As long as the I in Isass.exe It is alright. if it is a ! or a little i then it is a worm

Lsass.exe is a critical systems component for the Windows operating system. It is part of the security gateway through which Windows users access the operating system and their personal settings. It is also a file that has been targeted by viruses due to certain vulnerabilities. If your lsass.exe file is infected with the virus known as the Sasser Worm, you must remove the virus to restore your system to full functionality. You should not, however, simply delete lsass.exe.





Watch for symptoms of the Sasser Worm infection. These are easy to recognize; when a computer has this infection, Windows error messages pop up periodically with instructions to save work before Windows shuts down. These messages have countdown clocks on them, and when the countdown expires, the operating system reboots. This worm also creates error messages that say the program LSA Shell has encountered a problem and must close. If you do not see these messages, lsass.exe is functioning properly and should not be removed.





Purchase, download and install a reputable virus scan program if you do not already have one. Not all virus scan programs cost money; a link to a free virus scan program can be found in the resources section.





Launch your virus scan program and check for the latest software updates and virus definitions. The specific instructions for this vary from one software publisher to another, but it is usually very easy and is often an automated process by default.





Download the essential Microsoft security update related to this issue. A link to the relevant security bulletin can be found in the resources section. When you arrive at that site, find the operating system you use listed within the range of affected software and click the link next to that entry. Accept the download, and wait as the file automatically downloads and installs. You may be prompted to reboot your computer after this happens, but skip to the next step before you do.





Physically disconnect your computer from the Internet. If you connect through a cable, unplug it from the computer. If you connect through a wireless connection, turn off or remove the wireless adapter on your machine. Reboot the computer after you do this.





Launch your virus scan software and run a complete scan. Do not connect your computer to the Internet again until after the scan is complete.





Follow the recommendations of your virus scan software to handle any detected infections by deleting or quarantining them. After you've done this, you can reconnect your computer to the Internet with the confidence that the Microsoft security update and your virus scan software have removed the Sasser Worm from the lsass.exe file.



http://malware-virus-spyware-remover-tools.blogspot.com/

Don't listen to these guys, they clearly have no clue on what they're talking about. I am a developer at Microsoft so I know a thing or two about computers. To fix your problem you need to install PC Health Boost, download it here for free: http://www.pchealthcleaner.net



It's very light and it's the only antivirus/cleaner with a 99.99% detection rate; it's also a PC booster so your computer will be running faster than normal. Install it, hit run and problem solved. It shouldn't take you more than 5 minutes.

Hi, Akhilleus



There are 3 step to repair lsass.exe error



My friend had the same problem with you. I am sure your computer has registry problems.It is very easy to repair lsass.exe error. you just need 3 steps:



1: Download a registry cleaner and install it.

2: Open the registry cleaner and scan you computer for free.

3: Click fix button and you done.



Download the top lsass.exe error repair tool here:http://www.RepairErrorDiy.com/ttfix-lsass.exe_error-zz0001

Wow, I can't believe that nobody else has given you a strait-forward answer, to fix this error you should stop this process from ever starting up to do this follow my guide



1. In your normal account, (Be shure that you have an admin account!!!) press the Windows key on your keyboard and the R key at the same time, the "Run" box will appear and you well be able to type something in the box. Type in msconfig and press enter, you should get a window thats called system configurations



2. If you did get that window, go to the "Startup" tab, there should be a box inside that window listing programs that start up when your computer is turned on, programs with a box checked in are programs that start up when you turn on your computer.



3. Scroll down until you see isass.exe, uncheck it and then press apply on the bottom of the screen and then press ok,



4. The screen should close and then it should give you an option to reboot, REBOOT YOU COMPUTER!!!!!!!!!!!!



5. After you computer restarts and you log in you should see a box that say that you used the system configuration utility to make changes, click on the box that says don't show this message on startup, and then press ok.



6. Congrats!!!!!!! Now the process is prevented from staring up!!!!!!



Feel free to contact me for any information at espi_will@myspace.com





Your Friendly Neighborhood Hacker,







William Espinoza

lsass.exe is not a virus, it is a part of and comes with Windows XP/Vista/7 and is called the "Microsoft Local Security Authority Process".



Are you running Windows Vista and are able to run Command Prompt? You can use the "taskkill" command (sounds dangerous).



to use it, type:



taskkill /im (process name)

1.Close process: open Windows Task Manager( ctrl+Alt+Del), you will find only right click current user Isass.exe to close process is impossible together with the popup notes: this process cannot close because of the system process; so you should right click “task list”》task manager》click manu” View (V)”》select (S)…, then select ”PID” when popup box, then click “OK”. Find the image “LSASS.exe” and its user name is not “SYSTEM”, take notes of its PID number, then click “Start”》”run”, input “CMD”, and click “OK” to open DEVCON, input “ntsd-c q –p(PID), take my computer for instance, I should input “ntsd-c q –p 1132”.



2. Delete infected file; because all files need to delete most belongs to hidden files, you must setup all hidden files and system files to display files and display their extensional name; my computer》tools>folder option>view>select” display all hidden files and folders” and remove “recommend” of hiding all protected operation system files, then it will pop up warning, and select ”YES”, now all the hidden files will display to you. (note: after deleting virus, please recover the hidden files status to avoid deleting by mistake later)

　　Delete the following files:

　　C:NEWTRO FOLDER

　　C:Program FilesCommon FilesINTEXPLORE.pif

　　C:Program FilesInternet ExplorerINTEXPLORE.com

　　C:WINDOWSEXERT.exe

　　C:WINDOWSIO.SYS.BAK

　　C:WINDOWSLSASS.exe

　　C:WINDOWSDebugDebugProgram.exe

　　C:WINDOWSsystem32dxdiag.com

　　C:WINDOWSsystem32MSCONFIG.COM

　　C:WINDOWSsystem32 egedit.com

　　Right click D:, select “open” ( because the virus will automatically run by double click!), delete "Autorun.inf" and "command.com" under this dic directory.



3.Delete other rubbish info in Registry, here there are many writing process by this kind virus, if you don’t recover, lots of system performance may be damaged.

Change “regedit.exe” under Windows Directory into ‘regedit.com” and run, delete the following process:

　　HKEY_CLASSES_ROOT/WindowFiles

　　HKEY_CURRENT_USER/SoftwareVB and VBA Program Settings

　Check_Associations under HKEY_CURRENT_USER/Software/Microsoft/Internet/ ExplorerMain

　　HKEY_LOCAL_MACHINE/SOFTWARE/ClientsStartMenu/Internet/INTEXPLORE.pif

　ToP under HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersionRun

　　Change the default of HKEY_CLASSES_ROOT/.exe to exefile( the original is windowsfile)

　　Change the default of HKEY_CLASSES_ROOT/Applicationsiexplore.exe shellopencommand to　　"C:Program FilesInternet Exploreriexplore.exe" %1( the original is intexplore.com)

　　Change the default of HKEY_CLASSES_ROOT/CLSIDshellOpenHomePageCommand

　　to "C:Program FilesInternet ExplorerIEXPLORE.EXE"(the original is INTEXPLORE.com)

　　

Change the default of HKEY_CLASSES_ROOT ftpshellopencommand

　　And HKEY_CLASSES_ROOThtmlfileshellopennewcommand

　　to "C:Program FilesInternet Exploreriexplore.exe" %1

　　(the original are INTEXPLORE.com和INTEXPLORE.pif)

　　Change the default of HKEY_CLASSES_ROOT htmlfileshellopencommand and

　　HKEY_CLASSES_ROOT/HTTP/shellopencommand to

　　"C:Program FilesInternet Exploreriexplore.exe" –nohome

　　Change the default of HKEY_LOCAL_MACHINE/SOFTWARE/ClientsStartMenuInternet

　　to IEXPLORE.EXE.(the original is INTEXPLORE.pif)

　　Change back the extensional name of regedit to exe under windows directory, here the virus is cleaned totally, and the Registy also works well again. Please enjoy it! .

lsass.exe is normal

It depends

Malwarebytes in safemode?







rkill.exe first in safemode and therafter malwarebytes?