Lsass and lsass - Warhammer 40K Fantasy
 

Welcome to Librarium Online!

Join our community of 80,000+ members and take part in the number one resource for Warhammer and Warhammer 40K discussion!

Registering gives you full access to take part in discussions, upload pictures, contact other members and search everything!


Register Now!

User Tag List

+ Reply to Thread
Results 1 to 9 of 9

Thread: Lsass and lsass

  1. #1
    Son of Dorn Sanctus's Avatar
    Join Date
    Jan 2004
    Location
    Springfield, Mo
    Age
    31
    Posts
    949
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Reputation
    20 (x2)

    Lsass and lsass

    I have the latter in my system processes and google tells me that it is a trojan, however it will never let me go to the link. It tells me that it needs to be removed but I don't know how. My computer is really ****ed UP right now. I would really appreiciate the help from all you guys that know more about this than I do.

    <(^^)> <(^^<) (>^^)> ^(^^)^ Dance Kirby! Dance!

  2. Remove Advertisements
    Librarium-Online.com
    Advertisements
     

  3. #2
    Senior Member isitused's Avatar
    Join Date
    Jan 2004
    Location
    Santa Clarita, CA
    Age
    35
    Posts
    1,109
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    ReputationReputation
    47 (x3)

    Sounds to me like youve got some form of teh sasser worm on your PC. The Lsass.exe file is a system file that crashes after the worm rapes your computers porssesing power.
    Try downloading the Sasser removal tule from Symantec.
    You should also try running Ad-Aware to clean up any spy/ad where you may have picked up.

    Here is a link to the Symantec site that you can download the removal tool from.

    http://securityresponse.symantec.com...oval.tool.html


    hope this helps.
    -GM
    I put the Laughter back into Slaughter.
    Sons of Prometheus <click>
    Children of Murder <clic>

  4. #3
    Son of Dorn Sanctus's Avatar
    Join Date
    Jan 2004
    Location
    Springfield, Mo
    Age
    31
    Posts
    949
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Reputation
    20 (x2)

    I keep a updated version of Adaware running so I don't have to worry to much about spyware. One quick question for you though, how do I know which version of sasser my computer has? Or do I have to run each one?
    <(^^)> <(^^<) (>^^)> ^(^^)^ Dance Kirby! Dance!

  5. #4
    Senior Member Xiahou Dun's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Age
    32
    Posts
    696
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    ReputationReputationReputation
    54 (x2)

    I just downloaded and ran the sasser removal tool and it said it couldn't find the sasser worm on my system, but I can see the lsass.exe program right there in my processes. I also did a scan with ad-aware which didn't help. Any other ideas?
    "You challenge me knowing that I am Xiahou Dun!?"
    [SIGPIC][/SIGPIC]

  6. #5
    LO Zealot Corianis's Avatar
    Join Date
    Sep 2004
    Location
    Regional South Australia
    Age
    35
    Posts
    1,066
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    ReputationReputationReputationReputationReputation
    112 (x4)

    lsass.exe is a perfectly valid part of the operating system.
    It is not anything to worry about.
    The sasser worm adds a process called lsasss.exe (note the extra s) which is something to worry about.
    If you don't have lsasss.exe, you don't have the sasser worm and the problems your computer is experiencing have a separate cause.
    ___
    Greetings from Planet X, I hope you enjoy your day.
    Join us in the Librarium Online Chatroom

  7. #6
    Son of Dorn Sanctus's Avatar
    Join Date
    Jan 2004
    Location
    Springfield, Mo
    Age
    31
    Posts
    949
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Reputation
    20 (x2)

    No, lsass is not valid. Lsass is. lsass is the sasser worm. Acording to Microsoft.
    <(^^)> <(^^<) (>^^)> ^(^^)^ Dance Kirby! Dance!

  8. #7
    Senior Member isitused's Avatar
    Join Date
    Jan 2004
    Location
    Santa Clarita, CA
    Age
    35
    Posts
    1,109
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    ReputationReputation
    47 (x3)

    The removal tool will get all the versions listed on the site.

    When you Ctrl+alt+del and see the Lsass what is the mem usage? mine is running at about 1.000 so that should be about normal. if yours is drastically higher than id say its the sasser doing it. If not i think you need to explore other avenues.

    Any chance of getting a copy of Norton or semantic?
    -GM
    I put the Laughter back into Slaughter.
    Sons of Prometheus <click>
    Children of Murder <clic>

  9. #8
    LO Zealot Corianis's Avatar
    Join Date
    Sep 2004
    Location
    Regional South Australia
    Age
    35
    Posts
    1,066
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    ReputationReputationReputationReputationReputation
    112 (x4)

    Quote Originally Posted by Sanctus
    No, lsass is not valid. Lsass is. lsass is the sasser worm. Acording to Microsoft.
    Processes are not case sensitive; lsass.exe and Lsass.exe are one and the same.
    lsass.exe is part of the operating system which governs logon protocols.
    Stinger didn't find any trace of the sasser virus on his computer either. It is clean.

    EDIT: I decided to include a bit more info.
    The Sasser worm uses a process called lsasss.exe to send data to lsass.exe.
    Lsass.exe (capital letter for the beginning of a sentence) used to have a vulnerablity to buffer overflow, which is the technique used by the Sasser worm to infect systems. This vulnerablity has been fixed in an update from Microsoft a fair while ago. I suspect that the reference to lsass and the Sasser worm on the Microsoft website which you refer to (in future, when you do this post a link to ensure we know what you are referring to) is either the security alert here, or the security bulletin here.
    Last edited by Corianis; October 30th, 2005 at 05:24. Reason: Decided to include more information.
    ___
    Greetings from Planet X, I hope you enjoy your day.
    Join us in the Librarium Online Chatroom

  10. #9
    Son of Dorn Sanctus's Avatar
    Join Date
    Jan 2004
    Location
    Springfield, Mo
    Age
    31
    Posts
    949
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Reputation
    20 (x2)

    Quote Originally Posted by isitused
    Any chance of getting a copy of Norton or semantic?
    -GM

    First off thanks Corianis. The updates fixed my computer! On the Norton thing, I trashed my norton after it tryed to kill my internet connection because it was something that it hadn't seen before. I don't know why or how it just didn't like the ethernet cable that was running cable internet into my computer. I run McFee now.
    <(^^)> <(^^<) (>^^)> ^(^^)^ Dance Kirby! Dance!

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts