Jump to content



Recommended Posts


I just scanned my computer with with Malaware bytes after getting popups saying my computer was infected (rouge spyware it seems). The scan picked up the following:

Trojan.Agent C:\Users\Julie\Appdata\Roaming\Microsoft\Windows\lsass.exe

Trojan.Agent HKEY_CURRENT\USERS\Micorsoftwindows\CurrentVersion\Run\Isass Service (Data: C:\Users\Julie\Appdata\Roaming\Microsoft\Windows\lsass.exe)

After deleting these, I realized that lsass.exe is a Windows Security Mechanism. Should I restore these Quarantined Items?

Thanks in advance.

Link to post
Share on other sites

  • Staff


This is no false positive. The legitimate lsass.exe is not targeted here (which is present in your system32 folder), it's a trojan present in your C:\Users\Julie\Appdata\Roaming\Microsoft\Windows here.

Also see here: http://vil.nai.com/vil/content/v_229703.htm

Other scanners may call is Buzus.

In either way, do not restore from quarantine.

Link to post
Share on other sites

  • 2 months later...

Hi. I have AVG and when I start up my computer, the AVG Firewall keeps saying "Application is trying to access the internet"

Do you wish to allow this communication?

Do you wnat to block it?

Application Info


Company: unknown

Local address Local computer:49162

Remote address

Connection TCP

Direction: Out

Process ID 2492

I cannot find any application called "info" on my computer and when I follow the file path, it doesn't exist.

A full scan with AVG doesn't flag anything up.

Is this a virus or a legitimate part of the system?

I'm using Vista 32 bit.


Link to post
Share on other sites

  • Staff


This is no false positive and is malware as the genuine lsass.exe is present in your system32 folder and not in your application data folder.

Please scan with malwarebytes and let it remove it, because malwarebytes is able to detect and delete this variant.

If you need additional help/guidance + to find out if there's more malware lurking there, do the following:

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.

  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review

  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.