Lsass.exe Clones

lsass.exe is a legitimate windows system file/ process. If you search your hard disk for lsass.exe you may find its mention at C:\Windows\system32,  C:\Windows\system32\dllcache and C:\Windows\SoftwareDistribution\download\.. folders. If you take your mouse pointer over the filename, you will see a small tooltip that says 

In Folder: C:\Windows\System32
Description: LSA shell (Export Version)
Company: Microsoft Corporation
File Version: x.x.xxxx.xxxx
Date Created:x/x/xxxx x:xx AM/PM
Size: xxx KB

You will also see a process lsass.exe running in the task manager. Virus makers use this file name, usually they save it in different location other than the default, so that the user does not get suspicious after seeing the  process/es of this name running in the task manager. You will need to use special tools such as Windows Defender or Sysinternal's process explorer to find out the actual path of a process seen inside task manager.

 

 
Title Filter     Display # 
# Article Title Author Hits
1 Look alikes of Lsass.exe sanjay 490
 

Main Menu

Home
----Sections----
Harmful Files
Virus Removal
Trojan Removal
Worms Removal
Rogues Removal
Unwanted Apps
Removal Tools
Current News
----Articles----
Warning/ Disclaimer
Common Folders
Preventive Measures
Removal Instructions
Video Tutorials
----Site Info----
Sitemap
About/Contact
Privacy Policy
Search this site
FAQ

Subscribe to me on YouTube