A Microsoft Outlook email forum. Outlook Banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Outlook Banter forum » Microsoft Outlook Express Email Newsgroup » Outlook Express
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Why does email run Lsass.exe (ell, not cap eye)?



 
 
Thread Tools Search this Thread Display Modes
  #11  
Old October 1st 09, 01:39 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress,microsoft.public.windowsxp.general
o
external usenet poster
 
Posts: 161
Default Why does email run Lsass.exe (ell, not cap eye)?


"nate hudgen" wrote in message
...

"WhatsUp31415" wrote in message
...
When we[*] open a particular email in Outlook Express, it apparently
causes Lsass.exe (with ell, not eye) to run.

Any idea why?

It causes an alleged Norton Internet Security pop-up asking for
confirmation to allow Lsass.exe to access the Internet. (Actually, I
think it is to allow an incoming login request.) I say "alleged" because
the only choice is "allow always". It seems unusual to have only the one
choice, not also "disallow". That piques my suspicion.

When I look at the text of the message in plain ASCII (i.e. Message
Source), it looks benign to me. It does have an HTML part; but I do not
find any explicit reference to any EXE file, much less Lsass.exe. (I did
a Find in Notepad.) However, I do not know HTML very well; I might have
overlooked some other mechanism that would trigger a remote login
attempt.

(What should I look for?)

(Also, I was unable to look at the original mail headers because they are
stripped when OE forwards email .)

I know that isass.exe (usually cap eye) is considered to be a trojan
horse. But my understanding is that Lsass.exe (usually lowercase ell) is
a Windows service, namely the Local Security Authentication Server [sic],
according to some web pages.

We did a file search and confirmed that isass.exe (with eye) does not
exist, whereas Lsass.exe (with ell) does.

The system does have multiple user accounts; I assume that Lsass.exe is
invoked when we login. But I still do not understand what could cause an
incoming login request in that email.

FYI, the email is a legitimate response to email that we[*] sent. But
of course, that does not rule the possibility that the sender's system is
infected, and a trojan horse was attached to legitimate outgoing email.

Anyway, any thoughts would be appreciated. Namely:

1. Am I correct to be suspicious and to trash the email?

2. Or should I allow Lsass.exe to access the Internet?

3. And if #2, please let me know why; that is, what is going on?


[*] "We" is really my computer-illiterate mother. I am trying to
troubleshoot this from 400 miles away. It's a struggle . Her PC has
Win XP and OE 6. I believe Win XP is SP2, but it might be SP1.





Ads
  #12  
Old October 1st 09, 01:39 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress,microsoft.public.windowsxp.general
o
external usenet poster
 
Posts: 161
Default Why does email run Lsass.exe (ell, not cap eye)?


"nate hudgen" wrote in message
...

"WhatsUp31415" wrote in message
...
When we[*] open a particular email in Outlook Express, it apparently
causes Lsass.exe (with ell, not eye) to run.

Any idea why?

It causes an alleged Norton Internet Security pop-up asking for
confirmation to allow Lsass.exe to access the Internet. (Actually, I
think it is to allow an incoming login request.) I say "alleged" because
the only choice is "allow always". It seems unusual to have only the one
choice, not also "disallow". That piques my suspicion.

When I look at the text of the message in plain ASCII (i.e. Message
Source), it looks benign to me. It does have an HTML part; but I do not
find any explicit reference to any EXE file, much less Lsass.exe. (I did
a Find in Notepad.) However, I do not know HTML very well; I might have
overlooked some other mechanism that would trigger a remote login
attempt.

(What should I look for?)

(Also, I was unable to look at the original mail headers because they are
stripped when OE forwards email .)

I know that isass.exe (usually cap eye) is considered to be a trojan
horse. But my understanding is that Lsass.exe (usually lowercase ell) is
a Windows service, namely the Local Security Authentication Server [sic],
according to some web pages.

We did a file search and confirmed that isass.exe (with eye) does not
exist, whereas Lsass.exe (with ell) does.

The system does have multiple user accounts; I assume that Lsass.exe is
invoked when we login. But I still do not understand what could cause an
incoming login request in that email.

FYI, the email is a legitimate response to email that we[*] sent. But
of course, that does not rule the possibility that the sender's system is
infected, and a trojan horse was attached to legitimate outgoing email.

Anyway, any thoughts would be appreciated. Namely:

1. Am I correct to be suspicious and to trash the email?

2. Or should I allow Lsass.exe to access the Internet?

3. And if #2, please let me know why; that is, what is going on?


[*] "We" is really my computer-illiterate mother. I am trying to
troubleshoot this from 400 miles away. It's a struggle . Her PC has
Win XP and OE 6. I believe Win XP is SP2, but it might be SP1.





 




Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to check email without removing the email copy from email serv Eric Outlook Express 2 May 19th 08 09:14 AM
LSASS.exe problems Jim Branberg Outlook Express 3 June 22nd 07 03:00 PM


All times are GMT +1. The time now is 10:34 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Search Engine Friendly URLs by vBSEO 2.4.0
Copyright 2004-2019 Outlook Banter.
The comments are property of their posters.