LSASS.exe bet you guyz cant figure this one out - Page 2 - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 04-12-2004, 09:37 PM   #11 (permalink)
Newb Techie
 
Join Date: Jan 2004
Posts: 19
Default

Damn man that helps out alot thankyou , now gonna restart and see what the deal is, ill get back to you asap
__________________

Computa_neerd is offline  
Old 04-12-2004, 10:28 PM   #12 (permalink)
Wizard Techie
 
Join Date: Apr 2004
Posts: 3,247
Default

np, 'bout to head home for the day, though
__________________

__________________
If you argue with an idiot he will drag you down to his level and beat you with experience.

I am not a fast writer.
I am not a slow writer.
I am a half-fast writer.

-Robert Asprin
killians45 is offline  
Old 04-12-2004, 10:28 PM   #13 (permalink)
Newb Techie
 
Join Date: Jan 2004
Posts: 19
Default

ok i did all that but lsass.exe is still increasing by 4 every second... i honestly have no clue now. Theres no spaces its the legit process lsass.exe increasing.

Also ive been getting an error has occured trying to run "C:windows\system32\msg121.cpy.dll",Umonitor" dunno if this ties into anything
Computa_neerd is offline  
Old 04-13-2004, 06:24 PM   #14 (permalink)
Wizard Techie
 
Join Date: Apr 2004
Posts: 3,247
Default

well, it very well could be a virus. doubt it, but there are viruses that will corrupt that. do a search on it. that or a SEVERE memory leak. I would say a virus is more probably than that, though.
__________________
If you argue with an idiot he will drag you down to his level and beat you with experience.

I am not a fast writer.
I am not a slow writer.
I am a half-fast writer.

-Robert Asprin
killians45 is offline  
Old 04-13-2004, 06:29 PM   #15 (permalink)
Wizard Techie
 
Join Date: Apr 2004
Posts: 3,247
Default

actually take a close look. does it say Lsass.exe or lsass.exe (note the lower case, its a virus!!) called ratsu.b
__________________
If you argue with an idiot he will drag you down to his level and beat you with experience.

I am not a fast writer.
I am not a slow writer.
I am a half-fast writer.

-Robert Asprin
killians45 is offline  
Old 04-13-2004, 06:53 PM   #16 (permalink)
Wizard Techie
 
Join Date: Apr 2004
Posts: 3,247
Default

'll just update everyone...
There are NO LONGER msg### files.

It morphed yesterday.
They are using random names now, and much worse!

The {msg) find will find some of the old files that
are no longer active...

Go to regedit (regedt32 in 2K)
Expand:
HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\Guardian<-
*Make a note of the file name there, in System32.

RightClick (top menu>permissions in 2K)>
permissions, uncheck box: "Allow inheritibale permissions"..
Hit ok, and REMOVE on next prompt.
-Restart computer!
Find and delete the <file> that was in that key
along with it's companion from System32:
<file name>.cpy.dll
Go back to registry editor>recheck the permissions box on
that key, right click>
Delete the 'Guardian' folder.

Run SpyBot+Ad-Aware to remove the rest of
the keys+files.

***NOTE: In addition to that they 'hacked' the main
System account of the entire Administartion group!
Some functions (as per the error above) will no longer
work on the system even AFTER the cr@p is gone!
__________________
If you argue with an idiot he will drag you down to his level and beat you with experience.

I am not a fast writer.
I am not a slow writer.
I am a half-fast writer.

-Robert Asprin
killians45 is offline  
Old 04-14-2004, 06:38 PM   #17 (permalink)
Newb Techie
 
Join Date: Jan 2004
Posts: 19
Default

ok so should i just get rid of my c: partition or try to manual mess with the registry the way systematic says?
Computa_neerd is offline  
Old 04-14-2004, 07:08 PM   #18 (permalink)
Wizard Techie
 
Join Date: Apr 2004
Posts: 3,247
Default

sorry, different post anyhow, look and see if lsass or Lsass (not the caps... which one(s) do you have?
__________________
If you argue with an idiot he will drag you down to his level and beat you with experience.

I am not a fast writer.
I am not a slow writer.
I am a half-fast writer.

-Robert Asprin
killians45 is offline  
Old 04-15-2004, 10:20 AM   #19 (permalink)
Newb Techie
 
Join Date: Jan 2004
Posts: 19
Default

i have the lsass.exe, when i went to online way of removing it from registry the keys that it indicates to remove arent there.... on top of that i know its a virus because it just keeps adding 4k every second...horrible, but i think what i should do is just delete the partition and put the stuff on want off that on the other partition i have.
Computa_neerd is offline  
Old 04-15-2004, 03:53 PM   #20 (permalink)
Wizard Techie
 
Join Date: Apr 2004
Posts: 3,247
Default

well, make sure you just dont copy the virus on over. also do a search for lsass.exe virus... there are bound to be several types and a automated removal... but knowing where the problem lies now should help ya.
__________________

__________________
If you argue with an idiot he will drag you down to his level and beat you with experience.

I am not a fast writer.
I am not a slow writer.
I am a half-fast writer.

-Robert Asprin
killians45 is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 01:51 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.