Some of you have requested we post an article on the Lsass.exe process – hope this helps!
What is lsass.exe?
“lsass.exe” is the Local Security Authentication Server. It verifies the validity of user logons to your PC or server. Lsass generates the process responsible for authenticating users for the Winlogon service. This is performed by using authentication packages such as the default, Msgina.dll. If authentication is successful, Lsass generates the user’s access token, which is used to launch the initial shell. Other processes that the user initiates then inherit this token.
Lsass.exe has been infected in the past
The Sasser worm exploited a vulnerability in LSASS to spread via a remote buffer overflow in computers running Microsoft Windows XP and Windows 2000. The worm is particularly potent in that it can spread without any interaction with humans, nor does it ‘travel by email’ like many other worms.
Should the lsass.exe program end, for example, by the Sasser worm’s effects, then a countdown timer will appear on the screen, advising the user to save his work and close all programs before Windows shuts down. Read more…
A few have requested this be posted as a fix so here you go…
Trojan.Zlob.G is another invention of Perfect Defender 2009 developers, that helps them to scare computer users and trick into installing and purchasing licensed version of Perfect Defender 2009. In fact Trojan.Zlob.G is imaginary application, main purpose of which is to mislead computer users. Usually Zlob or Vundo Trojan displays security alerts stating that your computer is seriously infected with Trojan.Zlob.G and your data and privacy are in danger. If you click on that alert you will be redirected to Perfect Defender 2009 download page.
Download SUPERAntiSpyware from http://www.superantispyware.com/ or AdAware from http://www.lavasoft.com/products/ad_awar… both are best at removing these Trojans…
How to remove Trojan.Zlob.G manually:
It’s possible to remove Trojan.Zlob.G manually, but you have to be very experienced in dealing with registry entries, program files and .dll files.
The files to be deleted:
* pd.dll
* pdfndr.exe
* pdmonitor.exe
* PDInstall2009[1].exe
* %WINDOWS%\system32\drivers\svchost.exe
* %UserProfile%\Application Data\Google\ijdkq13324484.exe
Remove registry entries:
* HKEY_LOCAL_MACHINE\Software\Microsoft\Wi… Defender 2009
Please be careful because manual removal of Trojan.Zlob.G may seriously damage operational system and sensitive data. Also there is a big possibility of incomplete removal, because some files could be hidden and program could re-install itself after you delete files and registry entries. So I strongly recommend you to use automatic removal tool.
Recent Comments