Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

HijackThis automated log analyzer! Submit a log and you will receive ALL the information we have in our DB's on everything on your system INSTANTLY!

lsass.exe


Click here to scan for lsass.exe Related Errors and Optimize PC performance

What is it?
Local Security Authentication Server - lsass.exe

What does it do?
lsass.exe - It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.

You will not be able to end this through task manager!

From MS



The lsass.exe which is from Microsoft is located at c:windowsSystem32lsass.exe . there's a few viruses that have been found to run as lsass.exe to hide from you.
Fix lsass.exe Errors: Free Scan

Recommended: Free PC Speed Test - what is slowing down your PC?


lsass.exe is a Windows System File and should be in a system directory. If it is then this application is safe.

Startup DB Entries:
[AASSKK2]"Added by the SILLYFDC.BDB WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%" b
[FriendlyType]"Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!" b
[ilasss]"Added by the INJECT-GZ TROJAN! Note - the legitimate lsass.exe process should not normally figure in Msconfig/Startup!" b
[Local Authority Service]"Added by the MARKTMAN-C TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%" b
[LSA Service]"Added by the AHKER.G WORM! Note - this is not the legitimate lsass.exe processb
[LSA Shell (Export Version)]"Added by the AHKER.K WORM and variants. Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%" b
[LSA Shellu]"Added by the AUTORUN-CW WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %UserProfile%" b
[LSAShell]"Added by the DAPROSY WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%" b
[lsass]"Added by the RATSOU.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Debug\UserMode" b
[Microsoft Authority Service]"Added by the KALEL-D WORM! Note - this is not the legitimate lsass.exe processb
[Microsoft Lsass Manager]"Added by a variant of the SDBOT WORM! Note - this is not the legitimate lsass.exe processb
[Microsoft UPDATER32]"Added by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!" b
[MS Security Authority Service]"Added by the KALEL-B WORM! Note - this is not the legitimate lsass.exe processb
[Msnmsgr.exe]"Added by the DWNLDR-GWE TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in the root directory (i.e. C:\ or D:\)" b
[NortonAntivirus]"Added by the PEXMOR WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%\Temp" b
[NviDiaGT]"Added by the AUTORUN-DV WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ~A~m~B~u~R~a~D~u~L~ subfolder" b
[RegDoneEx]"Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!" b
[RsWin]"Added by the DELCANTI-B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in a ""12053"" subfolder" b
[RTHDBPL]"Added by the ROUTROBOT WORM! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %AppData%\SystemProc" b
[ServicesLoad]"Added by the DEARIS-A TROJAN! Note - this is not the legitimate lsass.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%" b

Service DB Entries:
System Event Notification Service Added by the Troj/Agent-AD TROJAN!
Spool SubSystem App Added by the W32/Tilebot-HD WORM! Note: This worm rojan is located in C:%WINDIR% folder. Note: This
rundll32.exe Added by an unidentified TROJAN! of the Sdbot family. Note: This worm rojan is located in C:%WINDIR%
Proveedor de asistencia de seguridad LM de Windows NT Spanish Windows 2000 NT LM security support provider
Microsoft sdk core (sdk) Added by the Troj/IRCBot-PF TROJAN! Note: Located in C:%WINDIR%
lsass (lsass) Added by the W32/Rbot-AIC WORM! Note: This is not the legitimate Windows process. (Which is always f
LSA Shel (Export Version) Added by the W32/Tilebot-HQ WORM! Note: This worm rojan is located in C:%WINDIR% folder.
Local Security Authority System Service (lsass) Added by the W32/Rbot-AJA WORM! Note: This is not the legitimate Windows process lsass.exe (Which is
Local Security Authority Subsystem Service (lsass) Added by the W32/Tilebot-AK or W32.Spybot.ABDO WORM! Note: This is not the legitimate Windows proces
Inicio de sesiĆ³n red Spanish Windows 2000 net logon
Agente de directivas IPSEC Spanish Windows 2000 IPSEC policy agent
Administrador de cuentas de seguridad Spanish Windows 2000 security accounts manager
Windows lsass Service (lsass) Added by the W32/Rbot-AGD WORM! Located in C:WINDOWSlsass.exe (9XXP) or C:Winntlsass.exe (NT2000) No
Windows Network Security Service (lsass) Added by an unidentified TROJAN! of the Sdbot family. Note: This worm rojan is located in C:%WINDIR%

Disclaimer

Every attempt has been made to ensure the information about lsass.exe is accurate but alot of malware applications try to pose as valid applications. If it is something other than what was posted above please leave some feedback in the forum.
Printer Friendly

User Comments
TammyTried to start computer and getting error message lsass.exe operation failed
MeganI tried to start up my computer this morning and instead of letting me log in it popped up a notice about lsass.exe. After I clicked "OK" the screen just remained blank. How am I supposed to get rid of the virus if I can't log into the computer to delete it? (I'm on a school computer right now.)
Andi CI don't know if you got your answer yet, but I'm trying to remove the bad copy of lsass.exe by slaving the drive to another computer, that way the operating system and any softwares for that drive aren't running and you can run scans, and manipulate files without having to be able to bootup (from my experience the lsass error i was getting wouldn't even let me bootup, and the lsass.exe that was a bad file was hidden even with hidden and system files showing in the folder it was in).
nameI can't even get to my use log on screen. All I get is a message stating my ls.ass.exe file has the wrong parameters. All I can do is reboot, and that just brings up the message again.
JuanI got the lsass.exe and a box that reads samlib.dll not found . I cant even get the OS to star. what can I do?
SSwhen trying to boot up/logon XP, i get the lsass.exe error message box. when I select o.k. screen goes blank again. How do I get rid of this if I can't get pass the message box?
gormaniliusthe date is 4/21 I just got this too, same as the 2 posters b4 me. I tried safe mode, no go, tried last good configuration, no go. I am about to try cmd prompt, which I have no clue what to do after. press f8 at startup to get to these options
sandeeplogin properly but err showing every time lsass.exe has been curpt. how can be repair for this give me the positive solution
Windows Files
lsass.exe | csrss.exe | alg.exe | dwwin.exe | Svchost.exe | Spoolsv.exe | wowexec.exe | cidaemon.exe | wmiprvse.exe | ctfmon.exe | Winlogon.exe | wuauclt.exe | Smss.exe | msmsgs.exe | rundll32.exe | mdm.exe | ntvdm.exe | wscntfy.exe | explorer.exe | ntdll.dll | iexplore.exe | msdxm.ocx | wisptis.exe | wdfmgr.exe | MsiExec.exe | PDVDServ.exe | DLLhost.exe | gcasdtserv.exe | shdoclc.dll | Winmgmt.exe | cisvc.exe | oleaut32.dll | taskmgr.exe | inetinfo.exe | Shell32.dll | mspmspsv.exe | internat.exe | hal.dll | comctl32.dll | mstask.exe |