Solved

Anyone know what lsrss.exe is??

Posted on 2004-07-30
3
347 Views
Last Modified: 2007-12-19
Hey experts,

I setup an apache server on a Windows 2000 machine a week ago or so, and an email came in from the web host saying that an IRC client was running on the server (this is a SBC dedicated host).  It's running from C:\winnt\system32\lsrss.exe.   Goggle doesn't turn up anything on this, so that made me worry alot.  Is this probably a virus or what?

-Chris
0
Comment
Question by:Discomonkey
  • 2
3 Comments
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 50 total points
ID: 11679243
There is an lsass.exe that should be there, but there is no file I am aware of called lsrss.exe that should be running.

I believe you are correct in assuming a virus of some sort.

Check the version information on the .exe and if it looks suspicious kill the process and rename the file - then run a complete system virus scan.

Dave Dietz
0
 
LVL 1

Author Comment

by:Discomonkey
ID: 11679477
ran virus scan, turns out there were virus's on there but it had nothing to do with lsrss.exe.

instead its a service Eventask that was running on the machine.  The lsrss.exe process is dependant on this service.  Eventask is a service that was installed by the NT resource kit (srvany.exe) to run the lsrss.exe.  

it wasn't a virus, but I had viruses elsewhere anyway!!!
0
 
LVL 1

Author Comment

by:Discomonkey
ID: 11679479
oh ya, thanks :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now