sasser process names:

  ayrmail 17:18 16 May 2004
Locked

Is lsasss.exe the same as lsass.exe or is this just how this virus hide its self by using very similar names to actual system process.

  Diodorus Siculus 17:25 16 May 2004

Lsass.exe is different to Isass.exe

(the first is L; the second an uppercase i).

the L is the valid system file as far as I remember.

  spuds 17:29 16 May 2004

Here's a virus information site, which covers a good range of virus's and other facts.Possibly worth a look in the A-Z listings click here

  ayrmail 17:33 16 May 2004

The one you thought was an upper case I is a lower case l and it appears in the processes area of task manager the other from a web page telling you that this is what to look for. The difference between them is one extra s.

  ayrmail 18:02 16 May 2004

.

  bertiecharlie 18:16 16 May 2004

Lsasss.exe is the W 32 Sasser.E.Worm.

Lsass.exe is the Local Security Authentification Server.

  bertiecharlie 18:44 16 May 2004

You are right to think that certain viruses will hide themselves by using process names similar to legitimate processes. Some will use the exact name and to be sure a process is legitimate you need to check the file path.

For example : The W32.Nimos.Worm "hides" as Lsass.exe. The only way to be 100% sure of Lsass.exe is to check the filepath is C:\Windows\System32\Lsass.exe

  ayrmail 20:53 16 May 2004

Thanks

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

Turn a photo into 16-bit pixel art

iMac Pro release date, UK price & specs

Comment suivre le parcours du père Noël ?