karath Posted August 5, 2007 Posted August 5, 2007 Alright, for the computer savvy only guys. My friend's computer is messed up and needs serious fixing, and I think it is because of a process called lsass.exe running under "USER" instead of "SERVICES". Can anyone give me a fix? Quote
rod91 Posted August 6, 2007 Posted August 6, 2007 Well... define "messed up" . For me lsass runs as system, and I can see how it being otherwise can cause trouble. Since it's lsass running as a system process, you can't terminate it or do anything about it for all I know, I've yet to encounter that problem. Worst case scenario, it would involve re-installing windows. Since I'm not sure how "messed up" the PC is, all I suggest is grab a copy of BartPE or some other OS you can run live and backup all your data. This is just worst case scenario, anyways. I'm sure with a bit more information I could help you better Quote
karath Posted August 6, 2007 Author Posted August 6, 2007 As in, there are two lsass.exe processes, one under SYSTEM and the other one under ADMIN. I'm pretty sure the ADMIN one is not suppose to be there, because its meant to be under SYSTEM... i want to know how to remove it. Quote
ShannenName Posted August 6, 2007 Posted August 6, 2007 End process, then search your computer for lsass.exe and delete the one not under a system folder Quote
rod91 Posted August 6, 2007 Posted August 6, 2007 Yeah, that's probably some rouge service installed under that name so it's more discrete. If it is possible, run your PC in safe mode, that should stop the rogue process from starting up. Then either search for it, or run an AV to solve the issue. Quote
karath Posted August 7, 2007 Author Posted August 7, 2007 Yeah, that's probably some rouge service installed under that name so it's more discrete. If it is possible, run your PC in safe mode, that should stop the rogue process from starting up. Then either search for it, or run an AV to solve the issue. Okay... thanks for the info Shannenname, the process can't be ended because the DLL is still running. Can Kaspersky run in Safe Mode? Quote
rod91 Posted August 7, 2007 Posted August 7, 2007 I'm guessing it should. Most AVs have the capability to run in safe mode for this exact same reason Quote
karath Posted August 9, 2007 Author Posted August 9, 2007 Okay, thanks for all the help guys I'll do it on my friends comp as soon as I go over Quote
agaz Posted August 16, 2007 Posted August 16, 2007 well it might be not real Issas.exe, instead a virus using lssas as its name, "I" and "l" is different, rite? Quote
dna2243 Posted August 16, 2007 Posted August 16, 2007 Sounds like Sasser to me. When it first came out, it was pretty rampant, but that was a few years back. If it is sasser, it typically makes a new process with some variation of lsass... lssass, lsass Quote
karath Posted August 18, 2007 Author Posted August 18, 2007 Okay, thanks for all the help guys, but the problem has been fixed Quote
Marc. Posted August 19, 2007 Posted August 19, 2007 It was probably some kind of virus. As agaz pointed out, the "I" and "l" are not the same. Quote
ShannenName Posted August 21, 2007 Posted August 21, 2007 And for anyone reading this with future virus problems download Unlocker at http://ccollomb.free.fr/unlocker/#download Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.