?
Solved

Help!  Lsass.exe eats 80% of my memory

Posted on 2006-06-26
2
Medium Priority
?
527 Views
Last Modified: 2008-02-01
Dear all,

I just installed a Windows 2003 Standard Edition (R2) and promote it as a Domain Controller, at the very beginning, it works perfectly.  However, few days later, I found that it is very slow and only 200MB ram left (total 1GB), when I open task manager, it indicates lsass.exe consumes around 600MB of memory, now I would like to know is it possilbe to disable it or remove it.  Thanks in advance.

PS.  I also installed DHCP, IIS on that machine but they are not in use.
0
Comment
Question by:towo2002
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 10

Expert Comment

by:victornegri
ID: 16989663
You can't disable lsass.exe it's the program that handles all the security for your files and folders. Have you updated the computer with all the critical security patches? There was a worm going around that made it so lsass took up a chunk of RAM and CPU time. I think it was the Sasser worm. You may want to scan your computer for that.
0
 
LVL 32

Accepted Solution

by:
r-k earned 1000 total points
ID: 16989915
Yes, I also think scanning for a worm is the best bet. A good way to start would be to run HijackThis (http://www.hijackthis.de/) and post the log back to that web site, then click "analyze" and see what it shows as suspicious.

Here are some suggestions I posted in another similar thread:

This could be due to number of reasons. Among them:

(1) Hardware malfunction

(2) Malware or rootkit

(3) Corrupted user profile

(4) Misbehaving AV or other service or driver.

I would suggest the following:

(a) log-in as a different user - does the problem persist, if so then rule out  option (3) above.

(b) Disable any AV program or anything else unnecessary and see if that helps.

(c) Run Process Explorer from http://www.sysinternals.com/Utilities/ProcessExplorer.html 
    It shows a lot more detail then Task Manager. In particular, if it shows CPU
    time being used by "Interrupts" then there might be a hardware problem.

(d) Scan your system for malware. At the very least, run the following two programs:

 (d.1) RootkitRevealer from: http://www.sysinternals.com/Utilities/RootkitRevealer.html
 (d.2) Download and run HijackThis from http://www.hijackthis.de/
       Copy-and-paste the resulting log back to that same web site (not here)
       Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
       Review for anything unusual.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question