Solved

Help!  Lsass.exe eats 80% of my memory

Posted on 2006-06-26
2
514 Views
Last Modified: 2008-02-01
Dear all,

I just installed a Windows 2003 Standard Edition (R2) and promote it as a Domain Controller, at the very beginning, it works perfectly.  However, few days later, I found that it is very slow and only 200MB ram left (total 1GB), when I open task manager, it indicates lsass.exe consumes around 600MB of memory, now I would like to know is it possilbe to disable it or remove it.  Thanks in advance.

PS.  I also installed DHCP, IIS on that machine but they are not in use.
0
Comment
Question by:towo2002
2 Comments
 
LVL 10

Expert Comment

by:victornegri
ID: 16989663
You can't disable lsass.exe it's the program that handles all the security for your files and folders. Have you updated the computer with all the critical security patches? There was a worm going around that made it so lsass took up a chunk of RAM and CPU time. I think it was the Sasser worm. You may want to scan your computer for that.
0
 
LVL 32

Accepted Solution

by:
r-k earned 250 total points
ID: 16989915
Yes, I also think scanning for a worm is the best bet. A good way to start would be to run HijackThis (http://www.hijackthis.de/) and post the log back to that web site, then click "analyze" and see what it shows as suspicious.

Here are some suggestions I posted in another similar thread:

This could be due to number of reasons. Among them:

(1) Hardware malfunction

(2) Malware or rootkit

(3) Corrupted user profile

(4) Misbehaving AV or other service or driver.

I would suggest the following:

(a) log-in as a different user - does the problem persist, if so then rule out  option (3) above.

(b) Disable any AV program or anything else unnecessary and see if that helps.

(c) Run Process Explorer from http://www.sysinternals.com/Utilities/ProcessExplorer.html
    It shows a lot more detail then Task Manager. In particular, if it shows CPU
    time being used by "Interrupts" then there might be a hardware problem.

(d) Scan your system for malware. At the very least, run the following two programs:

 (d.1) RootkitRevealer from: http://www.sysinternals.com/Utilities/RootkitRevealer.html
 (d.2) Download and run HijackThis from http://www.hijackthis.de/
       Copy-and-paste the resulting log back to that same web site (not here)
       Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
       Review for anything unusual.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now