What are "LSASS", "LSASS.EXE" and "Sasser" and how do I know if I'm infected? What do I do if I am?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Comments

All Comments on: What are "LSASS", "LSASS.EXE" and "Sasser" and how do I know if I'm infected? What do I do if I am?

Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.

Comment Page: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29

I'd make sure you were behind a firewall ... sounds like you're getting re-infected fairly quickly. Also sounds like you're not completely patched and/or up to date.

Posted by: Leo at September 9, 2004 7:27 PM

I had troubles with Sasser in June, cleaned my computer and now it's OK.
I'm now looking through my computer and find in \Windows\PCHealth\ErrorRep\UserDump more than 100 files named : "lsass.exe.20040505-191212-00.hdmp" (264 MB!!!!). Can I delete these files?
Thanks,
Leslie

Posted by: Leslie at September 18, 2004 3:42 AM

I sure would. If you're at all concerned, first copy them to some off-line storage (i.e. burn them to a CD-ROM) in case for some reason they'd need to be replaced, but it seems unlikely.

Posted by: Leo at September 18, 2004 9:04 AM

look at http://www.processlibrary.com/directory/files/lsass/

Posted by: dan at September 27, 2004 3:44 AM

I have a runaway task: lsass.exe and I can't get it to stop. My task manager shows my cpu usage to be a constant 75-100%. Lsass.exe as a process is using 84,904K of memory. I don't think I am infected with a virus: I have been running updated antivirus and firewall. Are there any known problems with this program other than virus infection? Any help would be greatly appreciated.
Ben

Posted by: Ben at September 29, 2004 7:25 PM

All the cases I've heard about so far has been virus related - either being infected, or being under attack. So I don't really have any good answers for you. If that's a hardware firewall, and there are other machines behind it with you, you might double check that one of them isn't infected and attacking. Might also be good to use an additional different virus scanner, and double check that you're up to date at windows update.

Posted by: Leo at September 29, 2004 7:28 PM

hi there, every time i run my virus checker, it runs for so long and then restarts my computer. is there anything i can do to stop it shutting down so as i can run the full virus checker??

Posted by: julian at October 2, 2004 2:24 PM

sorry, i forgot to mention im on windows xp

Posted by: julian at October 2, 2004 2:27 PM

I'd try another virus checker. There are several free on the net (check my recommendations page: http://ask-leo.com/d-recommend )

Posted by: Leo at October 2, 2004 4:07 PM

I have computer running with Windows 2000 Professional. Now the problem is that, when i start computer it will automatically
shut down after some time and searched for this is error and it is due to lsass.exe worm problem.
I am really frustrating of getting this error. I also found that this error due to lsass.exe virus. Is this true? My computer shutdown due to this lsass.exe shutdown error. Suggest me how do fix this lsass.exe error?

I am very thankful to you if you will suggest me any solution.

Posted by: dushyant at October 13, 2004 11:04 AM

Comment Page: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29

Read the article that everyone's commenting on.

Subscribe to the RSS Feed for comments on this article.