“I have had my home systems attacked many times through the years, even once wit
ID: 3694542 • Letter: #
Question
“I have had my home systems attacked many times through the years, even once with the Lsass malware,” a reader said. “At that time a certified Microsoft technician helped me get rid of it. Since then my machines have been attacked by overly aggressive adware and spyware with strange popups and redirection of my homepage. Once I even had my machine infiltrated by a ‘performance improving’ and ‘antivirus program’ advertised on local TV, which acted much more like spyware. It took me several days to get rid of this memory hogging software. I had to eliminate or change Registry keys, eliminate certain suspicious, duplicated system files, rename malicious files before deletion and do some other ‘out of the box’ things before I could get rid of it. In recent years I have found it far preferable to run untrustworthy downloaded software on an OS installed on a VM like VMWare, to check what it will do to system files and to the Registry.”
(a) Conduct a research on the Lsass malware mentioned by this reader.
(b) Share your experience of removing malware where you had to use some out-of-the-box methods.
Explanation / Answer
a)
lsass is a local security authentication server. It verifies the validity of the user logon to your PC or servers. It is located in CWindowsSystem32. If it is not located then then it is definitely a virus which has to be removed.
b)
You can delete the virus by checking the processes spawn by the virus. This can be done by checking the .exe running on task manager. Once the task is seen we can open it's location on the drive and can safely remove the unwanted files and registry keys associated with that file.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.