PDA

View Full Version : lsass.exe = sasser ???



anaroo
28-11-2004, 03:56 PM
I run w2k and there is a file lsass.exe in winnt\system32. does it mean i have 100% sasser worm on my computer or...? i have tested it with AV Kaspersky and sasser removal tools but result has aways been negative. The file is still there and running...

Thanks

Berryb
28-11-2004, 04:06 PM
Why not delete the file and reboot? If that does the trick then you have found the answer. If you want to put the file back just restore from recycle bin.

Mike
28-11-2004, 04:09 PM
No!

lsass.exe found in windows\system32 (or winnt\system32) is a Windows file (Local Security Authentication Server). Don't delete it.

See here.

Mike.

Berryb
28-11-2004, 04:15 PM
Well I was caught out there Mike. Not thinking straight today, you are correct and I should have known. To much alcohol last night I think!!

Mike
28-11-2004, 04:29 PM
> Well I was caught out there Mike. Not thinking
> straight today, you are correct and I should have
> known. To much alcohol last night I think!!

It happens :D

Mike.

anaroo
29-11-2004, 03:43 PM
Thanks guys i will keep it running.

Nighthawk
29-11-2004, 07:52 PM
disable from msconfig

drb1
30-11-2004, 03:00 AM
Anaroo,

Did you used to work at MANCO?

2k can run up to 2 instances of ls, AT ONCE.

Caution they are needed, but can be pirated/trojaned so must be checked carefully.

If you google and M/S carefully, there are severall articles on this.

D.