I have Win XP PRO and, I hit ctr+alt+del and saw a process running called "lsass.exe" and was wondering if this was something that would harm my computer, since it's name sounds questionable.
Printable View
I have Win XP PRO and, I hit ctr+alt+del and saw a process running called "lsass.exe" and was wondering if this was something that would harm my computer, since it's name sounds questionable.
I have the same thing, therefore I would have to conclude harmless, unless by some chance we both are infected with the same thing.
Shouldn't be a problem. :)
Quote:
lsass - lsass.exe - Process Information
Process File: lsass or lsass.exe
Process Name: Local Security Authority Service
Description: The Windows Local Security Authority Server Process Handles Windows Security Mechanisms
Common Errors: N/A
System Process: Yes
it's the IPSEC listening to port 500.
everything is ok.
Thanks, that's a relief.
The Local Secutiy Authority Service runs all your athentication (the NT security subsystem)this is not only for kereberos but NTLM domain authentication, netlogon, SSL, local sam authetication,etc. Without that service I dont believe your machine will be operable (I cant promise that, but I'm pretty sure no can logon w/o it, thats pretty inoperable :) )
-Maestr0
wait a minute..
lsass.exe is and has been a longtime component of windows (server
anyway). A check finds these sizes normally:
11,776 bytes - Windows XP
33,552 bytes - Windows 2000 Advanced Server
10,000 bytes - Windows NT4
however there is a worm with this same name...
read more about it at http://www.securityfocus.com/archive...9/2002-09-25/0
start at the bottom and work your way up.
and read thru these.
http://www.google.com/search?hl=en&l...=Google+Search
there was a thread here at AO about this... here it is.
http://www.antionline.com/showthread...readid=240227&
here is more on that LSASS.EXE from from Symantec
http://securityresponse.symantec.com...ovgate@mm.html
you're probably ok.. but it never hurts to read up and check on it.. just thought you should knowQuote:
W32.HLLW.Lovgate@mm is a mass mailing worm that attempts to email itself to all the email addresses that it finds in the files with the file extension that starts with "ht" (for example, all the .htm or .hta files). The subject and attachment of the incoming email will be chosen from a predetermined list.
W32.HLLW.Lovgate@mm also attempts to copy itself to all the computers on a local network, and then infect these computers. The worm also has a backdoor Trojan capability. By default, the Trojan component listens on port 10168.
If the infected computer is running Windows NT, 2000, or XP, the worm will attempt to disguise itself as the normal Windows process, "LSASS.EXE."
W32.HLLW.Lovgate@mm is written in the C++ programming language and is compressed with ASPack.
Type: Worm
Infection Length: 77,312 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Windows 3.x, Macintosh, OS/2, UNIX, Linux
Check it's Created date. It is legit.
ad-aware detects that same malware running on my machine, but it can't remove it cause it's being used.
But if you kill it through task manager you sys won't be able to run and it automatically reboots. (at least mine does that).