NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

lsass.exe

 
Extension: exe
 
2 Spyware.com recommends: SpeedUpMyPC Download
Fix lsass.exe Errors: Free Registry Download
lsass.exe is the Local Security Authority Service, which handles the Windows Security Mechanisms.

It verifies the validity of users logging on to your computer and generates the process responsible for authenticating users for the Winlogon service. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell.

Other processes that the user initiates inherit this token. lsass.exe is vital to the system and it is not possible to end this process using the Task Manager.

Located in "C:\WINNT\SYSTEM32\" on Windows 2000 and "C:\WINDOWS\SYSTEM32\" on Windows XP.

There are some parasites that uses lsass.exe filename to deceive the user:
Sasser Worm
W32.HLLW.Lovgate.C@mm
Mydoom
W32.Nimos.Worm

When the computer is infected with the parasite it displays a message:
"C:\windows\system32\lsass.exe terminated unexpectedly with status code 128. Your computer will now shut down in 60 seconds..."
Seconds counts to zero and shuts down the computer without user intervention. File lsass.exe is related to OnTarget. File lsass.exe is related to Pexmor. File lsass.exe is related to Rontokbro. lsass.exe also is an executable file that is responsible for launching parasites, loading main components of malicious programs and running a destructive payload. It is a significant part of a dangerous parasite, but can also function as a stand-alone threat. DO NOT run this file!
The lsass.exe file is installed and used by Satiloler, Satiloler.b, Satiloler.c, Satiloler.d, Satiloler.e, Crutle.b, Wowcraft.c.
The lsass.exe file usually runs the same named process. This process silently works in background and performs harmful actions. It remains active while lsass.exe is present in the system. Removing the file will immediately terminate a process and prevent it from running later. That is why you have to manually delete the lsass.exe file. If you cannot erase it, consider using recommended spyware removers, which will get rid of lsass.exe and associated parasites for you.
In some cases a presence of lsass.exe does not mean that your system is infected. The file may actually belong to some fully legitimate applications and therefore must stay intact. If you are in doubt, please scan the lsass.exe file using you regular spyware remover or antivirus program. lsass.exe is an executable file that is responsible for launching parasites, loading main components of malicious programs and running a destructive payload. It is a significant part of a dangerous parasite, but can also function as a stand-alone threat. DO NOT run this file!
The lsass.exe file is installed and used by Satiloler.f.
You have to delete the lsass.exe file immediately after you have found it. The parasite will continue to violate your privacy and harm your computer unless lsass.exe and all related objects will not be completely removed from the system. If you have difficulties erasing the file consider using an anti-spyware program.
Sometimes a presence of lsass.exe does not indicate that your computer is infected. It can be an essential system file or a file installed by harmless legitimate software and therefore may not pose any threat to your privacy and the system. Although such cases are quite rare, you should thoroughly examine lsass.exe before completely deleting or leaving it in the system.
Discuss lsass.exe in spyware removal Forum
Related files: system.bat, explorer.exe, smss.exe, command.com, service.com, system.com, win.com, csrss.exe, iexplorer.exe, mig2.exe, services.exe, shell.exe, smss.exe, winlogon.exe, mrhelloween.scr, empty.pif, application data.exe, av-prev.exe, controls.exe, exerun.exe, exeserv.exe, ex-plorer.exe, normal.exe, services.exe, 3d soccer.scr, leena.ini, leena.job, bandotbrobot.exe, blaut.exe, ble'e.exe, eminem.exe, exblorer.exe, karyaku.exe, kerne123.exe, servlogin.exe, shiemylova.exe, smahost.exe, smss.exe, winlogon.exe, winlogons.exe, imstrong.dll, comand.com, ghost.com, cmd.pif, regedit.pif, ssmedia.scr, application.exe, csrss.exe, data.exe, documents.exe, folderdata.exe, girls.exe, msinfo.exe, mstordb0.exe, my cv.exe, my data.exe, my girls.exe, pictures.exe, recycled.exe, regedit.exe, temp.exe, winlogon.exe, services.reg, tempservices.reg, cmd.pif, _system~.ini, ~[X].tmp, svchost.exe, msfsr.sys, [X].sys, aupdate.exe, IEXPLORE.EXE, luall.exe, mcupdate.exe, svchost.exe:svchost.exe, msfsr.sys, [X].sys, adobe global hack.exe, aim triton6.0.exe, alg.exe, aluscheduler.exe, cachemanxp.exe, calculator.exe, ccApp.exe, ccProxy.exe, csrss.exe, Dllhost.exe, floppy options.exe, important information.exe, kdb34894234.exe, limewirepro.exe, minesweeper.exe, motivebrowser.exe, msdtc.exe, myspace password cracker.exe, nopde.exe, NPROTECT.EXE, rundll32.exe, services32.exe, smss.exe, Spoolsv.exe, svchost.exe, system.exe, system idle process.exe, readme.exe, taskmanager.exe, virus scanner.exe, winlogon.exe, win32dll.exe, zlclient.exe, 123 copy dvd.exe, avp.exe, server.exe, hsvwer2.dll, md6media.dll, csrss.exe, dalang mistiq.exe, dokument.exe, hp bunga citri lestari.exe, kota p4hlawan.exe, lo5tword.exe, majnun was h3ere.exe, sma negeri 4.exe, smss.exe, Spoolsv.exe, svchost.exe, tugas.exe, windows [X1].exe, w32 wayang.exe, w4y4n9.exe, gatotkaca.scr, smss.exe, pagefile.pif, mm.gif, csrss.exe, services.exe, smss.exe, winlogon.exe, csrss.exe, cvt.exe, idtemplate.exe, inetinfo.exe, kangent.exe, services.exe, a.kotnorb.com, empty.pif, 3d animation.scr, smss.exe, bronstab.exe, eksplorasi.exe, ~dfa861.tmp, sempalong.exe


lsass.exe removal:

Described file lsass.exe is not related to the security threats.
However the same or similar file name can be used by spyware or adware programs to decept user. We advice you to scan your computer and eliminate possible threats.

Information added: 2004-03-19 10:00:00
Information updated: 2006-04-13 00:57:15

Additional resources related to lsass.exe:

Attention: If you know or you have a website or page about lsass.exe file, feel free to add a link to this list: add url
0
0
Guest.
1. by Guest. 07/09/2005. 12:09:48
if i use internet , it will shutdown the computer in 60 second
lsass.exe, how can i fix it
2005 10 31
0
0
Guest.
if i use internet , it will shutdown the computer in 60 second
lsass.exe, how can i fix it
2005 09 07
0
0
Guest.
we have a problem about lsass, can you help me? how i remove this virus?
2005 07 21
0
0
Guest.
We have a problem in our company determining what day and time the virus entered the PC, when and how it affects the lsass.exe and what virus affects such file. Is it possible? we have until june 22, 2005, 0900 AM to know this or we will be fined. Pls help us
2005 06 21
0
0
Guest.
"system is shutting down. any unsaved changes will be lost. initiated by NT AUTHORITYSYSTEM
2005 06 14
0
0
Guest.
this file is terminate unexpedly and computer restart again and again .
please tell me what to do to resolve this problem.
thanks alot.
2005 06 12
0
0
Guest.
do I need to allow lsass to connect to the internet?
2005 06 11
0
0
Guest.
When I try downloading any file it gives me an error that my current security settings do not allow this file to be downloaded..I tried downloading the lsass.exe scanner & remover and am getting the same error..Active x control is enabled also..any one have a fix
2005 06 10
0
0
Guest.
Once the box comes up telling you your system is going to shutdown, go to run, then type in cmd.exe once a black box comes up. Type in "shutdown -a" (without quotes). And this will stop your computer from shutdown. THEN DELETE THE FILE USING lsass.exe its really not that hard. But this is a quick fix to stop the shutdown. ; )
2005 06 10
0
0
Guest.
How can i get in to Windows, an dhow can i get this virus deleted ?
2005 06 01
0
0
Guest.
We have the same problem. Have you found any solutions?
2005 05 23
0
0
Guest.
When I turn on my computer it does not allow me to get into windows. It says "Invalid parameter was passed to a service or function" "lsass.exe system error."

How can I fix this problem?
2005 05 23
0
0
Guest.
warning! i got a trojan on my system from downloading the free worms virus scan from www.Stop-Sign.com

remove the link!
2005 05 16
0
0
Guest.
Hello i need some help here, how to get rid of all the spyware that is on my computer, my homepage has been changed, cant change it back, all the process are running really slow, it gets really anoying to use my computer lately.
Please Help
Thank you
2005 05 04
0
0
Guest.
System will not completely boot, message window appears "lsass.exe - System Error An invalid parameter was passed to a service or function" I have up-to-date Symantec AV and Webrot Spyware. I click OK and it tries to boot abain, never succeeding. Virus? Worm? Anyone else see this or any suggestions to repair?

Robert
2005 05 04
0
0
what can I do if I accidentaly deleted lsass.exe (while i was on the other OS installed ) . i deleted lsass.exe from XP ... now my computer boots on XP , but after the boot , it displays a black screen . what should i do ?
2005 03 28
0
0
Jonathan.
to Jen: hey ur PC is shutting down coz it is a virus or something like tat...i also have tis problem and it may is sasser worm,to stop the shutdown cycle go to Start and run and type cmd and ok...then at the prompt type shutdown.exe -a and enter...
1999 11 30
0
0
Fenelon.
digite shutdown -a na linha de comando para interromper o desligamento.

Use o arquivo Windows-KB890830-V1.2-PTB.exe para remover o virus. Este arquivo serve para o XP, 2000 e 200 server.
2005 03 14
0
0
yusuf.
sir,
I am having problem with my member server its not starting the services of wins and rpc but anyhow i trace the problem and i found the problem in regedit with rpcss service when i change the value of key from 2 to 4 its start wins and rpc but its shows server srivices starting,,but acutally its does not start now any can please help me on the same
2005 03 14
0
0
Khushi.
I have 3 lsass.exe in

C:WindowsSystem32
C:WindowsServicePackFilesI386
LSASS.exe in C:I386

Is that safe? Or only one in C:WindowsSystem32 is needed .......? Thanks
2005 03 11
0
0
gabriela.
hola soy gabriela y tengo ese grave problema con mi maquina el de este virus me dieron unas heramientas para eliminarlo y no me funcionan ayudenme porfavor es urgente
2005 03 09
0
0
jen.
"system is shutting down. any unsaved changes will be lost. initiated by NT AUTHORITYSYSTEM<br />
Time before shutdown: 59 seconds<br />
the system process 'C:WINDOWSsystem32lasass.exe' ternimated unexpectedly with status code -1073741819 the system will now shut down and restart
2005 03 09
0
0
Siphiwe Ndlovu.
This file is taking 99%of my process
2005 03 08
0
0
Artist.
You may need to get your recovery CD out and re-install windows. When you reboot you will most likely get an error in lsass.exe not found. The machine will no longer boot if this happens. First go to MicroSoft and get the full instructions on repair/ re-installing WindowsXP. You will then need to boot from the recovery CD and attempt a repair. Press F8 to agree to the licencing agreement. Choose the second repair screen NOT the first one. It will get you nowhere! Just press enter at the first screen, then press R at the second screen. The process will begin. Expect a long haul on this one. Maybe overnight if you plan to download all of the now missing windows updates and crital updates.
2005 02 23
0
0
Jeroen.
i thought that the lsass.exe was a virus and so deleated it form my computer by going into C:WINDOWSSYSTEM32 will deleating this file seriosly harm my computer or not?<br />
<br />
And if it does is there anywere were i can download a new lsass.exe??
2005 02 16
0
0
alexander.riquelma@mainmail.net.
Alexander, reparte este docuemnto puede ser de interes
2005 02 11

Post Comment:

Attention: Use this form only if you have additional information about lsass.exe parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
Home page Name



«


* All field required

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Latest spyware news:
Subscribe to news

Related discussions:
Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2 HijackThis Log Analyzer Beta 2

Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.