Solved

Help!  Lsass.exe eats 80% of my memory

Posted on 2006-06-26
2
522 Views
Last Modified: 2008-02-01
Dear all,

I just installed a Windows 2003 Standard Edition (R2) and promote it as a Domain Controller, at the very beginning, it works perfectly.  However, few days later, I found that it is very slow and only 200MB ram left (total 1GB), when I open task manager, it indicates lsass.exe consumes around 600MB of memory, now I would like to know is it possilbe to disable it or remove it.  Thanks in advance.

PS.  I also installed DHCP, IIS on that machine but they are not in use.
0
Comment
Question by:towo2002
2 Comments
 
LVL 10

Expert Comment

by:victornegri
ID: 16989663
You can't disable lsass.exe it's the program that handles all the security for your files and folders. Have you updated the computer with all the critical security patches? There was a worm going around that made it so lsass took up a chunk of RAM and CPU time. I think it was the Sasser worm. You may want to scan your computer for that.
0
 
LVL 32

Accepted Solution

by:
r-k earned 250 total points
ID: 16989915
Yes, I also think scanning for a worm is the best bet. A good way to start would be to run HijackThis (http://www.hijackthis.de/) and post the log back to that web site, then click "analyze" and see what it shows as suspicious.

Here are some suggestions I posted in another similar thread:

This could be due to number of reasons. Among them:

(1) Hardware malfunction

(2) Malware or rootkit

(3) Corrupted user profile

(4) Misbehaving AV or other service or driver.

I would suggest the following:

(a) log-in as a different user - does the problem persist, if so then rule out  option (3) above.

(b) Disable any AV program or anything else unnecessary and see if that helps.

(c) Run Process Explorer from http://www.sysinternals.com/Utilities/ProcessExplorer.html 
    It shows a lot more detail then Task Manager. In particular, if it shows CPU
    time being used by "Interrupts" then there might be a hardware problem.

(d) Scan your system for malware. At the very least, run the following two programs:

 (d.1) RootkitRevealer from: http://www.sysinternals.com/Utilities/RootkitRevealer.html
 (d.2) Download and run HijackThis from http://www.hijackthis.de/
       Copy-and-paste the resulting log back to that same web site (not here)
       Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
       Review for anything unusual.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question