English | Deutsch


How to remove an lsass error


The free file information forum can help you determine if lsass.exe is a virus, trojan, spyware, or adware that you can remove, or a file belonging to a Windows system or an application you can trust.

Click to Run a Free Scan for lsass.exe related errors


Lsass.exe file information

The process known as LSA Shell (Export Version) or Local Security Authority Process or LSA Shell or Generic Hosts for WinService or Userinit Logon Application or Stub Application or AVP - spyware removal module or (xpclient.010817-11489)

belongs to software Microsoft Windows Operating System or IPSEC Services, Protected Storage, Security Accounts Manager or symantex or symdfsdf or update or CNG Key Isolation, Security Accounts Manager or worm2007 or fdgdfgdfg

by Microsoft (www.microsoft.com) or MskSoftStudy or Microsoft Windows Operation System or noOrg (www.noorg.org) or AceSoft Corp all rights reserved or IT University or s708051Jm103533QSt619382493o or Jznof.

Description: lsass.exe is located in the folder C:\Windows\System32. Known file sizes on Windows 7/XP are 13,312 bytes (89% of all occurrences), 11,776 bytes and 11 more variants. http://www.file.net/process/lsass.exe.html 
The program is not visible. Lsass.exe is a trustworthy file from Microsoft. The application uses ports to connect to a LAN or the Internet. Therefore the technical security rating is 10% dangerous, however also read the users reviews.

Recommended: Identify lsass.exe related errors

Viruses with the same file name

Is lsass.exe a virus? No, it is not. The true lsass.exe file is a safe Microsoft Windows system process, called "LSA Shell". However, writers of malware programs, such as viruses, worms, and trojans deliberately give their processes the same file name to escape detection. Viruses with the same file name are e.g. P2P-Worm.Win32.Agent.ajy or Trojan-Downloader.Win32.Alphabet.bp (detected by Kaspersky), and Trojan:Win32/Dursg.C or Worm:Win32/Koobface.A (detected by Microsoft).
To ensure that no rogue lsass.exe is running on your PC, click here to run a Free Malware Scan.

How to recognize suspicious variants? If lsass.exe is located in a subfolder of C:\Windows, the security rating is 80% dangerous. The file size is 253,952 bytes (11% of all occurrences), 225,280 bytes and 133 more variants. The file is not a Windows core file. The program is not visible. Lsass.exe is an unknown file in the Windows folder. The program starts upon Windows startup (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command, C:\Windows\win.ini, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices). Program has no file description. The program listens for or sends data on open ports to a LAN or the Internet. lsass.exe is able to record inputs, monitor applications, hide itself and manipulate other programs.

If lsass.exe is located in a subfolder of "C:\Documents and Settings", the security rating is 62% dangerous. The file size is 229,621 bytes (4% of all occurrences), 29,696 bytes and 118 more variants. The file is not a Windows system file. The program has no visible window. The file is a file without information about the developer of this file. The process starts when Windows starts (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command, C:\Windows\win.ini, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices). lsass.exe is able to monitor applications and manipulate other programs.

If lsass.exe is located in the folder C:\Windows, the security rating is 79% dangerous. The file size is 107,520 bytes (7% of all occurrences), 34,992 bytes and 92 more variants.

If lsass.exe is located in a subfolder of "C:\Program Files", the security rating is 58% dangerous. The file size is 94,208 bytes (6% of all occurrences), 110,592 bytes and 41 more variants.

If lsass.exe is located in a subfolder of C:\Windows\System32\drivers, the security rating is 44% dangerous. The file size is 29,696 bytes (59% of all occurrences), 24,724 bytes, 17,408 bytes or 138,752 bytes.

If lsass.exe is located in a subfolder of C:\Windows\System32, the security rating is 83% dangerous. The file size is 939,520 bytes (12% of all occurrences), 102,400 bytes and 31 more variants.

If lsass.exe is located in C:\, the security rating is 62% dangerous. The file size is 20,480 bytes (16% of all occurrences), 23,040 bytes and 20 more variants.

If lsass.exe is located in a subfolder of C:\, the security rating is 65% dangerous. The file size is 551,669 bytes (26% of all occurrences), 552,448 bytes and 17 more variants.

If lsass.exe is located in a subfolder of "C:\Program Files\Common Files", the security rating is 36% dangerous. The file size is 34,304 bytes (22% of all occurrences), 39,109 bytes and 6 more variants.

If lsass.exe is located in the folder C:\Windows\System32\drivers, the security rating is 76% dangerous. The file size is 32,768 bytes (40% of all occurrences), 238,173 bytes, 731,136 bytes or 15,360 bytes.

If lsass.exe is located in the Windows Temp folder, the security rating is 65% dangerous. The file size is 13,312 bytes (33% of all occurrences), 13,362 bytes or 217,088 bytes.

If lsass.exe is located in the "My Files" folder, the security rating is 64% dangerous. The file size is 187,392 bytes.

External information from Paul Collins:
There are different files with the same name:

  • "MicrosoftSourceSafe" definitely not required. Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!
  • "lsass" definitely not required. Added by the RATSOU.B TROJAN! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!
  • "Microsoft UPDATER32" definitely not required. Added by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!
  • "System Handler" definitely not required. Added by the NIMOS WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!
  • "Traybar" definitely not required. Added by the MYDOOM.L WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!

Important: Some malware camouflages itself as lsass.exe, particularly when located in the c:\windows or c:\windows\system32 folder. Therefore, you should check the lsass.exe process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer's security. This was one of the Top Download Picks of The Washington Post and PC World.



Score

User Comments

This file is not seen by me usually in my computer, but these days I am seeing it and it is using 100 % of CPU and system is very slow, I tried to end process it but I coudn't.
  Atif Malik  
This is a key part of a working windows system. The user opinions shown here illustrate clearly how following crowd sourced opinion can destroy your computer or worse!
  LetsBeSensible  
lsass.exe id fine but Lsass.exe is nto safe
  imyurhere   (further information)
Ok, just stop your commenting and listen to me! This is rated don't know because there are multiple types of this file. 2, to be precise. Before you think it is a virus, look for the symptoms. These are the symptoms: Adds the value: "avserve.exe"="%Windir%\avserve.exe" to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Use regedit to check this Creates a file at C:\win.log that contains the IP address of the computer that the worm most recently attempted to infect, as well as the number of infected computers. If none of these symptoms are on your computer, then it is not a virus. If so, you have the W32/Sasser.worm virus. If these affect your computer, you are almost screwed, and I don't know how to remove it, however I can tell you some handy advice. 1. The shutdown sequence can be aborted by pressing start and using the Run command to enter shutdown -a. This aborts the system shutdown so the user may continue what he or she was doing. 2. A second option to stop the worm from shutting down a computer is to change the time and/or date on its clock to earlier; the shutdown time will move as far into the future as the clock was set back.
  The answer to your problems  
As far as I know, with windows7, is that the lsass.exe file is also located in C:\Windows\winsxs....\ as well. The original post (top) says ONLY system32
  wantowan2  
im running xp sp2. my problem is that lsass.exe is failing to initialize. since it wont initialize all i get is a black screen and an error window stating that it wont initialize. would it be alright to just replace it with one from another computers with xp sp2? please email me at trainwreck995@yahoo.com
  kronos  
LSASS.EXE is now consuming over 1,270,000KB of memory! That's 1.27GB, and it's been rising the whole time I've been monitoring it this evening. RAM use for lsass.exe now stands at ,295,000KB. see if you need any help http://forums.techarena.in/operating-systems/1449911.htm#post5548238
  wintecher   (further information)
My firewall keeps warning that it wants access to the internet I have checked to keep it off permanently. I do not know what it will do.
  Bill R  
More comments can be found here:
    (further information)
Rating chart


Summary: Average user rating of lsass.exe: based on 682 votes with 9 reviews.
249 users think lsass.exe is essential for Windows or an installed application. 29 users think it's probably harmless. 127 users think it's neither essential nor dangerous. 81 users suspect danger. 196 users think lsass.exe is dangerous and recommend removing it. 70 users doesn't grade lsass.exe ("not sure about it").


Do you have additional information?
What do you know about lsass.exe: 
How do you rate it: 
Link for more info's: 
Your Name: 


Lsass scanner


Security Task Manager shows all running Windows tasks including embedded hidden functions (e.g. keyboard or browser monitoring, autostart entry). A unique security risk rating indicates the likelihood of the process being potential spyware, malware, keylogger or a Trojan.

Spyware Doctor detects and removes sleeping spyware, adware, trojans, keyloggers, malware and tracking threats from your hard disk. Ideal supplement to Security Task Manager.

SpeedUpMyPC scans, cleans, repairs and optimizes your computer.


Other processes


lsass.exe [all]