-
November 27th, 2003, 05:51 AM
#1
Banned
lsass.exe
I have Win XP PRO and, I hit ctr+alt+del and saw a process running called "lsass.exe" and was wondering if this was something that would harm my computer, since it's name sounds questionable.
-
November 27th, 2003, 05:55 AM
#2
I have the same thing, therefore I would have to conclude harmless, unless by some chance we both are infected with the same thing.
-
November 27th, 2003, 05:55 AM
#3
Shouldn't be a problem.
lsass - lsass.exe - Process Information
Process File: lsass or lsass.exe
Process Name: Local Security Authority Service
Description: The Windows Local Security Authority Server Process Handles Windows Security Mechanisms
Common Errors: N/A
System Process: Yes
-
November 27th, 2003, 05:57 AM
#4
Senior Member
it's the IPSEC listening to port 500.
everything is ok.
-
November 27th, 2003, 05:57 AM
#5
Banned
-
November 27th, 2003, 06:19 AM
#6
The Local Secutiy Authority Service runs all your athentication (the NT security subsystem)this is not only for kereberos but NTLM domain authentication, netlogon, SSL, local sam authetication,etc. Without that service I dont believe your machine will be operable (I cant promise that, but I'm pretty sure no can logon w/o it, thats pretty inoperable )
-Maestr0
\"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
-
November 27th, 2003, 06:27 AM
#7
wait a minute..
lsass.exe is and has been a longtime component of windows (server
anyway). A check finds these sizes normally:
11,776 bytes - Windows XP
33,552 bytes - Windows 2000 Advanced Server
10,000 bytes - Windows NT4
however there is a worm with this same name...
read more about it at http://www.securityfocus.com/archive...9/2002-09-25/0
start at the bottom and work your way up.
and read thru these.
http://www.google.com/search?hl=en&l...=Google+Search
there was a thread here at AO about this... here it is.
http://www.antionline.com/showthread...readid=240227&
here is more on that LSASS.EXE from from Symantec
http://securityresponse.symantec.com...ovgate@mm.html
W32.HLLW.Lovgate@mm is a mass mailing worm that attempts to email itself to all the email addresses that it finds in the files with the file extension that starts with "ht" (for example, all the .htm or .hta files). The subject and attachment of the incoming email will be chosen from a predetermined list.
W32.HLLW.Lovgate@mm also attempts to copy itself to all the computers on a local network, and then infect these computers. The worm also has a backdoor Trojan capability. By default, the Trojan component listens on port 10168.
If the infected computer is running Windows NT, 2000, or XP, the worm will attempt to disguise itself as the normal Windows process, "LSASS.EXE."
W32.HLLW.Lovgate@mm is written in the C++ programming language and is compressed with ASPack.
Type: Worm
Infection Length: 77,312 bytes
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Windows 3.x, Macintosh, OS/2, UNIX, Linux
you're probably ok.. but it never hurts to read up and check on it.. just thought you should know
-
November 27th, 2003, 06:48 AM
#8
Junior Member
Check it's Created date. It is legit.
-
November 27th, 2003, 01:51 PM
#9
ad-aware detects that same malware running on my machine, but it can't remove it cause it's being used.
But if you kill it through task manager you sys won't be able to run and it automatically reboots. (at least mine does that).
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|