Memory Leak - lsass.exe Missing REGKEYs

  A_J_C 20:45 08 May 2006
Locked

Every now and then my PC seems to have a few issues. This seems to be a memory leak issue regarding Lsass.exe and svchost.exe. I realise these are system processes and have been, in the past used by malware. However I regularly clean my machine and run anti malware programs. During the latest "attack" I was writing to a DVD and thought this was the reason for the slowdown. My CPU usage was topped out (100%) and lsass.exe appeared to be hogging most of that. I closed the DVD writer down and the "attack" continued. I opened regmon and filemon and lsass was being very repetitive:
RegMon:-
HKLM\SAM\SAM\DOMAINS\Account\Users\000003EF\V - Querying
HKLM\SECURITY\Policy\SecDesc\(Default) BUFFER OVERFLOW
...among others

FileMon:-
1. C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred SUCCESS Options: Open Sequential Access: All
2. OPEN C:\Documents and Settings\ Username>\Application Data\Microsoft\Protect\S-1-5-21-1384128032-3379435263-1629665760-1007\Preferred
3. C:\Documents and Settings\ Username>\Local Settings\Temp
...among others

Another thing I have noticed is where it is accessing in the registry (HKLM\SECURITY\Policy\SecDesc\) I can not see in regedit. Why is this surly regedit should not hide regkeys??

I have a high spec machine that in the most part runs fine but every now and then I have this issue. I have read about NT servers and the like having similar issues but not much on the Win XP Pro Platform. I do run a couple of programming environments and am wondering if this could be the issue is anyone else having a similar issue.

Any help would be great,

Cheers,
Alistair

  skidzy 22:48 08 May 2006

Hi Alistair

Dont think i can answer or solve your question,its a bit advanced for me.
I did come across this though that may give you a little more understanding of your problems.click here

Hope this can point you in the right direction.

Good luck

  johnnyrocker 23:24 08 May 2006

depends whether you have LSASS.SHELL EXPORT VERSION or lsass.exe, the first being a virus or the other way round but i think the first is correct



johnny.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

HP Envy x2 review: Hands-on

Iconic New York graphic designer Milton Glaser on his uplifting new subway posters

New iMac Pro release date, UK price & specs rumours

Comment suivre le parcours du père Noël ?