?
Solved

Anyone know what lsrss.exe is??

Posted on 2004-07-30
3
Medium Priority
?
362 Views
Last Modified: 2007-12-19
Hey experts,

I setup an apache server on a Windows 2000 machine a week ago or so, and an email came in from the web host saying that an IRC client was running on the server (this is a SBC dedicated host).  It's running from C:\winnt\system32\lsrss.exe.   Goggle doesn't turn up anything on this, so that made me worry alot.  Is this probably a virus or what?

-Chris
0
Comment
Question by:Discomonkey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 200 total points
ID: 11679243
There is an lsass.exe that should be there, but there is no file I am aware of called lsrss.exe that should be running.

I believe you are correct in assuming a virus of some sort.

Check the version information on the .exe and if it looks suspicious kill the process and rename the file - then run a complete system virus scan.

Dave Dietz
0
 
LVL 1

Author Comment

by:Discomonkey
ID: 11679477
ran virus scan, turns out there were virus's on there but it had nothing to do with lsrss.exe.

instead its a service Eventask that was running on the machine.  The lsrss.exe process is dependant on this service.  Eventask is a service that was installed by the NT resource kit (srvany.exe) to run the lsrss.exe.  

it wasn't a virus, but I had viruses elsewhere anyway!!!
0
 
LVL 1

Author Comment

by:Discomonkey
ID: 11679479
oh ya, thanks :)
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today I came across an interesting issue that had me pulling my hair out.  I was troubleshooting a new internal web site which uses integrated security instead of anonymous.  When browsing the site from my laptop, I was able to access it with no iss…
First of all, clustering IIS is something you should rarely consider doing. In almost all cases, Microsoft Network Load Balancing (NLB) (http://technet.microsoft.com/en-us/library/cc758834(WS.10).aspx) is a much better solution when you need to p…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question