Re: lsass.exe and logonui.exe have high cpu usage
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: Sun, 7 Nov 2004 09:27:44 -0500
1) Download the following three items...
Trend Sysclean Package
Latest Trend Pattern File.
Adaware SE (free personal version v1.05)
Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
Download Sysclean.com and place it in that directory.
Dowload the Trend Pattern File by obtaining the ZIP file.
For example; lpt238.zip
Extract the contents of the ZIP file and place the contents in the same directory as
2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point
You can also try some of the below online scanners.
Freedom Online scanner:
* * * Please report your results ! * * *
"Cole Shelton" <scolemann@_NO_SPAM_yahoo.com> wrote in message
| Hi all,
| Whenever I login remotely to one of my computers via Remote Desktop,
| lsass.exe and logonui.exe begin spiking the cpu every 2-3 seconds. Lsass
| takes about 60-70% and logonui takes 20-30%. This is Windows XP Pro SP2 and
| is a fresh install. I have run Adaware and a scan with Norton just to be
| sure it wasn't a virus. One interesting note is that when I kill the
| logonui process, it automatically comes back, but the cpu ceases to spike
| for either lsass or logonui.
| Does anyone have any clues as to what could be causing this? I have tried
| disabling spoolsrv, norton, firewall, and a few other random services, but
| to no avail.