Results 1 to 13 of 13

Thread: lssas.exe

  1. #1
    2 Star Lounger
    Join Date
    Oct 2001
    Location
    Lanarkshire, Scotland
    Posts
    120
    Thanks
    9
    Thanked 6 Times in 5 Posts

    lssas.exe

    Is this a virus or worm----- lssas.exe?

    I am in the process of moving my programs and settings from my old pc to a new pc. I purchased software PC Mover in the hope that the transfer would be simple. However during the process I received a message ;The system is shutting down. Save all work etc. This shutdown was initiated by NT Authority/System message The system process G:Windowssystem32lsass.exe terminated unexpectedly with status code -1073741674. System will shut down and restart.
    I was unable to use this software as even with a clean boot on both pc's before process it still shuts down. Tried several solutions and have now discovered when I look at the start up program panel by Mike Lin there is an entry under HKLM/RUN - Run these programs from the HKEY_LOCAL_MACHINE (all users) Run registry key.

    Name lssas Monitoring Startup Path lssas.exe

    According to the web this lssas.exe in nothing to do with Microsoft (lsass.exe) and likely to be a worm. I have scanned with ZA suite for virus/spyware but shows pc okay. I have also did a search for lssas.exe on the pc again with no results.

    I do not know if this file is causing pcmover to crash but can anyone advise if I can safely delete this file from my pc or is there a specific way to remove this? The icing on the cake would be if anyone can tell me why my system is shutting down when using pcmover. Their tech dept is trying without success so far.

    Any advice appreciated. Thanks
    Attached Images Attached Images

  2. #2
    2 Star Lounger
    Join Date
    Oct 2001
    Location
    Lanarkshire, Scotland
    Posts
    120
    Thanks
    9
    Thanked 6 Times in 5 Posts

    Re: lssas.exe

    Screen shot of error message if this is of any help.
    Attached Images Attached Images

  3. #3
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: lssas.exe

    The lssas.exe file is an essential Windows System file, that should only be located in your Windows|system32 folder and the WFP folder.
    Any other location indicates it is a worm or virus. But Symantec has a removal tool available that you can run to remove the virusworm. You can run it OK even if you don't have the virus and it is a good way to insure the validity of the REAL lsass.exe file.

    Download it from SYMANTEC

    BTW, there may be some confusion between Isass.exe and lsass.exe. The proper system file is with the letter L (ell) for Larry not the letter I (eye ) for Item. They will look the same on some fonts.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  4. #4
    2 Star Lounger
    Join Date
    Oct 2001
    Location
    Lanarkshire, Scotland
    Posts
    120
    Thanks
    9
    Thanked 6 Times in 5 Posts

    Re: lssas.exe

    Thanks for that viking. Shall give it a go. Don't understand why ZA did not remove or flag this.

  5. #5
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: lssas.exe

    If you are talking about the regular ZA firewall, it probably wouldn't catch it. It's part of the "Sasser" type worm and is insidious and hard to remove <img src=/w3timages/censored.gif alt=censored border=0>
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  6. #6
    2 Star Lounger
    Join Date
    Oct 2001
    Location
    Lanarkshire, Scotland
    Posts
    120
    Thanks
    9
    Thanked 6 Times in 5 Posts

    Re: lssas.exe

    I have the latest ZA security suite. Recently my pc did start to reboot in a loop and I thought it was caused with Norton Goback clashing with Acronis (see post 640,211 23-Mar-2007) but from what you say it may be this worm. Shall keep you posted. Thanks

  7. #7
    2 Star Lounger
    Join Date
    Oct 2001
    Location
    Lanarkshire, Scotland
    Posts
    120
    Thanks
    9
    Thanked 6 Times in 5 Posts

    Re: lssas.exe

    Downloaded the removal tool and documentation but having a slight problem confirming the digital signature. As instructed downloaded the chktrust.exe file and then went to the command prompt to verify. According to the instructions I should have received the following if valid "Do you want to install and run W32.Sasser Removal Tool signed on ________and distributed by :Symantec Corporation." I do not get any message at the prompt, only a window security warning. I also checked on the Trusted Publishers tab for Symantec Corporation but there was no sites here. There was however under the Trusted Root Certification authorities one issued to Symantec Root CA. I do not have any Symantec programs on my pc.
    Is it safe to remove this from here and should I go ahead and run the tool even though I cannot confirm digital signature as per documentation?
    Hope I am not being too cautious but do not want to experience earlier problems of pc looping.
    Comments and advice appreciated.
    Attached Images Attached Images

  8. #8
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: lssas.exe

    Go ahead and run it.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  9. #9
    2 Star Lounger
    Join Date
    Oct 2001
    Location
    Lanarkshire, Scotland
    Posts
    120
    Thanks
    9
    Thanked 6 Times in 5 Posts

    Re: lssas.exe

    Thanks Viking, I went ahead and run the program but it did not find any virus/worm on the pc.
    Mystery why I received the error message but I just went ahead and reinstalled my programs and settings the old fashioned way and I am back up and running with new pc. At least it rules out the virus/worm which was good.
    Cheers.

  10. #10
    Lounger
    Join Date
    Feb 2008
    Posts
    27
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: lssas.exe

    Edited by HansV to reduce screenshot in size - please don't post pictures larger than 640x480

    Looking at the shutdown message, since this is in Windowssystem32,it would be a Windows system file.
    Edit:I have a picture showing that I also have it.
    Note that I have info, it says Microsoft Corporation, so it shouldn't be harmful.
    Attached Images Attached Images
    • File Type: jpg x.jpg (55.7 KB, 1 views)

  11. #11
    4 Star Lounger
    Join Date
    Feb 2004
    Location
    Saint Charles, Missouri, USA
    Posts
    565
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: lssas.exe

    For what it is worth, I had a similar situation but WAS a virus.

    The file ISSAS.exe (with first letter "EYE") is a valid file name. lSSAS.EXE (with first letter LOWER case "L") WAS the VIRUS. Both file names look he same and one does cause problems. Fortunately my antivirus software was smarter than me and corrected the problem.
    Scott

  12. #12
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: lssas.exe

    Actually, LSASS.EXE is a Windows system file from Microsoft (the name stands for Local Security Authority Subsystem Service), while ISASS.EXE (isass.exe) is malware.

  13. #13
    4 Star Lounger
    Join Date
    Feb 2004
    Location
    Saint Charles, Missouri, USA
    Posts
    565
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: lssas.exe

    <img src=/S/woops.gif border=0 alt=woops width=58 height=36> <img src=/S/stupidme.gif border=0 alt=stupidme width=30 height=30> This is what I get for cut and paste and not paying attention to order.

    Thanks for the <img src=/S/bash.gif border=0 alt=bash width=35 height=39> er correction ! ! ! ! !

    <img src=/S/cheers.gif border=0 alt=cheers width=30 height=16>
    Scott

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •