General discussion


What is lsass.exe? Is lsass.exe spyware or a virus?

By nazil dsouza ·
"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server. It generates the process responsible for authenticating users for the Winlogon service. Ok fine its a service which is actually needed but this morning as i came through a site be name lsass brought my *** to my feet..... which this site tags the proces as " lsass.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations " so people whats wrong with it I'm confused here is this process required or not..... errrrrrr

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by Old Guy In reply to What is lsass.exe? Is lsa ... This web page can give you a lot of information on processes that show up.

Collapse -

Our good friend Sasser

by DMambo In reply to What is lsass.exe? Is lsa ...

A worm known as Sasser ruined my birthday a couple years ago. It causes lsass.exe to crash. Link to Symantic's info page:

Collapse -

Depends on context

by AndyMcK In reply to What is lsass.exe? Is lsa ...

if you find lsass.exe in your %windows%\system32 directory this is most likely the genuine Microsoft process required for user logon and authentication. If you find it in a different location such as %windows% then this may be a virus/trojan. A scan with up-to-date AV software should confirm this.

This only shows that you cannot determine whether a file is malicious or not based solely on the filename.

Collapse -

never solely depend on the file name

by meson.storm In reply to Depends on context

I have found that most malware is renamed, this is done for many reasons, the most effective bieng defeating firewalls and permission lists, letting the nasty normally run without the user ever knowing and typically these machines are compromised zombie machines.

You certainly need to know where things are running from and most importantly why they are running.

Collapse -

what if?

by canawarz1 In reply to What is lsass.exe? Is lsa ...

what is i change the filename to notepad.exe or sth like that?..i guess somebody else mentioned this as well...if u suspect aything u must check it...and monitor it....nothing is as good as it seems....even if it has the well known good old ms guys' names....

Collapse -

lsass.exe overrun

by jim_stables In reply to what if?

lsass.exe is a legit file. But as mentioned in a previous post Sasser Worm. This worm and types like them, overrun lsass.exe and at times have even created a second exe lsasss.exe (note spelling difference). Attacking lsass.exe will not get you very far, it's just an indication. You could pick through and remove it a piece at a time. Quicker to use Ewido Anti Malware tool, for free or Spybot S&D, also for free.

Related Discussions

Related Forums