What is LMS.exe? Should I remove it?

LMS.exe is a legitimate executable that is run by Intel software, although it can also be hijacked by malware

LMS.exe is a legitimate non-system process that is usually installed together with Intel software and is a component of Local Manageability Service – a core service of Intel's active management technology. The application is typically pre-installed to home computers that use Intel graphics cards, and is located in C:\Program Files (x86), C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS or C:\Program Files (x86)\Intel\AMT. LMS.exe is designed for Windows 10, 8, 7, and XP, although it is not a mandatory file for the system to operate – so it can be uninstalled at any time.

LMS.exe should be accompanied by Microsoft .NET Framework (2.0 or 3.5), as these components are installed together. If the latter is missing, there is a high chance that malware has replaced or the component and is disguising as a legitimate process. In most of the cases, however, users will not notice any changes to their machines as the malicious software will function in the background without giving out any symptoms. Nevertheless, the LMS.exe virus could be identified by checking the file location and scanning the device with security software.

LMS.exe removal is not necessary, although its termination would not impact the operation of the Windows operating system in any way. However, the action would stop the functionality of Intel ME software, which could cause problems, as the file is responsible for communications between IANA-registered port numbers and the motherboard or the processor, which allows performing a remote diagnosis or repair.

Some users complained that LMS.exe caused high CPU usage spikes or other errors. While the former might indicate that the computer has been infected with coin-mining software Trojan.Win64.BitMin.aom or TROJ_GEN.R0EBC0SE117. This malware abuses the host machine's CPU power to mine cryptocurrency for cybercriminals and might result in hardware deterioration, high electricity bills, and slow operation of the computer, as well as lag when using computer-intensive tasks.

Trojans are particularly dangerous, as they might also include additional functionality and download additional payloads, such as ransomware. Therefore, it is extremely important to monitor your device and quickly fix the issues that might be connected to LMS.exe executable.

While the best way to check whether LMS.exe is malicious is by scanning it with anti-malware software, applications like FortectIntego can do the job of checking the purpose of the possibly affected Windows file. You can also check the location of the file, which would serve as a good indicator. If the executable is located in C:\WindowsFonts or C:\Windows, it is most likely a component of malware. Besides, you could check if Microsoft .NET Framework (2.0 or 3.5) is running on your machine, as lack of this software is also a sign of a virus infection.

To conclude, whether or not you need to remove LMS.exe depends on if it is related to the malware and whether you need the software the legitimate version is related to. If you are using Intel chipset and the file is not causing you any issues, you should leave it running.

Note: in 2017, security researchers found a privilege escalation vulnerability in Intel Server chipsets.^[1] Therefore, make sure you patch your Intel software with the latest updates to avoid CVE-2017-5689 vulnerability from being exploited.

Distribution methods of Trojans and other malware

Experts from novirus.uk^[2] warn that, essentially, any executable can be taken over by malware. While the scenario is unlikely, it does happen, and users often run malicious software for months or even years before it is finally detected and eliminated. This is because Trojans are usually programmed not to cause any suspicious signs on the host machine and remain hidden, performing tasks they were programmed to do (usually including the system into a botnet,^[3] logging keystrokes, proliferating other malware, etc.).

Therefore, it is vital to make sure that these stealthy infiltrators do not take over your machine and stop them before significant damage to the computer and personal safety is done. For that, please follow these simple tips:

• Install reputable anti-malware software and keep it updated;
• Patch your operating system and all the software installed on it with security updates;
• Use strong passwords for all your accounts;
• Protect your Remote Desktop with a secure password and do not use default port;
• Never open spam email attachments that ask for the macro function to be enabled or click on hyperlinks;
• Do not download software cracks/keygens;
• Practice safe browsing habits – avoid high-risk sites.

Do not remove LMS.exe if it is a legitimate component of Intel software

LMS.exe removal should only be performed if you are sure that the file is malicious or you no longer run/need Intel software anymore. Thus, before doing anything, you should run a full system scan with anti-malware program. System applications like SpyHunter 5Combo Cleaner, Malwarebytes might be helpful then. If the AV scan returns no positive malware results, it means that the executable is legitimate. On the contrary, however, LMS.exe removal will be mandatory and virus damage might be removed with FortectIntego.

Dealing with malware might sometimes be difficult, however, as it usually alters the way the operating system works – modifies the registry, changes the boot sequence, adds entries to the “hosts” file, tampers with security software, etc. Therefore, the best way to delete LMS.exe virus is by entering Safe Mode with Networking and performing a full system scan from there.