Thanks, this info is very useful. I had said earlier that it's not a virus but your post explains further how it could be one.
Thanks, Rick -- Visit my webpage and podcast feed at: http://www.blind-geek-zone.net and my web Blog at: http://blind-geek-zone.blogspot.com/ Join the BGZ mailing list by sending a blank email message to: [EMAIL PROTECTED] and put subscribe in the subject line. ----- Original Message ----- From: "Victor Gouveia" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, October 05, 2007 4:47 PM Subject: Re: [Blind-Computing] "lsass.exe" Hi Doug, A Google search resulted in the following description of the process. *** What is lsass.exe? Is lsass.exe spyware or a virus? Process name: Local security authentication server Product: Windows Company: Microsoft File: lsass.exe Security Rating: "lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server. It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token. More info Note: The lsass.exe file is located in the folder C:\Windows\System32. In other cases, lsass.exe is a virus, spyware, Trojan or worm! Check this with Security Task Manager. Virus with same name: W32.Nimos.Worm - Symantec Corporation W32.Sasser.E.Worm (Lsasss.exe) - McAfee [EMAIL PROTECTED] - Symantec Corporation *** I also found a site that labelled it as spyware. In essence, all of them said the same thing, That being, if the file is located anywhere else on your system but in the Windows/system32 directory, then it most likely is a file dedicated to spying on your computer and downloading other spyware to your computer. I would run a search of your files and folders, looking for the file named "lsass.exe", and should you find it anywhere else but in the above directory, run spyware software and anti-virus software. Another thing you may want to check, is if the process is running with the tag of system or something else. I believe, but don't quote me on this, but if it's running with the tag of system, you're ok, otherwise, it's spyware. Victor Visit the Blind Computing List home page at: http://www.blind-computing.com Address for the list archives: http://www.mail-archive.com/[email protected]/ To post to this group, send email to [email protected] To unsubscribe from this group, send an email to [EMAIL PROTECTED] For help from Mailman with your account Put the word help in the subject or body of a blank message to: [EMAIL PROTECTED] Use the following form in order to contact the management team http://www.jaws-users.com/BlindComputing.php If you wish to join the JAWS Users List send a blank email to the following address: [EMAIL PROTECTED] Visit the Blind Computing List home page at: http://www.blind-computing.com Address for the list archives: http://www.mail-archive.com/[email protected]/ To post to this group, send email to [email protected] To unsubscribe from this group, send an email to [EMAIL PROTECTED] For help from Mailman with your account Put the word help in the subject or body of a blank message to: [EMAIL PROTECTED] Use the following form in order to contact the management team http://www.jaws-users.com/BlindComputing.php If you wish to join the JAWS Users List send a blank email to the following address: [EMAIL PROTECTED]
