Results 1 to 9 of 9

Thread: lsass.exe

  1. #1
    Join Date
    Apr 2003


    I have Win XP PRO and, I hit ctr+alt+del and saw a process running called "lsass.exe" and was wondering if this was something that would harm my computer, since it's name sounds questionable.

  2. #2
    Elite Hacker
    Join Date
    Mar 2003
    I have the same thing, therefore I would have to conclude harmless, unless by some chance we both are infected with the same thing.

  3. #3
    Senior Member
    Join Date
    May 2003
    Shouldn't be a problem.

    lsass - lsass.exe - Process Information

    Process File: lsass or lsass.exe
    Process Name: Local Security Authority Service
    Description: The Windows Local Security Authority Server Process Handles Windows Security Mechanisms
    Common Errors: N/A
    System Process: Yes

  4. #4
    Senior Member
    Join Date
    Aug 2003
    it's the IPSEC listening to port 500.
    everything is ok.
    Industry Kills Music.

  5. #5
    Join Date
    Apr 2003
    Thanks, that's a relief.

  6. #6
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    The Local Secutiy Authority Service runs all your athentication (the NT security subsystem)this is not only for kereberos but NTLM domain authentication, netlogon, SSL, local sam authetication,etc. Without that service I dont believe your machine will be operable (I cant promise that, but I'm pretty sure no can logon w/o it, thats pretty inoperable )

    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  7. #7
    Join Date
    Jun 2002
    wait a minute..

    lsass.exe is and has been a longtime component of windows (server
    anyway). A check finds these sizes normally:

    11,776 bytes - Windows XP
    33,552 bytes - Windows 2000 Advanced Server
    10,000 bytes - Windows NT4

    however there is a worm with this same name...

    read more about it at http://www.securityfocus.com/archive...9/2002-09-25/0

    start at the bottom and work your way up.

    and read thru these.

    there was a thread here at AO about this... here it is.

    here is more on that LSASS.EXE from from Symantec

    W32.HLLW.Lovgate@mm is a mass mailing worm that attempts to email itself to all the email addresses that it finds in the files with the file extension that starts with "ht" (for example, all the .htm or .hta files). The subject and attachment of the incoming email will be chosen from a predetermined list.

    W32.HLLW.Lovgate@mm also attempts to copy itself to all the computers on a local network, and then infect these computers. The worm also has a backdoor Trojan capability. By default, the Trojan component listens on port 10168.

    If the infected computer is running Windows NT, 2000, or XP, the worm will attempt to disguise itself as the normal Windows process, "LSASS.EXE."

    W32.HLLW.Lovgate@mm is written in the C++ programming language and is compressed with ASPack.

    Type: Worm
    Infection Length: 77,312 bytes
    Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
    Systems Not Affected: Windows 3.x, Macintosh, OS/2, UNIX, Linux
    you're probably ok.. but it never hurts to read up and check on it.. just thought you should know

  8. #8
    Junior Member
    Join Date
    Nov 2003
    Check it's Created date. It is legit.

  9. #9
    Senior Member
    Join Date
    Jul 2003
    ad-aware detects that same malware running on my machine, but it can't remove it cause it's being used.
    But if you kill it through task manager you sys won't be able to run and it automatically reboots. (at least mine does that).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts