Solved

Help!  Lsass.exe eats 80% of my memory

Posted on 2006-06-26
2
521 Views
Last Modified: 2008-02-01
Dear all,

I just installed a Windows 2003 Standard Edition (R2) and promote it as a Domain Controller, at the very beginning, it works perfectly.  However, few days later, I found that it is very slow and only 200MB ram left (total 1GB), when I open task manager, it indicates lsass.exe consumes around 600MB of memory, now I would like to know is it possilbe to disable it or remove it.  Thanks in advance.

PS.  I also installed DHCP, IIS on that machine but they are not in use.
0
Comment
Question by:towo2002
2 Comments
 
LVL 10

Expert Comment

by:victornegri
ID: 16989663
You can't disable lsass.exe it's the program that handles all the security for your files and folders. Have you updated the computer with all the critical security patches? There was a worm going around that made it so lsass took up a chunk of RAM and CPU time. I think it was the Sasser worm. You may want to scan your computer for that.
0
 
LVL 32

Accepted Solution

by:
r-k earned 250 total points
ID: 16989915
Yes, I also think scanning for a worm is the best bet. A good way to start would be to run HijackThis (http://www.hijackthis.de/) and post the log back to that web site, then click "analyze" and see what it shows as suspicious.

Here are some suggestions I posted in another similar thread:

This could be due to number of reasons. Among them:

(1) Hardware malfunction

(2) Malware or rootkit

(3) Corrupted user profile

(4) Misbehaving AV or other service or driver.

I would suggest the following:

(a) log-in as a different user - does the problem persist, if so then rule out  option (3) above.

(b) Disable any AV program or anything else unnecessary and see if that helps.

(c) Run Process Explorer from http://www.sysinternals.com/Utilities/ProcessExplorer.html 
    It shows a lot more detail then Task Manager. In particular, if it shows CPU
    time being used by "Interrupts" then there might be a hardware problem.

(d) Scan your system for malware. At the very least, run the following two programs:

 (d.1) RootkitRevealer from: http://www.sysinternals.com/Utilities/RootkitRevealer.html
 (d.2) Download and run HijackThis from http://www.hijackthis.de/
       Copy-and-paste the resulting log back to that same web site (not here)
       Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
       Review for anything unusual.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question