Help
This post has been edited by tokeno: 04 August 2009 - 03:02 PM
Page 1 of 1
lsass.exe I read it could be malware ?
#1
- New Member
-
- Group: Members
- Posts: 13
- Joined: 22-March 09
- Gender:Male
- Location:toronto
Posted 04 August 2009 - 03:00 PM
First of all if I am in the wrong section I am sorry ...I am learning to use a port listener tcp view and I am queering the programs to see what is what and I have come across a lsass.exe wich i read could be a Trojan , worm ect I read it is a Local Security Authentication Server service or it could be malware . I have it in the listening section of this tool my Norton 360 does not pick anything up I would like to know should this be listening on 2 udp port's ? I am running win 7 rc
A learned blockhead is a greater blockhead than an ignorant one.
Benjamin Franklin
Benjamin Franklin
Back to top
#2
- Computer Masochist
-
- Group: Staff Emeritus
- Posts: 27,809
- Joined: 27-January 07
- Location:Cleveland, Ohio
Posted 05 August 2009 - 09:21 PM
As long as it is in the C:\Windows\System32 You're safe
Mark
why won't my laptop work?
Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter
why won't my laptop work?
Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter
#3
- Member
-
- Group: Banned
- Posts: 125
- Joined: 07-May 09
- Gender:Male
Posted 05 August 2009 - 09:53 PM
Unless windows are popping up on your PC indicating that "The LSASS.exe process has been terminated unexpectedly. Windows will shut down in xx:xx:xx", you should be okay. If they are, You may be infected with the Sasser worm.
#4
- New Member
-
- Group: Members
- Posts: 13
- Joined: 22-March 09
- Gender:Male
- Location:toronto
Posted 20 August 2009 - 06:06 PM
Thank you for the info it turns out everything is ok I was told by a someone that it was a worm but I do not have these symptoms you are telling me about so I asume all is good .
Thanks again
Thanks again
A learned blockhead is a greater blockhead than an ignorant one.
Benjamin Franklin
Benjamin Franklin
#5
- Member
-
- Group: Members
- Posts: 19
- Joined: 09-July 09
- Gender:Male
- Location:Hell!
Posted 23 August 2009 - 02:54 AM
ComputerNutjob, on Aug 6 2009, 08:23 AM, said:
Unless windows are popping up on your PC indicating that "The LSASS.exe process has been terminated unexpectedly. Windows will shut down in xx:xx:xx", you should be okay. If they are, You may be infected with the Sasser worm.
In case it is, what should one do?
SPECS:
Model: Compaq Presario SR1732IL x86-based
CPU: 256 MB RAM Pentium 4
ATI Radeon Xpress 200 graphics card
OS: Microsoft Windows XP Pro SP2
Model: Compaq Presario SR1732IL x86-based
CPU: 256 MB RAM Pentium 4
ATI Radeon Xpress 200 graphics card
OS: Microsoft Windows XP Pro SP2
#6
- New Member
-
- Group: Members
- Posts: 13
- Joined: 22-March 09
- Gender:Male
- Location:toronto
Posted 30 August 2009 - 02:32 PM
Hi I do thank you for the impute directed towards my first inquiry I was woundering since it showed this:
lsass.exe:716 TCP 0.0.0.0:49160 0.0.0.0:0 LISTENING
lsass.exe:716 TCPV6 [0:0:0:0:0:0:0:0]:49160 [0:0:0:0:0:0:0:0]:0 LISTENING (I have turned off the ipv6 in internet properties )
The thing that made me think it may be a virus is the information I found online I know believe half of what you see and a quarter of what you read but when I ran the same program on my laptop and this is where the discrepancies came up the lass.exe on my desktop show no state (listening) or port so I thought I would turn to the pro's since I am only still in college learning about these programs.
I relay do like the tool I am using it's called tcp view from www.sysinternals.com the tool is a free download if anyone is interested it allows you to see all in and outgoing udp and tcp packets it shows all ip addresses and ports being used .
Thanks to all
Tokeno-co
lsass.exe:716 TCP 0.0.0.0:49160 0.0.0.0:0 LISTENING
lsass.exe:716 TCPV6 [0:0:0:0:0:0:0:0]:49160 [0:0:0:0:0:0:0:0]:0 LISTENING (I have turned off the ipv6 in internet properties )
The thing that made me think it may be a virus is the information I found online I know believe half of what you see and a quarter of what you read but when I ran the same program on my laptop and this is where the discrepancies came up the lass.exe on my desktop show no state (listening) or port so I thought I would turn to the pro's since I am only still in college learning about these programs.
I relay do like the tool I am using it's called tcp view from www.sysinternals.com the tool is a free download if anyone is interested it allows you to see all in and outgoing udp and tcp packets it shows all ip addresses and ports being used .
Thanks to all
Tokeno-co
This post has been edited by tokeno: 30 August 2009 - 02:36 PM
A learned blockhead is a greater blockhead than an ignorant one.
Benjamin Franklin
Benjamin Franklin
Share this topic:
Page 1 of 1