Solved

Anyone know what lsrss.exe is??

Posted on 2004-07-30
3
351 Views
Last Modified: 2007-12-19
Hey experts,

I setup an apache server on a Windows 2000 machine a week ago or so, and an email came in from the web host saying that an IRC client was running on the server (this is a SBC dedicated host).  It's running from C:\winnt\system32\lsrss.exe.   Goggle doesn't turn up anything on this, so that made me worry alot.  Is this probably a virus or what?

-Chris
0
Comment
Question by:Discomonkey
  • 2
3 Comments
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 50 total points
ID: 11679243
There is an lsass.exe that should be there, but there is no file I am aware of called lsrss.exe that should be running.

I believe you are correct in assuming a virus of some sort.

Check the version information on the .exe and if it looks suspicious kill the process and rename the file - then run a complete system virus scan.

Dave Dietz
0
 
LVL 1

Author Comment

by:Discomonkey
ID: 11679477
ran virus scan, turns out there were virus's on there but it had nothing to do with lsrss.exe.

instead its a service Eventask that was running on the machine.  The lsrss.exe process is dependant on this service.  Eventask is a service that was installed by the NT resource kit (srvany.exe) to run the lsrss.exe.  

it wasn't a virus, but I had viruses elsewhere anyway!!!
0
 
LVL 1

Author Comment

by:Discomonkey
ID: 11679479
oh ya, thanks :)
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question