Isass.exe

[simon]

My firewell came up with a message to the effcet that "Isass.exe" was trying
to access the internet. This was the first time that I had had this message
so I denied access. A search on Google came up with lots of articles
referring to virus' and trojans. However, I also found the article below:

""sass.exe" is the Local Security Authentication Server. It verifies the
validity of user logons to your PC/Server. It generates the process
responsible for authenticating users for the Winlogon service. This process
is performed by using authentication packages such as the default
Msgina.dll. If authentication is successful, Lsass generates the user's
access token, which is used to launch the initial shell. Other processes
that the user initiates inherit this token. More info

Note: The lsass.exe file is located in the c:\windows\System32 folder. In
other cases, lsass.exe is a virus, spyware, trojan or worm! Check this with
Security Task Manager."

How can I decide, beyond reasonable doubt, wether I have an infection?

 

[Beauregard T. Shagnasty]

My firewell came up with a message to the effcet that "Isass.exe"
was trying to access the internet. This was the first time that I
had had this message so I denied access. A search on Google came
up with lots of articles referring to virus' and trojans. However,
I also found the article below:

In your subject line, and above, you say "isass.exe" and below you say
"lsass.exe". That's an I and an L. Which is it?

""sass.exe" is the Local Security Authentication Server. It
verifies the validity of user logons to your PC/Server. It
generates the process responsible for authenticating users for the
Winlogon service. This process is performed by using authentication
packages such as the default Msgina.dll. If authentication is
successful, Lsass generates the user's access token, which is used
to launch the initial shell. Other processes that the user
initiates inherit this token. More info

Note: The lsass.exe file is located in the c:\windows\System32
folder. In other cases, lsass.exe is a virus, spyware, trojan or
worm! Check this with Security Task Manager."

How can I decide, beyond reasonable doubt, wether I have an
infection?

Google turns up this for "I"sass.exe:
http://www.liutilities.com/products/wintaskspro/processlibrary/isass/

If it is "L"sass.exe and you still have problems, it could be the
Sasser worm.
<http://ask-leo.com/what_are_lsass_l...know_if_im_infected_what_do_i_do_if_i_am.html>

(Weird URL, eh?)

 

[Wattsville Blues]

My firewell came up with a message to the effcet that "Isass.exe" was trying
to access the internet. This was the first time that I had had this message
so I denied access. A search on Google came up with lots of articles
referring to virus' and trojans. However, I also found the article below:

""sass.exe" is the Local Security Authentication Server. It verifies the
validity of user logons to your PC/Server. It generates the process
responsible for authenticating users for the Winlogon service. This process
is performed by using authentication packages such as the default
Msgina.dll. If authentication is successful, Lsass generates the user's
access token, which is used to launch the initial shell. Other processes
that the user initiates inherit this token. More info

Note: The lsass.exe file is located in the c:\windows\System32 folder. In
other cases, lsass.exe is a virus, spyware, trojan or worm! Check this with
Security Task Manager."

How can I decide, beyond reasonable doubt, wether I have an infection?

Scan with AV defs up to date. Deny lsass access - if things work ok with
it blocked, then to hell with it.

Lsass is actually a legit Windows thing so far as I know, but lsasss
(three 's' letters after the 'a') is dodgy.