Windows Thread, lsass.exe in Technical; OK, this has been bugging me all morning, and before I do a wipe and reinstall windows I am wondering ...
28th January 2010, 02:42 PM #1
OK, this has been bugging me all morning, and before I do a wipe and reinstall windows I am wondering if anyone can offer some suggestions for getting rid of this annoying virus/malware problem. I've got a new machine which is locking me out of the task manager and regedit (error msg - restricted by admin) and I have narrowed it down to lsass.exe which I have managed to get rid of it in safemode with malwarebytes. The problem I have is although I can then get into the registry and task manager, as soon as I try to log in normally the files have recreated themselves and the problem persists.
What I want to know is where is this file being recreated from? I have also found reg entries for dido.exe and akaro.exo which seem to be linked, but I cant find any files which when deleted remove lsass permanently.
IDG Tech News
28th January 2010, 03:01 PM #2
You mean the Microsoft Local Security Authentication Server service?
Be wary as there is a trojan which has a process called Isass (the capial I in the default windows font looks the same)
28th January 2010, 03:06 PM #3
It may be the W32.Sasser worm, see here for removal instructionsW32.Sasser.Worm Removal - Removing Help | Symantec
penfold - have you tried SuperAntispyware to remove the trojan
Last edited by thomass; 28th January 2010 at 03:11 PM.
28th January 2010, 03:21 PM #4
Nope, not unless MS creates a reg key which blocks you frmo accessing the registry and Taskmanager
Originally Posted by Jamo
@thomass - I'll give that a go. Seems it might be easy for a rebuild but I wanted to avoid that.
Last edited by penfold; 28th January 2010 at 03:23 PM.
28th January 2010, 03:25 PM #5
- Rep Power
did you disable system restore before running malwarebytes?
28th January 2010, 03:26 PM #6
Yup, although I forgot at first.
Originally Posted by BJC
28th January 2010, 04:27 PM #7
Got it sorted now. The only thing I did differently was to also run an AVG removal software as the lsass.exe was showing as associated with AVG(even though AVG has never been installed) and I remember seeing some spyware like this before.
Thanks for those with the suggestions anyway.
By E1uSiV3 in forum Windows
Last Post: 20th July 2013, 04:47 PM
Last Post: 17th August 2010, 08:58 AM
By HodgeHi in forum Windows
Last Post: 24th June 2009, 05:53 PM
By sLiDeR in forum Windows
Last Post: 24th April 2008, 12:08 PM
By ndavies in forum Network and Classroom Management
Last Post: 30th October 2007, 04:19 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)