nasty lsass.exe in documents and settings

Discussion in 'malware problems & news' started by jasondhsd, Jun 14, 2008.

Thread Status:
Not open for further replies.
  1. jasondhsd

    jasondhsd Registered Member

    Jun 14, 2008
    Has anyone come across this thing? A file called lsass.exe located in c:\documents and settings\username

    I came across this when cleaning out a clients computer from what I gather it goes onto the internet and downloads other malware. It will infect any writable usb memory inserted into the machine...such as my usb kit and when said USB stick is inserted into another machine it will infect that machine too. I found this out when I just finished doing a clean install of windows and put my usb stick in to install AVG and next thing I know I get that dreaded yellow caution symbol down in the system tray and the pop-ups to buy antivirus. THis was a brand new clean install with legit software and the only site I was on with the system was windows update. So I installed AVG and it had a dozen medium to high trojans, downloaders, bots after only 10 mins of scanning. Hijack this showed a ton of suspect dll files. And then I saw the lsass.exe in the c:\documents and settings\username and thats when I put everything together. I looked on my usb stick and there was a file a hidden file called start.exe that had the same icon as the lsass.exe file.

    Both with the laptop and the clients computer that originally got infected I was able to clear the file but only by disabling system restore first or the file would reappear on startup. As for the laptop I just started over again.
  2. Kosak

    Kosak Registered Member

    Jul 25, 2007

    I saw a lot of similar things. You can run only one harmful file, which starts download next files from network and install it to computer. The best solution is using antivirus with actual virus database, firewall and own head.

  3. LoneWolf

    LoneWolf Registered Member

    Jan 2, 2006
    Maybe this was what your client was experancing.

    Hi Kosak,
    You must be referring to security suites.
    That is a matter of opinion and personal taste.
    Myself I prefer separate apps.
    Layered security if you will. :D
    Last edited: Jun 14, 2008
  4. HURST

    HURST Registered Member

    Jul 20, 2007
    disable autoplay on your computer in order to clean your usb stick...
Thread Status:
Not open for further replies.