Re: lsass.exe in CPU loop when logging in
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 30 Mar 2006 11:43:07 -0600
Does this happen with all user accounts that you try to logon to or a
specific user account? If it is all user accounts you most likely have some
other issue that could be malware related. Try booting into Safe Mode and
make sure that your computer is clean from malware and spyware [well as
clean as the programs you use can make it]. If you can not logon
successfully to any account in either regular or Safe Mode you may want to
look at using something like Bart's PE to try and clean/repair your
computer. Though I doubt it will help in your case be sure to try last
known good configuration in the alternate startup mode if you can not
logon. --- Steve
<spam@xxxxxxxx> wrote in message
news:1143734103.153938.225120@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Am having exactly the same issue, and am trying to resolve it.
Unfortunately removing all the encrypted files does not solve the
problem, lsass.exe just keeps on running (until it stops). Can anyone
give me any advice on solving this? As said, the CHIPER command shows
no encrypted files.
Also (or maybe connected to the above), I don't understand this part of
your post:
<<remove the contents of the Protect directory (on an XP system the
files are in a directory with a GUID for a name under the Protect
directory)>>
Can you elaborate?
Stewart Berman wrote:
Thank you. Moving the files into a Zip archive solved the startup
problem.
Please note that before you do this you should run: CHIPHER /H /N /U
This will identify all encrypted files on your local drive. You need to
decrypt them before you
remove the contents of the Protect directory (on an XP system the files
are in a directory with a
GUID for a name under the Protect directory). Once you remove the
contents of the directory you
cannot decrypt files that were encrypted earlier. You can still encrypt
files after you empty the
directory and you will be able to decrypt those.
Stu
"Joe Hubele" <Joe Hubele@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Thanks to this posting, I realized I had also copied encrypted files
causing
lsass.exe to take over the system for several minutes after logon. The
problem profile was a member of the administrators group and so I did
not
suspect a security issue.
I decrypted the local files and disabled EFS but it did not help. After
a
lot of searching and head scratching, I finally found a bunch of files
under
C:\Documents and Settings\problemuser\Application Data\Microsoft\Protect
in
one of the directories. The directory was created at the time the data
was
pushed to the problem target system. In my case, it contained over
16,000
files. I moved the new directory out of the Protect directory to
eliminate
the CPU hit after logon.
.
- Follow-Ups:
- Re: lsass.exe in CPU loop when logging in
- From: spam
- Re: lsass.exe in CPU loop when logging in
- References:
- Re: lsass.exe in CPU loop when logging in
- From: Stewart Berman
- Re: lsass.exe in CPU loop when logging in
- From: spam
- Re: lsass.exe in CPU loop when logging in
- Prev by Date: Re: Lost a user account
- Next by Date: Re: how to enable pop-up windows?
- Previous by thread: Re: lsass.exe in CPU loop when logging in
- Next by thread: Re: lsass.exe in CPU loop when logging in
- Index(es):
Relevant Pages
|
|
