Solved

Anyone know what lsrss.exe is??

Posted on 2004-07-30
3
355 Views
Last Modified: 2007-12-19
Hey experts,

I setup an apache server on a Windows 2000 machine a week ago or so, and an email came in from the web host saying that an IRC client was running on the server (this is a SBC dedicated host).  It's running from C:\winnt\system32\lsrss.exe.   Goggle doesn't turn up anything on this, so that made me worry alot.  Is this probably a virus or what?

-Chris
0
Comment
Question by:Discomonkey
  • 2
3 Comments
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 50 total points
ID: 11679243
There is an lsass.exe that should be there, but there is no file I am aware of called lsrss.exe that should be running.

I believe you are correct in assuming a virus of some sort.

Check the version information on the .exe and if it looks suspicious kill the process and rename the file - then run a complete system virus scan.

Dave Dietz
0
 
LVL 1

Author Comment

by:Discomonkey
ID: 11679477
ran virus scan, turns out there were virus's on there but it had nothing to do with lsrss.exe.

instead its a service Eventask that was running on the machine.  The lsrss.exe process is dependant on this service.  Eventask is a service that was installed by the NT resource kit (srvany.exe) to run the lsrss.exe.  

it wasn't a virus, but I had viruses elsewhere anyway!!!
0
 
LVL 1

Author Comment

by:Discomonkey
ID: 11679479
oh ya, thanks :)
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remote Desktop Services 2012 R2 - Assigning multiple users to Virtual Desktop 1 58
PHP7 and Sql Server Windows 2008 R2 13 205
IIS redirect 1 77
Finding the IIS version 5 21
Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question