Ask Leo! by Leo A. Notenboom

What are "LSASS", "LSASS.EXE" and "Sasser" and how do I know if I'm infected? What do I do if I am?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Home » Windows

Comments

All Comments on: What are "LSASS", "LSASS.EXE" and "Sasser" and how do I know if I'm infected? What do I do if I am?

Read the article that everyone's commenting on.
RSS feed Subscribe to the RSS Feed for comments on this article.

Comment Page:  1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  11  |  12  |  13  |  14  |  15  |  16  |  17  |  18  |  19  |  20  |  21  |  22  |  23  |  24  |  25  |  26  |  27  |  28  |  29 

When my PC boots it tells me that LSASS has changed since the last time I used it. My firewall asks if I want to continue. Is this a sign that LSASS has been infected??

Posted by: Clinton Heintzelman at June 24, 2004 2:01 PM

It could be. Run a virus scan.

Posted by: Leo at June 24, 2004 3:03 PM

hi,
my pcs been infected by sasser and i deleted the lsass.exe file,now the pc wont boot in xp(i have dual boot option).kindly tell me if pasting lsass.exe file from a friends pc would solve the problem of booting or do i have to install xp again.

Posted by: Bhavin at June 29, 2004 12:45 PM

If that friend has the same version of Windows, yes, that should work.

Posted by: Leo at June 29, 2004 8:17 PM

Sorry i don't think this is about the sasser virus but I have this system component called winsecurity.exe start when windows does. It appears in my task manager and starts to sap all cpu power. I can end the task and get all my speed back but the next time i reboot it appears again. Does anyone know what virus this is and how to stop it? Will it get worse? I am completely up to date with nortan but it doesn't seem to catch it. Help!

Posted by: brice at June 30, 2004 12:48 PM

Winsecurity.exe is evidently spyware/malware. You should run a spyware scan and that should clean it up. Recommendations for specific programs on my recommendations site: http://ask-leo.com/d-recommend

Posted by: Leo at June 30, 2004 3:20 PM

I have a laptop (acer) and at windows start up => i have the following alert(before even the case withe the password and the user name): "lsass.exe" -system error. i have to press ok and the pc restarts and so on. It is very probable that sasser has overwrited the file lsass.exe.
Please help me: what can i do, because i can't event start the windos completely, i can't acces the menu, i can't start the safe modde either. please help me.

Posted by: Togo at July 2, 2004 6:08 AM

It typically means booting from floppy or CD to be able to correct the error. This article may help: http://ask-leo.com/archives/000253.html

Posted by: Leo at July 2, 2004 8:53 AM

Nen: I'd double check your browser settings, perhaps run the system file checker and a spyware scan. If you can use messenger applications and were able to download the patch, then you *are* accessing the internet ... this looks more like a browser-specific issue.

Posted by: Leo at July 2, 2004 10:02 AM

emm hi I get no error on my pc but in in the task manager(win xp) theres a lot of processes called 1-lssas.exe 2-lssas.exe 3-lsass.exe...and so on I dont know if my pc is infected what should I do?

Posted by: Eric at July 2, 2004 2:47 PM
Comment Page:  1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  11  |  12  |  13  |  14  |  15  |  16  |  17  |  18  |  19  |  20  |  21  |  22  |  23  |  24  |  25  |  26  |  27  |  28  |  29 
Read the article that everyone's commenting on.
RSS feed Subscribe to the RSS Feed for comments on this article.
Post a Comment

To post a comment on "What are "LSASS", "LSASS.EXE" and "Sasser" and how do I know if I'm infected? What do I do if I am?", please return to that article's main page.

Question? Ask Leo!

http://ask-leo.com/comments_001936.php
Copyright © 2003-2009 Puget Sound Software, LLC and Leo A. Notenboom

Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure