Process/task name: Local security authentication server
lsass.exe is a Microsoft Windows system process. It is responsible for local security and authentication policies for system users.
There are registries of malicious programs that use the same name to go unnoticed.
We have logs from other processes using the same filename:
• File: lsass.exe – Name: .WMAudio
The lsass.exe file and task is usually started together with Windows under the name of .WMAudio and the lsass.exe file or command.
Process added by the malicious program named WEBUS.B TROJAN!
Note: not to be confused with the legitimate file of the same name lsass.exe process
More information: http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99
http://searchtasks.answersthatwork.com/tasklist.php?File=lsass.exe.
Tip: The lsass.exe process/program should NOT be started alongside the system. It can be a threat to system security.
• File: lsass.exe – Name: Audio Driver
The lsass.exe file and task is usually started together with Windows under the name Audio Driver and the lsass.exe command or file.
Detected by Malwarebytes Anti-Malware security program as backdoor-type malware named Backdoor.Agent.E.
Note: Not to be confused with the legitimate file of the same name lsass.exe which is always located in the %System% folder.
Instead, this malicious process/file is located in the %CommonFiles% folder
More information: http://searchtasks.answersthatwork.com/tasklist.php?File=lsass.exe
https://totalhash.cymru.com/analysis/711ee2139d39163479de09e46ddf1c8f35615a02.
Tip: The lsass.exe process/program should NOT be started alongside the system. It can be a threat to system security.
• File: LSASS.EXE – Name: Lsass
The LSASS.EXE file and task is usually started together with Windows under the name of Lsass and the command or file LSASS.EXE.
Detected by Sophos security software as W32/Punya-B.
Note: Not to be confused with the legitimate file of the same name lsass.exe which is always located in the %System% folder.
Instead, this malicious process/file is located in the %LocalAppData%\WINDOWS folder
More information: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Punya-B.aspx
http://searchtasks.answersthatwork.com/tasklist.php?File=lsass.exe.
Tip: The LSASS.EXE process/program should NOT be started alongside the system. It can be a threat to system security.
• File: Lsass.exe – Name: Lsass
The Lsass.exe file and task is usually started together with Windows under the name of Lsass and the command or file Lsass.exe.
Detected by Sophos security program as W32/Alcop-B and also by Malwarebytes Anti-Malware as the malicious Trojan named Trojan.Agent.
Note: This is not the legitimate Windows file named lsass.exe which is always located in the folder in %System%.
Instead, this malicious file is located in the %Windir% folder.
More information: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/W32~Alcop-B.aspx
http://searchtasks.answersthatwork.com/tasklist.php?File=lsass.exe.
Tip: The Lsass.exe process/program should NOT be started alongside the system. It can be a threat to system security.
• File: lsass.exe – Name: Microsoft Lsass Manager
The lsass.exe file and task is usually started together with Windows under the name of Microsoft Lsass Manager and the lsass.exe file or command.
It is added by a variant of the SDBOT WORM! malware, a worm-like malware or malware that needs to be urgently removed from the PC.
Note: not to be confused with the legitimate file of the same name lsass.exe
More information: http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=100454
http://searchtasks.answersthatwork.com/tasklist.php?File=lsass.exe.
Tip: The lsass.exe process/program should NOT be started alongside the system. It can be a threat to system security.
• File: lsass.exe – Name: Microsoft UPDATER32
The lsass.exe file and task is usually started together with Windows under the name of Microsoft UPDATER32 and the lsass.exe file or command.
Added by RANDEX.AR WORM!, a worm-like malicious program that must be removed.
Note: This is not the legitimate Windows file named Lsass.exe.
More information: http://www.symantec.com/security_response/writeup.jsp?docid=2003-111910-2515-99
http://searchtasks.answersthatwork.com/tasklist.php?File=lsass.exe.
Tip: The lsass.exe process/program should NOT be started alongside the system. It can be a threat to system security.
• File: lsass.exe – Name: none2
The lsass.exe file and task is usually started together with Windows under the name of none2 and the lsass.exe file or command.
Detected by Dr.Web security program as Win32.HLLW.Autohit.14914 and also by Malwarebytes Anti-Malware as the malicious Trojan named Trojan.Agent.E.
Note: This is not the legitimate Windows file named lsass.exe which is always located in the folder in %System%.
Instead, this malicious file is located in the %Windir% folder.
More information: http://vms.drweb.com/virus/?i=3803005
http://searchtasks.answersthatwork.com/tasklist.php?File=lsass.exe.
Tip: The lsass.exe process/program should NOT be started alongside the system. It can be a threat to system security.
• File: lsass.exe – Name: System Kernel
The lsass.exe file and task is usually started together with Windows under the name System Kernel and the lsass.exe file or command.
Process added by the malware named VBBOT-G TROJAN!
Note: Not to be confused with the legitimate file of the same name lsass.exe which is always located in the %System% folder.
Instead, this malicious process/file is located in the %Windir% folder
More information: http://www.sophos.com/security/analyses/viruses-and-spyware/trojvbbotg.html
http://searchtasks.answersthatwork.com/tasklist.php?File=lsass.exe.
Tip: The lsass.exe process/program should NOT be started alongside the system. It can be a threat to system security.
• File: LSASS.exe – Name: ToP
The LSASS.exe file and task is usually started together with Windows under the name of ToP and the LSASS.exe file or command.
Process added by the malicious program named WOWCRAFT.C TROJAN!
Note: Not to be confused with the legitimate file of the same name lsass.exe which is always located in the %System% folder.
Instead, this malicious process/file is located in the %Windir% folder
More information: http://www.symantec.com/security_response/writeup.jsp?docid=2006-012418-0655-99
http://searchtasks.answersthatwork.com/tasklist.php?File=lsass.exe.
Tip: The LSASS.exe process/program should NOT be started alongside the system. It can be a threat to system security.
• File: lsass.exe – Name: Traybar
The lsass.exe file and task is usually started together with Windows under the name Traybar and the lsass.exe file or command.
Detected by Symantec security program as and also by Malwarebytes Anti-Malware as Trojan-like malware named Trojan.Agent.
Note: Not to be confused with the legitimate file of the same name lsass.exe which is always located in the %System% folder.
Instead, this malicious process/file is located in the %Windir% folder
More information: http://www.symantec.com/security_response/writeup.jsp?docid=2004-071915-0829-99
http://searchtasks.answersthatwork.com/tasklist.php?File=lsass.exe.
Tip: The lsass.exe process/program should NOT be started alongside the system. It can be a threat to system security.
Do you want to know if lsass.exe is a virus or malware? See: Is lsass.exe a virus?
Errors or problems with the lsass.exe file?
Write to us and we will reply as soon as possible. IMPORTANT: remember to say the version of your operating system, the time and/or place where the error appears, and any other information that you think is relevant to help find the solution.