Removal of lsass. exe 'cloaked malware'

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by gnrman92, Jul 16, 2008.

  1. gnrman92

    gnrman92 Private E-2

    Today, while online, software Prevx CSI notified me that i have a cloaked malware. it is called lsass .exe (with a space) not to be mistaken with lsass.exe, the REAL sytem process.

    it is located in C:\Windows\System32\Event Agent\lsass .exe
    When I go to Windows Explorer, System32 doesnt even exist for some reason.

    How do I get rid of this malware, lsass .exe. it seems to use up alot of memory, more and more every day and is slowing down my computer. Thank you.
     
    gnrman92, Jul 16, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

    READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Jul 16, 2008
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds