Content deleted Content added
Citation bot (talk | contribs) Add: date. | Use this bot. Report bugs. | Suggested by Whoop whoop pull up | #UCB_webform 1460/3352 |
Prettier link to Sasser |
||
Line 5:
Forcible termination of {{mono|lsass.exe}} will result in the system losing access to any account, including NT AUTHORITY, prompting a restart of the machine.
Because {{mono|lsass.exe}} is a crucial system file, its name is often faked by malware. The {{mono|lsass.exe}} file used by Windows is located in the [[Directory (computing)|directory]] {{mono|%WINDIR%\System32}} and the description of the file is '''Local Security Authority Process'''. If it is running from any other ___location, that {{mono|lsass.exe}} is most likely a [[Computer virus|virus]], [[spyware]], [[Trojan horse (computing)|trojan]] or [[Worm (computing)|worm]]. Due to the way some systems display fonts, malicious developers may name the file something like {{mono|Isass.exe}} (capital "i" instead of a lowercase "L") in efforts to trick users into installing or executing a malicious file instead of the trusted system file.<ref>{{cite web|url=http://www.errorboss.com/exe-files/lsass-exe/ |title=The Best Way To Remove Lsass.exe Virus - Fix Lsass Process |date=23 December 2014 |publisher=Errorboss.com |access-date=2016-05-24}}</ref> The [[Sasser (computer worm)|Sasser worm]] spreads by exploiting a [[buffer overflow]] in the LSASS on [[Windows XP]] and [[Windows 2000]] operating systems.
==References==
| |||