Jump to content

Recommended Posts

Posted

Alright, for the computer savvy only guys. My friend's computer is messed up and needs serious fixing, and I think it is because of a process called lsass.exe running under "USER" instead of "SERVICES". Can anyone give me a fix?

 

Posted

Well... define "messed up" . For me lsass runs as system, and I can see how it being otherwise can cause trouble.

 

Since it's lsass running as a system process, you can't terminate it or do anything about it for all I know, I've yet to encounter that problem.

 

Worst case scenario, it would involve re-installing windows.

Since I'm not sure how "messed up" the PC is, all I suggest is grab a copy of BartPE or some other OS you can run live and backup all your data. This is just worst case scenario, anyways.

 

I'm sure with a bit more information I could help you better ;)

Posted

As in, there are two lsass.exe processes, one under SYSTEM and the other one under ADMIN. I'm pretty sure the ADMIN one is not suppose to be there, because its meant to be under SYSTEM... i want to know how to remove it.

Posted

End process, then search your computer for lsass.exe and delete the one not under a system folder

Posted

Yeah, that's probably some rouge service installed under that name so it's more discrete.

 

If it is possible, run your PC in safe mode, that should stop the rogue process from starting up. Then either search for it, or run an AV to solve the issue.

Posted
Yeah, that's probably some rouge service installed under that name so it's more discrete.

 

If it is possible, run your PC in safe mode, that should stop the rogue process from starting up. Then either search for it, or run an AV to solve the issue.

 

Okay... thanks for the info :)

 

Shannenname, the process can't be ended because the DLL is still running.

 

Can Kaspersky run in Safe Mode?

Posted

well it might be not real Issas.exe, instead a virus using lssas as its name, "I" and "l" is different, rite?

Posted

Sounds like Sasser to me. When it first came out, it was pretty rampant, but that was a few years back. If it is sasser, it typically makes a new process with some variation of lsass... lssass, lsass

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...