Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

lsass.exe I read it could be malware ?


  • Please log in to reply
5 replies to this topic

#1 tokeno

tokeno

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:toronto
  • Local time:07:24 AM

Posted 04 August 2009 - 03:00 PM

First of all if I am in the wrong section I am sorry ...I am learning to use a port listener tcp view and I am queering the programs to see what is what and I have come across a lsass.exe wich i read could be a Trojan , worm ect I read it is a Local Security Authentication Server service or it could be malware . I have it in the listening section of this tool my Norton 360 does not pick anything up I would like to know should this be listening on 2 udp port's ? I am running win 7 rc

Edited by tokeno, 04 August 2009 - 03:02 PM.

A learned blockhead is a greater blockhead than an ignorant one.
Benjamin Franklin

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:24 AM

Posted 05 August 2009 - 09:21 PM

As long as it is in the C:\Windows\System32 You're safe
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 ComputerNutjob

ComputerNutjob

  • Banned
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 AM

Posted 05 August 2009 - 09:53 PM

Unless windows are popping up on your PC indicating that "The LSASS.exe process has been terminated unexpectedly. Windows will shut down in xx:xx:xx", you should be okay. If they are, You may be infected with the Sasser worm.

#4 tokeno

tokeno
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:toronto
  • Local time:07:24 AM

Posted 20 August 2009 - 06:06 PM

Thank you for the info it turns out everything is ok I was told by a someone that it was a worm but I do not have these symptoms you are telling me about so I asume all is good .
Thanks again
A learned blockhead is a greater blockhead than an ignorant one.
Benjamin Franklin

#5 Multi-Destiny

Multi-Destiny

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hell!
  • Local time:06:54 PM

Posted 23 August 2009 - 02:54 AM

Unless windows are popping up on your PC indicating that "The LSASS.exe process has been terminated unexpectedly. Windows will shut down in xx:xx:xx", you should be okay. If they are, You may be infected with the Sasser worm.


In case it is, what should one do?
SPECS:
Model: Compaq Presario SR1732IL x86-based
CPU: 256 MB RAM Pentium 4
ATI Radeon Xpress 200 graphics card
OS: Microsoft Windows XP Pro SP2

#6 tokeno

tokeno
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:toronto
  • Local time:07:24 AM

Posted 30 August 2009 - 02:32 PM

Hi I do thank you for the impute directed towards my first inquiry I was woundering since it showed this:
lsass.exe:716 TCP 0.0.0.0:49160 0.0.0.0:0 LISTENING
lsass.exe:716 TCPV6 [0:0:0:0:0:0:0:0]:49160 [0:0:0:0:0:0:0:0]:0 LISTENING (I have turned off the ipv6 in internet properties )

The thing that made me think it may be a virus is the information I found online I know believe half of what you see and a quarter of what you read but when I ran the same program on my laptop and this is where the discrepancies came up the lass.exe on my desktop show no state (listening) or port so I thought I would turn to the pro's since I am only still in college learning about these programs.

I relay do like the tool I am using it's called tcp view from www.sysinternals.com the tool is a free download if anyone is interested it allows you to see all in and outgoing udp and tcp packets it shows all ip addresses and ports being used .
Thanks to all
Tokeno-co

Edited by tokeno, 30 August 2009 - 02:36 PM.

A learned blockhead is a greater blockhead than an ignorant one.
Benjamin Franklin




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users