Re: lsass.exe?

From: Ian Kenefick (ian_kenefick_at_eircom.net)
Date: 04/26/05


Date: Tue, 26 Apr 2005 02:11:19 +0100

On Mon, 25 Apr 2005 17:25:38 -0700, "Dean J Garrett"
<info@amuletc.com> wrote:

>I see a file in c:\windows\system32 called lsass.exe
>
>Is this a virus? Can I delete it? I ran TrendMicro sysclean, but it was not
>identified as a virus.
>
>I can no longer login to my Windows Server 2003 Enterprise Ed.
>The minute I do, I get a message saying
>
>"Shutdown initiated by NT AUTHORITY SYSTEM
>c:\windows\system32\services.exe (or sometimes it says lsass.exe) terminated
>unexpectedly"
>
>It then reboots, and the same thing happens again... If I reboot in Safe
>Mode, this doesn't happen. What can I do??? Thank you!

In addition to what Dave has said you need to apply the latest
security patches from Microsoft. In this situation Google MS04-011
which patches a vulnerability in this service.

Regards,
Ian Kenefick
http://antivirus.ik-cs.com