What is lsass.exe? Should I remove it?

by Alice Woods - -

lsass.exe – a safe Windows file which name can be used by malware

lsass.exe is a legitimate Windows process known as Local Security Authority Service. It’s a critical system file created by Microsoft corporation which is responsible for managing important tasks such as:

  • security policies enforcement
  • user login verification to Windows computer or server;
  • handling password changes,
  • creating access tokens.

Originally, the lsass.exe file is located in “C:\WINDOWS\SYSTEM32\” and cannot be ended using Windows Task Manager. If you terminate this task, it may lead to various computer-related problems. Thus, doing that is not recommended.

However, if you find this file located in a different directory or it uses lots of computer’s CPU, it might be the sign that your computer is infected. Unfortunately, cyber criminals often use the names of legitimate files to install or run malware on the computer.

Some parasites, for example, Sasser worm, use the lsass.exe filename to deceive the user by hiding their processes under the name of this file. The same filename is used by OnTarget, Pexmor, Rontokbro, Satiloler, Crutle, Wowcraft and other variants of these malware parasites.

Criminals have bene noticed using an obfuscated name of the lsass.exe where they used lowercase “l” instead of a capital “I.” In this way, inattentive computer users can be quite easily tricked by this hoax.

You can suspect that your computer is infected if you also noticed these symptoms:

  • the general sluggishness of the computer;
  • crashing or unresponsive programs;
  • an increased amount of ads;
  • browser redirects to questionable sites;
  • errors popping up on the screen;
  • installation of unknown programs or browser extensions.

So, you may have a virus that runs the same named process and silently works in the background and performs harmful actions. To check your PC, run a full system scan with reputable anti-malware programs. We recommend using Reimage and Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus.

Malicious executable might be dropped on the system after one inattentive click

Original lsass.exe file arrives on the system together with Windows OS. However, the malicious file can be dropped using a couple of methods, for example:

  • when a user opens a malicious email attachment;
  • when malware-laden ad tricks into installing fake software or its update;
  • when users download illegal or cracked content;
  • when browsing via insecure websites.

Therefore, users are advised to be careful when browsing the web and especially downloading content from unknown sources. Always download software or updates from trusted developer’s websites.

Additionally, you should not rush opening unknown email attachments, links or other received files on messaging apps or social networks.

Remove malicious lsass.exe file

Before you proceed with lsass.exe removal, you have to make sure that this file is actually malicious. If you accidentally delete a legit executable, your computer’s work will be disturbed. As a result, you will need to deal with computer-related problems.

For this reason, if you suspect that your PC is infected, you should scan the system with Reimage or another malware removal program. Security software will check the system and remove lsass.exe together with other suspicious components if needed.

verdict - status of the file:
diagnosis required
Advice: If your computer seems sluggish, or you are suffering from unwanted advertisements and redirects to unknown websites, we highly recommend you to scan it with reputable anti-spyware program. Do some FREE scan tests and check the system for unwanted applications that might be responsible for these problems.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software you agree to our privacy policy and agreement of use.
do it now!
Problem diagnosis program Happiness
Problem diagnosis program Happiness
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is a recommended tool to scan your system for possible threats and crappy software. The trial version of the product will find harmful applications in your system.
More information about this program can be found in Reimage review.
Press mentions on Reimage

About the author

Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions

Removal guides in other languages