Disagree with this determination?
LSASS.EXE
Cloaked MalwareYour PC is infected. The file called LSASS.EXE is considered unsafe and there may be other infections on your PC.
You should urgently check your PC and remove any malicious software including LSASS.EXE as soon as possible. The free version of Prevx 3.0 will scan your PC for millions of spyware and malware infections in less than 2 minutes. Don't put your confidential data, or your identity at risk, check your PC now with Prevx 3.0.
Associated Malware Groups
The filename is associated with the malware group:
- Cloaked Malware
File Behavior
LSASS.EXE has been seen to perform the following behavior:
- Executes a Process
- Adds a Registry Key (RUN) to auto start Programs on system start up
- This process creates other processes on disk
- Can communicate with other computer systems using HTTP protocols
LSASS.EXE has been the subject of the following behavior:
- Executed as a Process
- Created as a process on disk
- Executed from Temporary Folders
- Added as a Registry auto start to load Program on Boot up
- Has code inserted into its Virtual Memory space by other programs
- Registered as a Dynamic Link Library File
- Created as a new Background Service on the machine
Country Of Origin
The filename LSASS.EXE was first seen on Jul 22 2008 in the following geographical regions of the Prevx community:
- Spain on Jul 22 2008
- Portugal on Jul 22 2008
File Name Aliases
LSASS.EXE can also use the following file names:
- 59993043.EXE
- 69413502.EXE
- 72029959.EXE
- 19646675.EXE
- FOTOS.EXE
- POSTAL.EXE
Filesizes
This file has been seen with the following file size:
- 80,896 bytes
Vendor, Product and Version Information
A file with the name LSASS.EXE have been seen to have the following Vendor, Product and Version Information in the file header:
- sony; ; 1.00
File Type
The filename LSASS.EXE refers to an executable program.
File Activity
One or more files with the name LSASS.EXE creates, deletes, copies or moves the following files and folders:
- create folder C:\Program Files\Microsoft Studio Files
- Creates c:\program files\microsoft studio files\vcdg.bat
- Creates c:\program files\microsoft studio files\lsass.exe
- Creates c:\program files\microsoft studio files\ftnn987.ko
- Creates c:\program files\microsoft studio files\svchost.exe
Registry Activity
One or more files with the name LSASS.EXE creates or modifies the following registry keys and values:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run lsass C:\Program Files\Microsoft Studio Files\lsass.exe
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List C:\Program Files\Microsoft Studio Files\lsass.exe C:\Program Files\Microsoft Studio Files\lsass.exe:*:Enabled:Session Win32
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List C:\Program Files\Microsoft Studio Files\lsass.exe C:\Program Files\Microsoft Studio Files\lsass.exe:*:Enabled:Session Win3