Ask Leo! by Leo A. Notenboom

What are "LSASS", "LSASS.EXE" and "Sasser" and how do I know if I'm infected? What do I do if I am?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Home » Windows

Comments

All Comments on: What are "LSASS", "LSASS.EXE" and "Sasser" and how do I know if I'm infected? What do I do if I am?

Read the article that everyone's commenting on.
RSS feed Subscribe to the RSS Feed for comments on this article.

Comment Page:  1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  11  |  12  |  13  |  14  |  15  |  16  |  17  |  18  |  19  |  20  |  21  |  22  |  23  |  24  |  25  |  26  |  27  |  28  |  29 

I have the lsass.exe worm and i am trying to remove it but every website i go to and use their virus removal tool says i am not infected. HELP

Posted by: Jana at June 11, 2004 1:13 PM

Dear Jana

lsass.exe is no worm, no virus and no trojan. It's a file from Microsoft for manage the system rights.
either it's sober:
http://www.symantec.com/avcenter/venc/data/w32.sober.removal.tool.html

or it's Lovegate:
http://securityresponse1.symantec.com/sarc/sarc.nsf/html/w32.hllw.lovgate@mm.html

if someone knows something else, that it could be, please mail me!

Posted by: jasmin at June 14, 2004 5:40 AM

You're correct Jasmin, LSASS.EXE is a part of Windows - it's a required system file that happens to show up in the error message when you are infected with any of a number of different viruses. You list two, there's also Sasser and several others. THe best thing to do it to keep your virus signatures up to date, run virus scans periodically, and even scan with a second AV program from time to time. And of course follow the other steps in the article.

Posted by: Leo at June 14, 2004 8:53 AM

is it possible to include a small SASSER fix on this website?

Posted by: dan at June 14, 2004 12:25 PM

I've provided pointers to the fix in the article.

Posted by: Leo at June 14, 2004 12:26 PM

I was wondering if totally wiping your harddrive and reinstalling xp pro will get rid of the sasser virus? If it does will previous files i saved on a cd when i had the virus still be potential infectors?

Posted by: brice at June 14, 2004 1:19 PM

It depends on the files, but the short answer is probably yes. The safest thing to do is to run a virus scan on those files before you copy them back. And make sure that when you reinstall you're protected by a firewall so you don't immediately get the virus again over the net.

Posted by: Leo at June 14, 2004 5:51 PM

i forget my windows 2000 server administrator password
how to change my password or do i reinstall it

Posted by: amalg at June 14, 2004 10:18 PM

Can someone post a link with a list of possible virusses and trojans that uses lsass.exe?

I try to find out wich one my friend has. I tried Sasser, Blaster, Sober and Lovegate, but I didn't found the right one.

Posted by: jasmin at June 15, 2004 11:10 PM

There's not much point as the list changes almost daily. My recommendation is to use a virus scanner and it will report which one.

Posted by: Leo at June 15, 2004 11:13 PM
Comment Page:  1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  11  |  12  |  13  |  14  |  15  |  16  |  17  |  18  |  19  |  20  |  21  |  22  |  23  |  24  |  25  |  26  |  27  |  28  |  29 
Read the article that everyone's commenting on.
RSS feed Subscribe to the RSS Feed for comments on this article.
Post a Comment

To post a comment on "What are "LSASS", "LSASS.EXE" and "Sasser" and how do I know if I'm infected? What do I do if I am?", please return to that article's main page.

Question? Ask Leo!

http://ask-leo.com/comments_001936.php
Copyright © 2003-2009 Puget Sound Software, LLC and Leo A. Notenboom

Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure