lsass.exe

[gareth5506]

In the last couple of days, when I boot up my computer, I have been getting a message that says lsass.exe cannot be found. My AVG Free kicked in and told me this was a threat. Having not heard of the file before, I thought it was best to quarantine the file, instead of clicking 'Heal'. However, I am still getting this message when I boot up.

After doing some research, I discovered this could be a trojan and one website suggested that I should scan the lsass.exe file. Making sure AVG was up to date first, I scanned the file and it said the file wasn't infected.

There has been no changes to my computer's behaviour apart from the message that pops up during boot up.

How can I solve this please?

Thank you in advance,

Gareth

[bricat]

please go HERE

At the top, click on BROWSE. AND BROWSE TO this file on your computer :-

C:\windows\system32\lsass.exe

click on it to highlite it and then click SUBMIT.

the file will be scanned by various virus scanners.

please wait until the results come up, then post the results back here.

[gareth5506]

Thanks Bricat, but the website you told me to go to says it cannot be found. I tried to go to their homepage, but still get the same message!

Also, I read the dialogue box message I get on boot up before coming on here and it said the file missing was located at C:\WINDOWS\Config not C:\windows\system32\lsass.exe like you said, although I do have the file lsass.exe located at C:\windows\system32

I hope that all makes sense and that you or someone else can help me further.

Thank you,

Gareth

[bricat]

[ QUOTE ]
but the website you told me to go to says it cannot be found

[/ QUOTE ]

does that mean the WEBSITE can't be found or the FILE can't be found ?

if it's the website that can't be found :-

Download the <font color="#FF0000">HostsXpert 4.2 - Hosts File Manager</font>.
<ul type="square">[*]Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager[*]Run HostsXpert 4.2 - Hosts File Manager from its new home[*]Click on "File Handling".[*]Click on "Restore MS Hosts File".[*]Click OK on the Confirmation box.[*]Click on "Make Read Only?"[*]Click the X to exit the program.[*]Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.[/list]
then try the site again

[gareth5506]

It just said Requested URL "/en-GB" was not found on this server. Tried to go to http://virusscan.jotti.org but got the same message.

Thanks,

Gareth

[bricat]

did you install HOSTEXPERT and try again ?

[gareth5506]

No because I don't understand what you mean by "Note: If you were using a custom Hosts file you will need to replace any of those entries yourself."

Sorry but I'm new to all this and don't want to do something that will cause further problems.

Thanks,

[bricat]

[ QUOTE ]
"Note: If you were using a custom Hosts file you will need to replace any of those entries yourself."

[/ QUOTE ]

If you don't know what a custom hosts file is then you obviously aren't using one, because you would have to install it yourself.
so it is ok to install HOSTEXPERT.

[gareth5506]

Dowloaded and installed the program, followed your easy step by step instructions, went back to the website and still got the same message saying the website cannot be found. I tried in both Opera and IE, but no luck!

I did find this website if it's any use http://ask-leo.com/what_are_lsass_lsasse...do_if_i_am.html

Although I'm only getting a dialogue box saying the file is missing. I'm not getting the countdown or being asked to shutdown.

Sorry for all the hastle.

Thanks,

[bricat]

I doubt very much it is the sasser virus, that one isn't around anymore.

Please download ComboFix from Here or Here to your Desktop.

<font color="Blue">**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**</font>

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   <ul type="square">
4. <font color="red">Very Important!</font> Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
5. <font color="green">Click on</font> this link <font color="green">to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.</font>
   

<ul type="square">[*]Close any open browsers.[*]<font color="Red">WARNING:</font> Combofix will disconnect your machine from the Internet as soon as it starts[*]Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.[*]If there is no internet connection after running Combofix, then restart your computer to restore back your connection.[/list][*]Double click on combofix.exe &amp; follow the prompts.[*]When finished, it will produce a report for you. [*]Please post the "C:\ComboFix.txt" In the HJT forum[/list]<font color="blue">**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**</font>

P.S

can you please STOP putting your website at the bottom of your posts.
advertising is not allowed on the forum.