HELP! Cannot find/remove lsass.exe

[dementia13]

Hello all,

I've been going out of my mind these past two hours trying to get rid of this bug.

It seems that "mcl768" found a solution to the problem, however it isn't working for me entirely:

http://www.msfn.org/board/index.php?showto...=0entry413195

You see, the thing is when I find "lsass.exe" with the process manager, I can see that there are two running. Also, I know that one is the bug because it doesn't have anything under the description, and under the path it shows that it is in C:\WINDOWS.

However, the problem is that I can't find it in C:\WINDOWS! Yes, I made sure to activate the thing in Folder Options where I can view all hidden files. And yes, I am searching for "lsass.exe" spealt both with a "L" and an "I".

I really don't know why I can see it in the process manager, and in the default windows one (without a path) but I cannot see in in the WINDOWS folder OR find it when I search.

In the process manager I right-clicked and saw the following:

Path: C:\WINDOWS\lsass.exe

Command Line: "C:\WINDOWS\lsass.exe"

Current Directory: C:\WINDOWS\System32

Why would it list it under the Windows folder for the other two, but then for the "current directory" say that it is in System32? Is this **** thing masking itself somehow? I really have no idea what to do here, the stupid bug is making these dumb files (usbdr.exe and IELower.exe) which keep me from using the internet. Any help would be greatly appreciated.

Thanks!

[dementia13]

Hrm... I may have found a partial solution, but it's not a very good one.

Basically I restarted my computer and opened up Process Explorer right away, then as soon as "Isass.exe" popped up I right clicked and "Suspended" it. This caused it to go grey in Process Explorer and it seems that it has in fact been suspended.

However, I still cannot find a way to recgonzie that it is in C:\WINDOWS or to remove it, and given that I don't want to have to "suspend" it every time I turn on a computer, I'm still looking for suggestions.

Hm... maybe I should just always leave my computer on? Until I decide to reformat?

[cluberti]

Have you run msconfig to disable it's startup item? Sounds like malicious code, and a good A/V scanner should fix it. This is the sort of thing safe mode with networking was made for . You could also use the recovery console to view the file on the hard disk - boot from the installation media and run the recovery console. This gives you access to the hd without Windows running, so you can delete the file that way.

Edited November 9, 2005 by cluberti

[dementia13]

I looked through msconfig but couldn't find anything suspicious or anything that seemed like it is what was starting this thing.

Since I last posted I downloaded the AVG anti-virus program and am running a full scan now, so far it seems to be doing a better job than either Norton, Ad-Aware, or Adsgone.

Just now I see that it's found the Isass.exe file and in the proper location, C:\WINDOWS. I only hope that when I'm done the scan it will be able to delete it properly.

It seems that I picked the thing up when I downloaded a copy of Alochol 120% through bit torrent...

Thanks for the suggestions, hopefully this AVG scan will fix everything up.

Luckily I'm calming down now. I'm sure you all know what it's like to suddenly find a virus that you just cannot remove; the panic, the desperation, the frustration. It always drives me nuts. For the time being, I think I've got the thing beat. If AVG fixes it, I'll make sure to post back here for posterities sake - I know that google helped lead me here in the first place and if I can help some other poor souls I'd be happy to.

[dementia13]

Fixed!

This AVG anti-virus program is excellent, I'd highly recommend it. Best of all, it's free!

http://free.grisoft.com/doc/1

Somehow it recognized the "Isass.exe" file and deleted it upon a reboot; it also picked up a few others I didn't even know were there.

Good-bye Norton, good-bye Ad-Aware, hello AVG!

Thanks all!