Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ctoothey, Feb 22, 2007.

  1. ctoothey

    ctoothey Private E-2


    This file..
    I had to delete it because it contained a trojan virus and now i am getting errors when windows starts up for me because it cannot start this file,..
    i checked in my startup in msconfig, and this file is listed twice.

    the location in msconfig says something about windows NT? if that means anything...

    I'm just wondering, is it safe to stop this from trying to startup and what it this file exactly? Could it be from the trojan i removed that was infecting it? therfore i really don't need it? if i do need it where would i get it from? i tried googling it and i got nothing.

  2. i-CONICA

    i-CONICA Private E-2

    lsass.exe is a legitimate part of the windows os, if you had it infected, you were right to delete it, btw, did you delete it from the dll cache too? so it cant replace its self?, anyway you just need to download lsass.exe from the internet, or preferably if you have another pc available, your friends pc or your other pc? if you do then just copy the file over, making sure you put a copy of the file in the dllcache folder here C:\windows\system32\dllcache\ the folder is hidden so its easier to just type or copy and paste that into the address bar of explorer, hope this helps, ps, do this in safe mode if you can, hit f8 just before windows loads :major i-CONICA:major
  3. Adrynalyne

    Adrynalyne Guest

    Look at the path. This was not a legitimate file.
  4. Adrynalyne

    Adrynalyne Guest

