Lsass.exe problem

[Herb]

I started having problems with Lsass.exe on my Windows 2000 PC, i.e.
occasionally Lsass.exe starts running and takes over all available CPU
resources, and in a rather 'aggressive' way, i.e. the whole system
grinds to a halt and apparently all I can do is restart the PC -
although it takes ages for all running processes to close, and when this
Lsass.exe problem happens it is very tempting to just 'pull the plug' :-(

This page:
http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/
says lsass.exe "is important for the stable and secure running of your
computer and should not be terminated", or it could be trojan or a
'downloader' and "should be removed immediately".

However, I am a little reluctant to run the 'free registry scan'
available from the above site in the form of a program called
registryboosterplib.exe

This appears to be relevant: http://support.microsoft.com/?kbid=842382,
but I'm not sure I understand the issues listed under "Causes".

The first item under "Symptoms" is definitely true, but where do I find
the "Directory Services event log" so that I can check the second item
listed under "Symptoms"?

Thank you.

Regards

Herbert Eppel

 

[Dave Patrick]

Is this a DC? If not the article probably doesn't apply. Say no to "registry
cleaners" Check the system Event logs for error details.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
|I started having problems with Lsass.exe on my Windows 2000 PC, i.e.
| occasionally Lsass.exe starts running and takes over all available CPU
| resources, and in a rather 'aggressive' way, i.e. the whole system
| grinds to a halt and apparently all I can do is restart the PC -
| although it takes ages for all running processes to close, and when this
| Lsass.exe problem happens it is very tempting to just 'pull the plug' :-(
|
| This page:
| http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/
| says lsass.exe "is important for the stable and secure running of your
| computer and should not be terminated", or it could be trojan or a
| 'downloader' and "should be removed immediately".
|
| However, I am a little reluctant to run the 'free registry scan'
| available from the above site in the form of a program called
| registryboosterplib.exe
|
| This appears to be relevant: http://support.microsoft.com/?kbid=842382,
| but I'm not sure I understand the issues listed under "Causes".
|
| The first item under "Symptoms" is definitely true, but where do I find
| the "Directory Services event log" so that I can check the second item
| listed under "Symptoms"?
|
| Thank you.
|
| Regards
|
| Herbert Eppel
| --
| www.HETranslation.co.uk

 

[Herb]

Is this a DC? If not the article probably doesn't apply. Say no to "registry
cleaners" Check the system Event logs for error details.

Thanks for the quick reply.

I don't even know what a Directory Service is, so I guess the answer to
your question is no

It's a normal, stand-alone Windows 2000 PC.

Please excuse my ignorance, but where do I find the system Event logs?

Thank you.

Herbert Eppel

 

[Herb]

Thanks for the quick reply.

I don't even know what a Directory Service is, so I guess the answer to
your question is no

It's a normal, stand-alone Windows 2000 PC.

Please excuse my ignorance, but where do I find the system Event logs?

Found it, and it would appear that my system does indeed have some
problems, although I have to investigate further before I can ask a few
more specific questions.

Regards

Herbert Eppel

 

[Herb]

Found it, and it would appear that my system does indeed have some
problems, although I have to investigate further before I can ask a few
more specific questions.

I ran a system scan with F-Secure, and it did come up with several
'trojan downloader' instances (whatever they are!?), apparently
contained in my Thunderbird Junk and Trash folders.

F-Secure was unable to remove them, but the problem appeared to persist
even after I emptied and compacted the Junk and Trash folders.

To make matters worse, Windows 2000 now consistently comes up with BSOD
towards the end of the F-Secure process, saying something like
"Unexpected kernel ... trap" and "Physical memory dump".

Any suggestions?

Thank you.

Herbert Eppel

 

[Dave Patrick]

If nothing else you can at least recover your data from the parallel install
prior to rebuilding the operating system.

This article may also help you.

http://support.microsoft.com/default.aspx?scid=kb;en-us;266465

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| I ran a system scan with F-Secure, and it did come up with several
| 'trojan downloader' instances (whatever they are!?), apparently
| contained in my Thunderbird Junk and Trash folders.
|
| F-Secure was unable to remove them, but the problem appeared to persist
| even after I emptied and compacted the Junk and Trash folders.
|
| To make matters worse, Windows 2000 now consistently comes up with BSOD
| towards the end of the F-Secure process, saying something like
| "Unexpected kernel ... trap" and "Physical memory dump".
|
| Any suggestions?
|
| Thank you.
|
| Herbert Eppel
| --
| www.HETranslation.co.uk

 

[Herb]

If nothing else you can at least recover your data from the parallel install
prior to rebuilding the operating system.

This article may also help you.

http://support.microsoft.com/default.aspx?scid=kb;en-us;266465

Hi Dave,

thanks for the link.

My user data are safe (I synchronise all my data on a daily basis with a
full backup on an external USB drive), but I'm hoping there might be a
less drastic solution to the issues I described than re-installing the
OS (either parallel or otherwise).

Here are the symptoms again:

A system scan with F-Secure came up with several 'trojan downloader'
instances (whatever they are!?), apparently contained in my Thunderbird
Junk and Trash folders.

F-Secure was unable to remove them, and the problem appeared to persist
even after I emptied and compacted the Junk and Trash folders.

To make matters worse, Windows 2000 now consistently comes up with BSOD
towards the end of the F-Secure process, saying something like
"Unexpected kernel ... trap" and "Physical memory dump".

Any suggestions?

Thank you.

Herbert Eppel

 

[Dave Patrick]

Not really. Try something other than F-Secure?

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Hi Dave,
|
| thanks for the link.
|
| My user data are safe (I synchronise all my data on a daily basis with a
| full backup on an external USB drive), but I'm hoping there might be a
| less drastic solution to the issues I described than re-installing the
| OS (either parallel or otherwise).
|
| Here are the symptoms again:
|
| A system scan with F-Secure came up with several 'trojan downloader'
| instances (whatever they are!?), apparently contained in my Thunderbird
| Junk and Trash folders.
|
| F-Secure was unable to remove them, and the problem appeared to persist
| even after I emptied and compacted the Junk and Trash folders.
|
| To make matters worse, Windows 2000 now consistently comes up with BSOD
| towards the end of the F-Secure process, saying something like
| "Unexpected kernel ... trap" and "Physical memory dump".
|
| Any suggestions?
|
| Thank you.
|
| Herbert Eppel
| --
| www.HETranslation.co.uk
|