LSASS.exe bet you guyz cant figure this one out

[Computa_neerd]

Damn man that helps out alot thankyou , now gonna restart and see what the deal is, ill get back to you asap

 

[killians45]

np, 'bout to head home for the day, though

 

[Computa_neerd]

ok i did all that but lsass.exe is still increasing by 4 every second... i honestly have no clue now. Theres no spaces its the legit process lsass.exe increasing.

Also ive been getting an error has occured trying to run "C:windows\system32\msg121.cpy.dll",Umonitor" dunno if this ties into anything

 

[killians45]

well, it very well could be a virus. doubt it, but there are viruses that will corrupt that. do a search on it. that or a SEVERE memory leak. I would say a virus is more probably than that, though.

 

[killians45]

actually take a close look. does it say Lsass.exe or lsass.exe (note the lower case, its a virus!!) called ratsu.b

 

[killians45]

'll just update everyone...
There are NO LONGER msg### files.

It morphed yesterday.
They are using random names now, and much worse!

The {msg) find will find some of the old files that
are no longer active...

Go to regedit (regedt32 in 2K)
Expand:
HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\Guardian<-
*Make a note of the file name there, in System32.

RightClick (top menu>permissions in 2K)>
permissions, uncheck box: "Allow inheritibale permissions"..
Hit ok, and REMOVE on next prompt.
-Restart computer!
Find and delete the <file> that was in that key
along with it's companion from System32:
<file name>.cpy.dll
Go back to registry editor>recheck the permissions box on
that key, right click>
Delete the 'Guardian' folder.

Run SpyBot+Ad-Aware to remove the rest of
the keys+files.

***NOTE: In addition to that they 'hacked' the main
System account of the entire Administartion group!
Some functions (as per the error above) will no longer
work on the system even AFTER the cr@p is gone!

 

[Computa_neerd]

ok so should i just get rid of my c: partition or try to manual mess with the registry the way systematic says?

 

[killians45]

sorry, different post anyhow, look and see if lsass or Lsass (not the caps... which one(s) do you have?

 

[Computa_neerd]

i have the lsass.exe, when i went to online way of removing it from registry the keys that it indicates to remove arent there.... on top of that i know its a virus because it just keeps adding 4k every second...horrible, but i think what i should do is just delete the partition and put the stuff on want off that on the other partition i have.

 

[killians45]

well, make sure you just dont copy the virus on over. also do a search for lsass.exe virus... there are bound to be several types and a automated removal... but knowing where the problem lies now should help ya.