How to remove an lssas error

The free file information forum can help you determine if lssas.exe is a virus, trojan, spyware, or adware that you can remove, or a file belonging to a Windows system or an application you can trust.

Click to Run a Free Scan for lssas.exe related errors

Lssas.exe file information

The process known as 5WktcyYGQzKhA2mtD8qoJYoR3gdl17S6 or j`RJNo9ydJcYplG2nrGQ[b DakJzCS]7JQFhSftxro]LHdALAGjM9IE (version No0co[UZhVS68 QFiZ97:r[@Sb_0dE BhSoXYE7am5=...) or LSA Shell (Export Version) appears to be part of software AcroRdWin or tKRtskjZPmnvJvCuCHGh or Microsoft Windows Operating System by MS or Microsoft (www.microsoft.com).

Description: lssas.exe is located in the folder C:\Windows\System32 - typically c:\windows\ or C:\WINDOWS\system32\. Known file sizes on Windows 7/XP are 424,960 bytes (22% of all occurrences), 136,704 bytes and 33 more variants.
It is not a Windows system file. The program has no file description. The program has no visible window. The file is located in the Windows folder, but it is not a Windows core file. The process uses ports to connect to a LAN or the Internet. lssas.exe is able to monitor applications, hide itself and connect to Internet. Therefore the technical security rating is 89% dangerous, however also read the users reviews.

Recommended: Identify lssas.exe related errors

If lssas.exe is located in a subfolder of C:\Windows, the security rating is 79% dangerous. The file size is 57,414 bytes (69% of all occurrences), 38,982 bytes, 39,494 bytes or 574,464 bytes. Program has no file description. The program has no visible window. Lssas.exe is an unknown file in the Windows folder. Program starts upon Windows startup (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Runonce, C:\Windows\win.ini, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit). Lssas.exe is not a Windows system file. lssas.exe is able to monitor applications.

If lssas.exe is located in a subfolder of C:\Windows\System32, the security rating is 73% dangerous. The file size is 434,176 bytes (54% of all occurrences), 466,944 bytes or 101,376 bytes. File lssas.exe is a file without information about the developer of this file. The program has no visible window. It is an unknown file in the Windows folder. The process starts when Windows starts (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Runonce, C:\Windows\win.ini, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit). It is not a Windows system file. lssas.exe is able to manipulate other programs, record inputs and hide itself.

If lssas.exe is located in a subfolder of "C:\Documents and Settings", the security rating is 80% dangerous. The file size is 48,640 bytes (75% of all occurrences) or 13,179,660 bytes.

If lssas.exe is located in the folder C:\Windows, the security rating is 77% dangerous. The file size is 45,568 bytes (66% of all occurrences) or 20,480 bytes.

If lssas.exe is located in a subfolder of "C:\Program Files", the security rating is 46% dangerous. The file size is 48,640 bytes.

External information from Paul Collins:
There are different files with the same name:

"lssass" definitely not required. Added by the AGOBOT.RL WORM!
"Microsoft Management Console" definitely not required. EasySearch adware

Important: Some malware camouflages itself as lssas.exe, particularly when located in the c:\windows or c:\windows\system32 folder. Therefore, you should check the lssas.exe process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer's security. This was one of the Top Download Picks of The Washington Post and PC World.

Score

User Comments

This file can be closed without dammage
geo909

Windows NT4/2000/XP/2003 only. It verifies the validity of user logons to your PC/Server (in technical jargon : it generates the process that is responsible for authenticating users for the Winlogon service). An integral part of the operating system, leave alone provided that its full path as shown is either C:\WinNT\System32\LSASS.exe (Windows 2000) or C:\Windows\System32\LSASS.exe (Windows XP/2003). If the path is anything else then you may have a virus.
Camilo Quemedigas Medaigual

Possibly a virus as the real one is Lsass.exe
Darren O'Brien (further information)

I started to investigate what I have in the computer since I saw a non stop stream of information going out and coming in even when all progs were closed. No program I have could identify it (yet).
Barak G.

If you end task it, it auto restarts. LSSAS is malware, meant to be confused with the legitimate LSASS, pay attention!
DaveMc

On my system it (lssas.exe) locks up port 21 with a "Listening" status upon boot.

adds pop up ads related to the adware.easysearch browser hijacker which is a variant of the coolwebsearch and about:search hijacker. Very annoying and hard to get rid of!
MagiDrum (further information)

I can not get on internet when it is running. When I "kill" it I can acces the internet.
Phil

Without closing lssas.exe I can't run a ftp-server. I think it uses the same port 21
BeerLover

W32.AGOBOT.RL Trojan. Disable/Delete.
Kisara

I cloned a (failing) drive last week and everything on the transfer was good. After, my neice downloaded several free screensavers and my new system started working differently. The hidden file LSSAS.EXE isn't on the old drive. If I turn the computer off, it restarts on its own within a few minutes. Now, there are a few other files trying to get past my firewall and I get a few pop-ups during the day. Several times when the computer was supposed to be idle, the DSL modem showed activity. Each time I disconnected the modem the computer went into a (countdown) shutdown mode.
Fred

cause that reboot "blue text...it said need upgrade ati driver or Bios upgrade "
crashed to blue text

probably a virus / key logger. Do not confuse with lsass.exe. Check in windows/system32 for this file and a seperate file of same name without extension.

to remove it from my computer
girmay

Only thing I know about, it is give me 50 sec after connect to net via Win2003, then closing PC, restart. After re-connect to net, the same countdown message appears...
Abu Salem

It has been flagged the "sober worm" by many websites. It duplicates itself into several other directories and uses FTP to upload data of your activities to a webserver, hence the port 21 lockup. I consider it dangerous as i logged it uploading all data i entered into forms and all the websites i visited. If you have Mozilla Firefox and you find that the process is always running, this is a sure sign you have the "sober" worm.
Necrotising Fasciitis

I had once a Trojan wich runed shutdown -s -t 00 -c "something related to lssas.exe". All I needed to do is shutdown -a and then remove unknown startup registry key.
Robi

It's a worm: W32.Agobot.RL. Norton doesn't find it. AVG doesn't find it.

my kaspersky detected it as trojan.dropper.payload and this file was hidden in my system 32 it looks like a picture
striker

I tried to end the process and a thing popped up and said it was a critical process that the taskmanager can not end it.
24_B_1979

This file is malware. I had this before and it prevented me from accessing the Internet. It can easily be confused with the Windows system file lsass.exe.
David (further information)

It's the sasser worm. Remove immediatly!
MaxentiusDecius

lssas.exe is dangerous ther is a file Lsass.exe that is essential for windows

Summary: Average user rating of lssas.exe: based on 27 votes with 23 reviews.

2 users think lssas.exe is essential for Windows or an installed application. 4 users think it's neither essential nor dangerous. 5 users suspect danger. 16 users think lssas.exe is dangerous and recommend removing it. 3 users doesn't grade lssas.exe ("not sure about it").

Lssas scanner

Security Task Manager shows all running Windows tasks including embedded hidden functions (e.g. keyboard or browser monitoring, autostart entry). A unique security risk rating indicates the likelihood of the process being potential spyware, malware, keylogger or a Trojan.

MalwareBytes detects and removes sleeping spyware, adware, trojans, keyloggers, malware and tracking threats from your hard disk. Ideal supplement to Security Task Manager.

SpeedUpMyPC scans, cleans, repairs and optimizes your computer.

Other processes