I’ve got an Win32:Trojan-gen {Other} in lsass.exe I’ve read many topics, however I haven’t seen the real solution for removing this from my computer with Avast…
Could anybody help me?
Now this virus is in quarantine. Is it enough? Will it effect to my system? Or is it false alert?
It is certainly not a false alert based on the VT results.
It is fine in the chest, it can do no harm in there and if it were a true system file you would know about it.
lsass.exe is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies. This program is important for the stable and secure running of your computer and should not be terminated.
You don’t mention the path to this particular lsass.exe, e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.
It is a common trick to use the name of a valid system file but put it in a different location, so you see why I ask about its location.
Because of the malware names of the VT results and the quotes below, it would be wise to do some other scans.
Note: lsass.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.
Note: lsass.exe is registered as a downloader. This process usually comes bundled with a virus or spyware and its main role is to do nothing other than download other viruses/spyware to your computer. This process is a security risk and should be removed from your system.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
Run the first and report the findings (hopefully we can check it and see if you need to do anything else) then running the second and report the findings.
as DavidR said - when the file is named lsass.exe, then it’s good to know where the file was located (a full path, if possible)… other steps are depending on the current state of your machine… can you see any unusual behavior of your PC? maybe it would be good to run a HiJackThis scan and post the log here…
First of all, thank you very much for your quick reply. This lsass.exe what I mentioned and checked with VT is placed: windows/Cursors/lsass.exe. On the afternoon I gonna check with HiJack and Avast log for the path. I use XP64PROF SP1. How can I decide that it is a downloader or a trojan? Is it a malware or a virus? Anyway when I’m going to home I’ll check your suggestions!!!
Thanks, guys! And pls check this topic on this evening again:-)
That is most certainly a strange place for that file, so is highly suspicious, even before the VT results confirmed the avast detection as good.
I don’t believe you have to decide if it is a trojan or a downloader as you can have a trojan which is a downloader. The process is the same for either, you need to take the additional actions I mentioned, e.g. the other scans and a hijackthis log mentioned by Maxx.