Discussion in 'PC hardware help' started by Whitelion, Oct 5, 2004.
can someone help me cause I don't have a F**k'en clue what Isass.exe is.
Put it in a Google search and all will be revealed
Thanks but I was hoping someone can tell me if it was a virus or something else.
It stands for:
Local Security Authentication Server - Lsass
What does it do?
lsass.exe - It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.
You will not be able to end this through task manager!
The lsass.exe which is from Microsoft is located at c:\windows\System32\lsass.exe . there's a few viruses that have been found to run as lsass to hide from you.
W32.HLLW.Lovgate.C@mm - Symantec Corporation
W32.Mydoom.L@mm - Symantec Corporation
W32.Nimos.Worm - Symantec Corporation
W32.Sasser.E.Worm (Lsasss.exe) - McAfee
These virus are know to embed themselves with it and cause your PC to do strange things, the common one is to keep shutting your PC down and opening up hundreds of windows.....illegals etc......
Lsass.exe IS not a VIRUS...............but it is a major application for which hackers have found a way in through.........
Hope this helps...........
As indicated previously - do a Google search - all will be revealed. It is a Trojan that should be removed from your system. A Google search will inform you how to do same.
It is NOT a trojan, but the viruses going around infect it and pose as it.............
Sasser is the most common one as derived from it's name.......................
There are loads of free scan tools available that check for it.
One that I use regularly is called AVERT stinger by Mcaffee available as a free download from http://vil.nai.com/vil/stinger/
baabaa is right. The file itself is not a trojan. There is a buffer overflow vulnerability in the lsass.exe if you haven't patched it by using Windows Update. There has been a patch out since April but as usual many people haven't applied the fix.
As far as what it does, it is an authentication server used by the winlogin process to log onto windows.
Separate names with a comma.