Solved

lsass.exe warning from Norton 360

Posted on 2011-09-03
6
531 Views
Last Modified: 2012-05-12
Hi all,

I received the warning below this AM. Does anyone know if this represents a security threat?

I have received Norton 360 Performance Alerts in the past, but this is the first time I don't really know if it a problem or not.

Have any of you dealt with this warning before? I checked on Google, but could not find anythine definitive. Any input would be appreciated.

Tanks,
PaulSauve lsass.exel alert from Norton 360
0
Comment
Question by:Paul Sauvé
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 32

Accepted Solution

by:
_ earned 250 total points
ID: 36478898
It could be the real Windows file, or the Sasser worm.
The "quick and dirty" way to check is this:

Note: The lsass.exe file is located in the folder C:\Windows\System32. In other cases, lsass.exe is a virus, spyware, trojan or worm!
http://www.neuber.com/taskmanager/process/lsass.exe.html
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 36478919
Try uploading the file to Jotti: http://virusscan.jotti.org/en

Is your system fully updated/patched?
0
 
LVL 16

Assisted Solution

by:Nenad Rajsic
Nenad Rajsic earned 250 total points
ID: 36479173
click on "locate this file" then run it through http://www.virustotal.com/

also note the file name difference uppercase i (I) and lowercase L (l) look the same. Symantec would block and remove that file if it was W32.Nimos.Worm. I think it's just reporting unusual behaviour. Run the file through virus total just to be safe
0
SuperAntiSpyware Licenses Discounted by 25% !

Exclusive offer to Experts Exchange Members!
Buy SuperAntiSpyware License(s) from us and save 25% on the regular purchase price.
- Includes Full SuperAntiSpyware Vendor Support Entitlements
- Your Subscription does not begin until you activate your license
- Buy for your friends

 
LVL 32

Author Comment

by:Paul Sauvé
ID: 36480819
Every thing is A OK - I used "Locate this" in Norton 360 and found this: Correct file!Sometimes when I search for a file with Windows Explorer, even it the file exists, I get zero results!

Problem solved!
0
 
LVL 32

Author Closing Comment

by:Paul Sauvé
ID: 36480832
coral47 - where the file is located!

vukovarcan - click on "locate this file" (I usually do, but I forgot)
0
 
LVL 32

Expert Comment

by:_
ID: 36481627
Good to hear.   : )
0

Featured Post

Increase your protection from Zero Day threats!

Running two Antivirus' is never a good idea.
Taking advantage of Multiple Security layers on the other hand can often save your hide.
See which top notch security software brands have been proven to happily coexist together.
Reduce your chances of becoming a statistic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Trojan 28 117
Powershell Script to check all the SSL certificates provided by CA 9 79
Check Spoof email 6 70
Utility to Scan for Unauthorized Access 4 33
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question