windows
    Replies: 1
    Last Post: 17th August 2010, 07:58 AM
  3. Lsass.exe error
    By HodgeHi in forum Windows
    Replies: 11
    Last Post: 24th June 2009, 04:53 PM
  4. Lsass.exe - System Error
    By sLiDeR in forum Windows
    Replies: 4
    Last Post: 24th April 2008, 11:08 AM
  5. Lsass.exe and Lssas.exe
    By ndavies in forum Network and Classroom Management
    Replies: 5
    Last Post: 30th October 2007, 03:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •