[CLOSED] lsass keeps returning

[Asger]

Hi

For some weeks every time my computer starts, Panda Antivitus free gives two warnings:

c:\windows\system32\config\systemprofile\a internet files\content.ie5\lsass[1].exe

c:\windows\temp\lsass.exe


Now, I know that lsass.exe is a system file when placed directly in the folder windows\system32 - but as you can see it is not.

Every day I tell Panda to neutralise it; it does and that's that. There is no lsass or strange CPU-using tasks listed in task manager, so I assume Panda stops the trouble before it can do real damage.


But ... it is regenerated at every restart, and that is at the very least an annoyance.

I suspect wherever it came from it probably dumped some changes to my registry, because this seems to be an issue in much older descriptions of the sasser virus which I guess this is.

But I can find no up to date tools or guides to help remove it completely.


Can you help me out here?

[VirusBuster]

Have you tried running a full scan with the antivirus?
Try also running a scan with Panda Cloud Cleaner

[Asger]

Hi VirusBuster


Thank you for the reply.

Yes, I have performed a full scan. After removing the the "lsass" ocurrences found at start-up nothing more is found.

I have tried a registry clean with CCleaner, and have also performed a full scan with malwarebytes antimalware.

What I need is to identify and remove the traces that cause the infection to regenerate.


Is Panda Cloud Cleaner my best option for this? I had rather hoped the problem was known and that a specific fix would be at hand.

Best,

Asger

[VirusBuster]

Run a scan with Panda Cloud Cleaner in "Trusted Boot Mode" (advanced options) and let us know the results

[VirusBuster]

Closed due to lack of response
TOPIC CLOSED