I can't exactly remember the name of this file but here is the situation. I reinstalled the OS on this laptop I have. Old POS. Put on win 2k. I was doing my second windows update, before getting a anti-virus on there, when this file (I believe it to be called) lssas.exe, I know its in the windows/system32 folder but it cause the system to shutdown in 1min and it was one of those windows I had no control over. Anywho, I was hoping the update would finnish its update/install but it didn't. Now the system restarts everytime it passes the "Welcome to Windos 2000" screen, just before the password prompt.
Is there a way to fix this or should I just not worry and reinstall the os again?


Jason

Lsass.exe is a legitimate windows program. It's the Local Security Authentication Server. There are some viruses that name themselves the same as that in alternate locations on your system or have variations on that name.

The legitimate one will be spelled lsass.exe and will be located in:

C:\WinNT\System32\LSASS.exe on Win2000

and

C:\Windows\System32\LSASS.exe on Win2003/WinXP

k, I will try and get into safe mode and go on a deleteing spree


Jason

The 1 minute shutdown is caused (most likely) by a virus called MyDoom. There is a removal tool at Symantec. (It worked for me)

If your system is connected to the internet/network, make sure you disconnect it before you restart. I had the problem once and it was a virus. You can find patches on the symmantec site. Also make sure you install the security updates from microsoft site. If i find the name of the patch i might edit this post later and include it so it'll be easier to find.

As has been stated, the LSASS.EXE is a legitimate program... Some fiendish virus writers created the Sasser Virus - which replaces the .dll file associated with the LSASS file.

LSASS is called whenever you connect to the internet, and as you see it causes your PC to shutdown pretty quickly afterwards (caused by a buffer overflow).

To fix, you need to get a hotfix from Microsoft (through a seperate computer) - this removes the vulnerability that let the thing in the first place, and should also replace the .dll file with the correct one.
The stinger from NAI (www.nai.com) will clear anything else that my have been affected (registry entries, etc)

Can anyone please help me? my lsass.exe on task manager is using 99 CPU all the time and making my computer so slow it aint funny. Please someone help me

Read this page (http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html). It explains what you must do to fix it. Read it thoroughly, there is a patch you need to install from microsoft, this page tells you what to do to stop your system from restarting and should give you enough time to download the patch.

...or install Service Pack 2, as it contains the MS04-11 fix for this.

Well..to put it plainly - you have teh sasser work..:eek:

your best bet is to just reformat and reinstall again, then before installing any other software, put the latest version of a AVS on there.

never get around without protection, never know what u will catch! - write that down

You don't necessarily need anti virus software if you take necessary precuations to tighten security on your computer - bullet proof IE, install latest service packs and updates, don't use IE, avoid dodgy websites and downloading anything which could compromise your PC, use a decent HARDWARE firewall...etc. However AV software is still necessary IMO, however tight your computers security is.

If you've got something like sasser however, you can either patch your system and remove the malware, or just nuke your OS and reinstall...

i got the sasser fresh after a rebuild by clicking on 1 link before putting my AVS on...so my advice is do that first lol

still, why not reinstall windows twice in 1 evening? :p

why didn't you install XP's SP2 or the latest updates before you connected tot the net? If you have a good firewall, you can get the update off the net without getting sasser. I have loads of patches etc and service packs on my backup disk :D

back up disk... huh? whats that lol. when i originally had the bright idea to rebuild i completely forgot that my XP is like build 1.00, so on checking for updates i had about 350Mb to get...whilst d/l those i thought, i know, lets go to www.softpedia.com and get msn msgr 7, stoopid idea that was!

back up disk... huh? whats that lol

A hard disk where I back up stuff off other hard disks and store stuff.

I've reinstalled windows 3 times before in one evening....:D (turned out I was installing on a dodgy disk..)

What does lssas.exe do? I do not have the dreaded Sasser worm as I have checked and have both Norton and McAfee running. However, at times lssas.exe takes over and runs my harddrive using from 40-75% of CPU for about 3 to 5 minutes, then it goes to 0, then back up to 75% for 30 seconds, then back to 0, then back to 70% for another 30 seconds. After that it stops, but during that process, I might as well forget about doing anything. Any one know why and what is happening?