Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


My Cpu Usage Is 100% And I Can't Restore

  • Please log in to reply
4 replies to this topic

#1 Angelkitty


  • Members
  • 1 posts
  • Local time:03:43 PM

Posted 19 March 2006 - 05:02 PM

everything is running slow but my AVG says i have no viruses. my CPU usage is 100% from only 2 processes. one file is something called lsass.exe and it is running at 63%. i have tried everything i can think of.

BC AdBot (Login to Remove)


#2 River_Rat


  • Members
  • 773 posts
  • Gender:Male
  • Location:SW Oklahoma - USA
  • Local time:03:43 PM

Posted 19 March 2006 - 05:16 PM

lsass.exe is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies. This program is important for the stable and secure running of your computer and should not be terminated.

Note: lsass.exe is a process which also relates to trojan and worm security threats spread via e-mails and peer-to-peer sharing networks such as Kazaa. The trojans allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. It is a registered security risk and should be removed immediately.

What is the other program using all the resources??

Lets do some cleaning.

See this article:
Taking out the trash

See this article:
The Parasite Fight

Show all Files & Folders

Run these free tools.

McAfee AVERT Stinger

Trendmicro (free virus scan only)

Ewido (free Trojan Scan) (Win2000 & XP only)

Adware SE (update after installing)

Spybot S&D (update after installing)

After doing this and the problems are not better feel free to post a HJT log.
Be sure to read the Preparation Guide for use before posting a HijackThis Log and submit it to the appropriate forum. HJT Forum links provided below.

Preparation Guide for use before posting a HijackThis Log http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

HJT Forum

#3 usasma


    Still visually handicapped (avatar is memory developed by my Dad

  • BSOD Kernel Dump Expert
  • 25,091 posts
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:04:43 PM

Posted 20 March 2006 - 09:37 AM

There was an exploit that involved lsass.exe. Do you have SP2 installed on your system?
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#4 NEsince92


  • Members
  • 83 posts
  • Gender:Male
  • Local time:12:43 PM

Posted 20 March 2006 - 09:41 AM

Yup... if you don't have the lsass patch, you'll get infected with the sasser worm very quickly when browsing the web. As usasma said, make sure you have all available MS patches and service packs. You also might want to post a HiJackThis log in the appropriate forum.

#5 Enthusiast


  • Members
  • 5,898 posts
  • Location:Florida, USA
  • Local time:03:43 PM

Posted 20 March 2006 - 09:55 AM

If you are infected it's too late to install SP2, which is a Critical Update and not just a patch. You must completely clean the system before installing it or it will lead to more problems than you can believe.

If you think you are infected run Spybot and Adaware and then follow directions for downloading, installing Hijack This (in your root drive - not in a temp file) and posting a HJT log in the HJT FORUM.

Read the pinned post in our “HijackThis” forum, here
Carefully read and follow all directions explicitly.

Following instructions run a log, and post it in following HJT forum,
at this link. Include a brief description of your computer (ie, processor, amount of RAM, brand or motherboard, etc, and the problem you are experiencing.)

Do not as yet attempt to fix anything by yourself using Hijack This as even what may seem to be a small mistake can render your op system inoperable.
Some files when in one folder may be fine while in another may be malware.

A member of our HJT Team will analyze your log, make recommendations and offer assistance.

It may take a period of time to get a response to the log you posted because the members of our HJT Team are kept very busy.
Please be patient as this team is manned by volunteers. They will help you in order received as soon as possible.

Once you have posted your HJT log, please DO NOT make any additional posts in the HJT forum thread you created until you get a response from a member of our HJT expert team, and do not make any changes to your system (changes, including any attempted repairs, will make it different than displayed in the log you posted and therefore make your log inaccurate).

The first criteria they have when looking for logs that need replies are posts showing 0 replies. If you make an additional post, it will show as having 1 reply.
A team member, looking to see if a reply has been made might well assume another HJT Team member is already assisting you and might not open the thread to respond.

So, make your post and wait for a response from a team member.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users