lsass.exe on a message board?

Discussion in 'other security issues & news' started by MikeBCda, Nov 1, 2005.

Thread Status:
Not open for further replies.
  1. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    A day or two ago I was visiting a board elsewhere, and was rather startled to see ZA (free) pop up a program-access request for lsass.exe, which has never happened before. I know it's a valid Win component (or should be, anyway), so ok'd it without the "always" tag. I've since removed it from ZA's program list because it seemed so odd.

    Any idea what could have triggered this, and whether I should be concerned? It's my understanding that lsass is primarily involved with security and encryption functions, neither of which should have been relevant to the particular site.

    Thanks and best,
    Mike

    P.S. If another forum would be more appropriate for this, by all means feel free to move it, as usual.
     
  2. Shrek

    Shrek Guest

    I'll assume you got the name right:

    Lsass.exe

    Windows NT4/2000/XP/2003 only. LSASS is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server (in technical jargon : it generates the process that is responsible for authenticating users for the Winlogon service).

    It is an integral part of your operating system that you should leave alone provided that its full path is either C:\WinNT\System32\LSASS.exe (Windows 2000) or C:\Windows\System32\LSASS.exe (Windows XP/2003). If the path is anything else then you may have a virus.

    If the full path to this program is not C:\WinNT\System32\LSASS.exe (Windows 2000) or C:\Windows\System32\LSASS.exe (Windows XP, 2003), then you have the W32.Nimos.Worm virus or some other virus.

    Recommendation :
    Make sure you have up‑to‑date reputable antivirus software and then reboot your PC into Safe Mode and run a full virus scan.

    If somehow the filename is "Lsasss.exe" then you have the W32.Sasser.E.Worm virus. Running MS Malicious Software Removal Tool fixes this, too.
     
  3. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    Thanks, Shrek. Name and location are correct -- there's also another copy (on my XP, anyway) in the Service Pack Files/i386 folder, which I understand is standard procedure for many Win system files.

    I'll just assume it was a fluke of some kind, since neither avast nor any of my other security stuff flagged any warnings nor found anything in full scans.
     
Loading...
Thread Status:
Not open for further replies.