From: Ian Kenefick (ian_kenefick_at_eircom.net)
Date: Tue, 26 Apr 2005 02:11:19 +0100
On Mon, 25 Apr 2005 17:25:38 -0700, "Dean J Garrett"
>I see a file in c:\windows\system32 called lsass.exe
>Is this a virus? Can I delete it? I ran TrendMicro sysclean, but it was not
>identified as a virus.
>I can no longer login to my Windows Server 2003 Enterprise Ed.
>The minute I do, I get a message saying
>"Shutdown initiated by NT AUTHORITY SYSTEM
>c:\windows\system32\services.exe (or sometimes it says lsass.exe) terminated
>It then reboots, and the same thing happens again... If I reboot in Safe
>Mode, this doesn't happen. What can I do??? Thank you!
In addition to what Dave has said you need to apply the latest
security patches from Microsoft. In this situation Google MS04-011
which patches a vulnerability in this service.