wuaclt.exe & lsass.exe ok??

Discussion in 'Malware Help (A Specialist Will Reply)' started by azby50, Aug 30, 2008.

  1. azby50

    azby50 Private E-2

    hi Geeks,

    I delete processes:wuauclt.exe & lsass.exe using task mgr and they restart.
    is this ok??


    thanks,

    mark <attempting to wrangle control of his system>
     
    azby50, Aug 30, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Unless your goal is to break your PC, you should stop trying to delete things on your own. These are required/necessary Windows processes.

    What exactly is it that you are trying to do? Are you having malware problems? If so, what are the problems?
     
    chaslang, Aug 30, 2008
    #2
  3. azby50

    azby50 Private E-2

    Hi chaslang,

    I've recently completed housekeeping,disinfection & protecion
    following the Geeks recipe. Afterward, I noticed what seemed
    like an excessive amount of disk and internet activity while
    performing tasks that wouldn't require it. (paranoid??). This sent
    me to task mgr where I observed 43 active processes. Using
    ccclean and google searches I removed 13 which werent needed/wanted.
    With Processes trimmed to 30ish I observed processes loading and
    running. Some would remain, others would terminate. Google searchs
    on these files/processes:alg,jgs,acsd,wuauci,isass and some others
    resulted in conflicting opinions of their use/threat level. (It seems
    as though instilling fear generates income in this area?)

    My goal is to minimize the number of unnecessary tasks running
    in order to get the best performance possible from this aging
    laptop (hp pavilon ze5300 xp (sp3)).


    Any help would be greatly appreciated.

    Regards,

    mark
     
    azby50, Aug 31, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to be VERY careful with spelling.

    wuauclt is valid. wuauci is not valid.
    lsass is valid. isass is not valid.

    The others you mentioned are all valid. However you have to be careful where things are running from which is why Task Manager is of no use whatsoever. If lsass.exe is running from C:\Windows\system32 then it is valid as stated. If running from anywhere else, it is not valid. This is where your confusion is coming from and where the searches you are doing are misleading you.

    Run this Using MGtools and attach the requested MGlogs.zip file so I can see what is really running.
     
    chaslang, Sep 1, 2008
    #4
  5. azby50

    azby50 Private E-2

    Hi chaslang,

    attaching mgtools log.
     
    azby50, Sep 1, 2008
    #5
  6. azby50

    azby50 Private E-2

    attached mgtools logs

    I think

    mark
     

    Attached Files:

    azby50, Sep 1, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    All of your processes are legit.
     
    chaslang, Sep 1, 2008
    #7
  8. azby50

    azby50 Private E-2

    Thanks for the help.. See ya around the forums.

    Mark
     
    azby50, Sep 2, 2008
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.



    You should do the below now to remove what we installed:
    1. Go to add/remove programs and uninstall HijackThis.
    2. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    Also it would be a good idea to work thru the below
     
    chaslang, Sep 2, 2008
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds