1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Isass.exe

Discussion in 'PC hardware help' started by Whitelion, Oct 5, 2004.

  1. Whitelion

    Whitelion Member

    Joined:
    Oct 1, 2004
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    can someone help me cause I don't have a F**k'en clue what Isass.exe is.
     
  2. colw

    colw Active member

    Joined:
    Apr 25, 2004
    Messages:
    1,735
    Likes Received:
    0
    Trophy Points:
    66
    Put it in a Google search and all will be revealed
     
  3. Whitelion

    Whitelion Member

    Joined:
    Oct 1, 2004
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    Thanks but I was hoping someone can tell me if it was a virus or something else.
     
  4. baabaa

    baabaa Active member

    Joined:
    Jan 7, 2003
    Messages:
    2,217
    Likes Received:
    0
    Trophy Points:
    66
    It stands for:

    Local Security Authentication Server - Lsass

    What does it do?
    lsass.exe - It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.

    You will not be able to end this through task manager!

    The lsass.exe which is from Microsoft is located at c:\windows\System32\lsass.exe . there's a few viruses that have been found to run as lsass to hide from you.


    W32.HLLW.Lovgate.C@mm - Symantec Corporation
    W32.Mydoom.L@mm - Symantec Corporation
    W32.Nimos.Worm - Symantec Corporation
    W32.Sasser.E.Worm (Lsasss.exe) - McAfee

    These virus are know to embed themselves with it and cause your PC to do strange things, the common one is to keep shutting your PC down and opening up hundreds of windows.....illegals etc......

    Lsass.exe IS not a VIRUS...............but it is a major application for which hackers have found a way in through.........

    Hope this helps...........
     
  5. colw

    colw Active member

    Joined:
    Apr 25, 2004
    Messages:
    1,735
    Likes Received:
    0
    Trophy Points:
    66
    As indicated previously - do a Google search - all will be revealed. It is a Trojan that should be removed from your system. A Google search will inform you how to do same.
     
  6. baabaa

    baabaa Active member

    Joined:
    Jan 7, 2003
    Messages:
    2,217
    Likes Received:
    0
    Trophy Points:
    66
    It is NOT a trojan, but the viruses going around infect it and pose as it.............

    Sasser is the most common one as derived from it's name.......................

    There are loads of free scan tools available that check for it.
    One that I use regularly is called AVERT stinger by Mcaffee available as a free download from http://vil.nai.com/vil/stinger/
     
  7. Xian

    Xian Regular member

    Joined:
    Jun 27, 2003
    Messages:
    956
    Likes Received:
    0
    Trophy Points:
    26
    baabaa is right. The file itself is not a trojan. There is a buffer overflow vulnerability in the lsass.exe if you haven't patched it by using Windows Update. There has been a patch out since April but as usual many people haven't applied the fix.
    http://securityresponse.symantec.com/avcenter/security/Content/10108.html

    As far as what it does, it is an authentication server used by the winlogin process to log onto windows.
     
    Last edited: Oct 7, 2004

Share This Page