Re: lsass.exe and logonui.exe have high cpu usage

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 11/07/04


Date: Sun, 7 Nov 2004 09:27:44 -0500

1) Download the following three items...

         Trend Sysclean Package
         http://www.trendmicro.com/download/dcs.asp

         Latest Trend Pattern File.
         http://www.trendmicro.com/download/pattern.asp

         Adaware SE (free personal version v1.05)
         http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Dowload the Trend Pattern File by obtaining the ZIP file.
For example; lpt238.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
        http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
        platform and clean/delete any infectors/parasites found.
        (a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
        Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
        System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

You can also try some of the below online scanners.

BitDefender:
http://www.bitdefender.com/scan/license.php

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

Freedom Online scanner:
http://www.freedom.net/viruscenter/index.html

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

RAV
http://www.ravantivirus.com/scan/

Symantec:
http://security.symantec.com/

Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com

* * * Please report your results ! * * *

Dave

"Cole Shelton" <scolemann@_NO_SPAM_yahoo.com> wrote in message
news:u6Xy1gJxEHA.3528@TK2MSFTNGP10.phx.gbl...
| Hi all,
|
| Whenever I login remotely to one of my computers via Remote Desktop,
| lsass.exe and logonui.exe begin spiking the cpu every 2-3 seconds. Lsass
| takes about 60-70% and logonui takes 20-30%. This is Windows XP Pro SP2 and
| is a fresh install. I have run Adaware and a scan with Norton just to be
| sure it wasn't a virus. One interesting note is that when I kill the
| logonui process, it automatically comes back, but the cpu ceases to spike
| for either lsass or logonui.
|
| Does anyone have any clues as to what could be causing this? I have tried
| disabling spoolsrv, norton, firewall, and a few other random services, but
| to no avail.
|
| Cole
|
|



Relevant Pages

  • Re: chickens pecking at my ports
    ... (e.g., "c:\New Folder") ... Download Sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ...
    (alt.computer.security)
  • Re: Sasser / w32/sdbot.worm virus
    ... (e.g., "c:\New Folder") ... Download sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Trojan additional
    ... (e.g., "c:\New Folder") ... Download Sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ...
    (microsoft.public.windowsxp.general)
  • Re: IE Homepage Hijack - Naupoint
    ... (e.g., "c:\New Folder") ... Download Sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ...
    (microsoft.public.windowsxp.general)
  • Re: mhtmlredir.exploit
    ... (e.g., "c:\New Folder") ... Download Sysclean.com and place it in that directory. ... If you are using WinME or WinXP, disable System Restore ...
    (microsoft.public.windowsxp.security_admin)