A Microsoft Outlook email forum. Outlook Banter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » Outlook Banter forum » Microsoft Outlook Express Email Newsgroup » Outlook Express
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Why does email run Lsass.exe (ell, not cap eye)?



 
 
Thread Tools Search this Thread Display Modes
  #1  
Old July 15th 09, 09:03 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress,microsoft.public.windowsxp.general
WhatsUp31415
external usenet poster
 
Posts: 49
Default Why does email run Lsass.exe (ell, not cap eye)?

When we[*] open a particular email in Outlook Express, it apparently causes
Lsass.exe (with ell, not eye) to run.

Any idea why?

It causes an alleged Norton Internet Security pop-up asking for confirmation
to allow Lsass.exe to access the Internet. (Actually, I think it is to
allow an incoming login request.) I say "alleged" because the only choice
is "allow always". It seems unusual to have only the one choice, not also
"disallow". That piques my suspicion.

When I look at the text of the message in plain ASCII (i.e. Message Source),
it looks benign to me. It does have an HTML part; but I do not find any
explicit reference to any EXE file, much less Lsass.exe. (I did a Find in
Notepad.) However, I do not know HTML very well; I might have overlooked
some other mechanism that would trigger a remote login attempt.

(What should I look for?)

(Also, I was unable to look at the original mail headers because they are
stripped when OE forwards email .)

I know that isass.exe (usually cap eye) is considered to be a trojan horse.
But my understanding is that Lsass.exe (usually lowercase ell) is a Windows
service, namely the Local Security Authentication Server [sic], according to
some web pages.

We did a file search and confirmed that isass.exe (with eye) does not exist,
whereas Lsass.exe (with ell) does.

The system does have multiple user accounts; I assume that Lsass.exe is
invoked when we login. But I still do not understand what could cause an
incoming login request in that email.

FYI, the email is a legitimate response to email that we[*] sent. But of
course, that does not rule the possibility that the sender's system is
infected, and a trojan horse was attached to legitimate outgoing email.

Anyway, any thoughts would be appreciated. Namely:

1. Am I correct to be suspicious and to trash the email?

2. Or should I allow Lsass.exe to access the Internet?

3. And if #2, please let me know why; that is, what is going on?

[*] "We" is really my computer-illiterate mother. I am trying to
troubleshoot this from 400 miles away. It's a struggle . Her PC has Win
XP and OE 6. I believe Win XP is SP2, but it might be SP1.

Ads
  #2  
Old July 15th 09, 10:11 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress,microsoft.public.windowsxp.general
db
external usenet poster
 
Posts: 2
Default Why does email run Lsass.exe (ell, not cap eye)?

you should heed your anti
virus program,

unless you find a legitimate
reason to run the suspicious
process.

you can easily google

ISASS.exe and LSASS.exe.

to find out which processes
are legitimate or phony.

also if I recall, the norton
website explains these
issues in detail.
--

db·´¯`·...¸)))º
DatabaseBen, Retired Professional
- Systems Analyst
- Database Developer
- Accountancy
- Veteran of the Armed Forces
- Microsoft Partner
- @hotmail.com
~~~~~~~~~~"share the nirvana" - dbZen




"WhatsUp31415" wrote in message ...
When we[*] open a particular email in Outlook Express, it apparently causes Lsass.exe (with ell, not eye) to run.

Any idea why?

It causes an alleged Norton Internet Security pop-up asking for confirmation to allow Lsass.exe to access the Internet.
(Actually, I think it is to allow an incoming login request.) I say "alleged" because the only choice is "allow always". It
seems unusual to have only the one choice, not also "disallow". That piques my suspicion.

When I look at the text of the message in plain ASCII (i.e. Message Source), it looks benign to me. It does have an HTML part;
but I do not find any explicit reference to any EXE file, much less Lsass.exe. (I did a Find in Notepad.) However, I do not know
HTML very well; I might have overlooked some other mechanism that would trigger a remote login attempt.

(What should I look for?)

(Also, I was unable to look at the original mail headers because they are stripped when OE forwards email .)

I know that isass.exe (usually cap eye) is considered to be a trojan horse. But my understanding is that Lsass.exe (usually
lowercase ell) is a Windows service, namely the Local Security Authentication Server [sic], according to some web pages.

We did a file search and confirmed that isass.exe (with eye) does not exist, whereas Lsass.exe (with ell) does.

The system does have multiple user accounts; I assume that Lsass.exe is invoked when we login. But I still do not understand what
could cause an incoming login request in that email.

FYI, the email is a legitimate response to email that we[*] sent. But of course, that does not rule the possibility that the
sender's system is infected, and a trojan horse was attached to legitimate outgoing email.

Anyway, any thoughts would be appreciated. Namely:

1. Am I correct to be suspicious and to trash the email?

2. Or should I allow Lsass.exe to access the Internet?

3. And if #2, please let me know why; that is, what is going on?


[*] "We" is really my computer-illiterate mother. I am trying to troubleshoot this from 400 miles away. It's a struggle . Her
PC has Win XP and OE 6. I believe Win XP is SP2, but it might be SP1.


  #3  
Old July 15th 09, 10:11 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress,microsoft.public.windowsxp.general
db
external usenet poster
 
Posts: 2
Default Why does email run Lsass.exe (ell, not cap eye)?


you should heed your anti
virus program,

unless you find a legitimate
reason to run the suspicious
process.

you can easily google

ISASS.exe and LSASS.exe.

to find out which processes
are legitimate or phony.

also if I recall, the norton
website explains these
issues in detail.
--

db·´¯`·...¸)))º
DatabaseBen, Retired Professional
- Systems Analyst
- Database Developer
- Accountancy
- Veteran of the Armed Forces
- Microsoft Partner
- @hotmail.com
~~~~~~~~~~"share the nirvana" - dbZen




"WhatsUp31415" wrote in message ...
When we[*] open a particular email in Outlook Express, it apparently causes Lsass.exe (with ell, not eye) to run.

Any idea why?

It causes an alleged Norton Internet Security pop-up asking for confirmation to allow Lsass.exe to access the Internet.
(Actually, I think it is to allow an incoming login request.) I say "alleged" because the only choice is "allow always". It
seems unusual to have only the one choice, not also "disallow". That piques my suspicion.

When I look at the text of the message in plain ASCII (i.e. Message Source), it looks benign to me. It does have an HTML part;
but I do not find any explicit reference to any EXE file, much less Lsass.exe. (I did a Find in Notepad.) However, I do not know
HTML very well; I might have overlooked some other mechanism that would trigger a remote login attempt.

(What should I look for?)

(Also, I was unable to look at the original mail headers because they are stripped when OE forwards email .)

I know that isass.exe (usually cap eye) is considered to be a trojan horse. But my understanding is that Lsass.exe (usually
lowercase ell) is a Windows service, namely the Local Security Authentication Server [sic], according to some web pages.

We did a file search and confirmed that isass.exe (with eye) does not exist, whereas Lsass.exe (with ell) does.

The system does have multiple user accounts; I assume that Lsass.exe is invoked when we login. But I still do not understand what
could cause an incoming login request in that email.

FYI, the email is a legitimate response to email that we[*] sent. But of course, that does not rule the possibility that the
sender's system is infected, and a trojan horse was attached to legitimate outgoing email.

Anyway, any thoughts would be appreciated. Namely:

1. Am I correct to be suspicious and to trash the email?

2. Or should I allow Lsass.exe to access the Internet?

3. And if #2, please let me know why; that is, what is going on?


[*] "We" is really my computer-illiterate mother. I am trying to troubleshoot this from 400 miles away. It's a struggle . Her
PC has Win XP and OE 6. I believe Win XP is SP2, but it might be SP1.


  #4  
Old July 15th 09, 10:27 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress,microsoft.public.windowsxp.general
chisom[_2_]
external usenet poster
 
Posts: 1
Default Why does email run Lsass.exe (ell, not cap eye)?

gjikdfkir coijnkderwe
"WhatsUp31415" wrote in message
...
When we[*] open a particular email in Outlook Express, it apparently
causes Lsass.exe (with ell, not eye) to run.

Any idea why?

It causes an alleged Norton Internet Security pop-up asking for
confirmation to allow Lsass.exe to access the Internet. (Actually, I
think it is to allow an incoming login request.) I say "alleged" because
the only choice is "allow always". It seems unusual to have only the one
choice, not also "disallow". That piques my suspicion.

When I look at the text of the message in plain ASCII (i.e. Message
Source), it looks benign to me. It does have an HTML part; but I do not
find any explicit reference to any EXE file, much less Lsass.exe. (I did
a Find in Notepad.) However, I do not know HTML very well; I might have
overlooked some other mechanism that would trigger a remote login attempt.

(What should I look for?)

(Also, I was unable to look at the original mail headers because they are
stripped when OE forwards email .)

I know that isass.exe (usually cap eye) is considered to be a trojan
horse. But my understanding is that Lsass.exe (usually lowercase ell) is a
Windows service, namely the Local Security Authentication Server [sic],
according to some web pages.

We did a file search and confirmed that isass.exe (with eye) does not
exist, whereas Lsass.exe (with ell) does.

The system does have multiple user accounts; I assume that Lsass.exe is
invoked when we login. But I still do not understand what could cause an
incoming login request in that email.

FYI, the email is a legitimate response to email that we[*] sent. But of
course, that does not rule the possibility that the sender's system is
infected, and a trojan horse was attached to legitimate outgoing email.

Anyway, any thoughts would be appreciated. Namely:

1. Am I correct to be suspicious and to trash the email?

2. Or should I allow Lsass.exe to access the Internet?

3. And if #2, please let me know why; that is, what is going on?


[*] "We" is really my computer-illiterate mother. I am trying to
troubleshoot this from 400 miles away. It's a struggle . Her PC has
Win XP and OE 6. I believe Win XP is SP2, but it might be SP1.



  #5  
Old July 15th 09, 11:07 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress,microsoft.public.windowsxp.general
PA Bear [MS MVP]
external usenet poster
 
Posts: 3,647
Default Why does email run Lsass.exe (ell, not cap eye)?

OE Tools | Options | Security (tab):

Make certain that OE is running in the Restricted Sites zone.

If no joy, see if enabling or disabling (as the case may be) the "Block
images..." option resolves the behavior.

For even more security, enabled OE Tools | Options | Read | Read all
messages in plain text =this option.

PS: If NAV is configured to scan incoming/outgoing mail, disable it. It
provides no additional protection, it could be causing the behavior, and
even Symantec says it's not necessary:

QP
Disabling Email Scanning does not leave you unprotected against viruses that
are distributed as email attachments. Norton AntiVirus Auto-Protect scans
incoming files as they are saved to your hard drive, including email and
email attachments. Email Scanning is just another layer on top of this. To
make sure that Auto-Protect is providing the maximum protection, keep
Auto-Protect enabled and run LiveUpdate regularly to ensure that you have
the most recent virus definitions.
/QP
http://service1.symantec.com/SUPPORT...02111812533106

Why you don't need your anti-virus to scan your email
http://thundercloud.net/infoave/tuto...ning/index.htm
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002



WhatsUp31415 wrote:
When we[*] open a particular email in Outlook Express, it apparently
causes
Lsass.exe (with ell, not eye) to run.

Any idea why?

It causes an alleged Norton Internet Security pop-up asking for
confirmation
to allow Lsass.exe to access the Internet. (Actually, I think it is to
allow an incoming login request.) I say "alleged" because the only choice
is "allow always". It seems unusual to have only the one choice, not also
"disallow". That piques my suspicion.

When I look at the text of the message in plain ASCII (i.e. Message
Source),
it looks benign to me. It does have an HTML part; but I do not find any
explicit reference to any EXE file, much less Lsass.exe. (I did a Find in
Notepad.) However, I do not know HTML very well; I might have overlooked
some other mechanism that would trigger a remote login attempt.

(What should I look for?)

(Also, I was unable to look at the original mail headers because they are
stripped when OE forwards email .)

I know that isass.exe (usually cap eye) is considered to be a trojan
horse.
But my understanding is that Lsass.exe (usually lowercase ell) is a
Windows
service, namely the Local Security Authentication Server [sic], according
to
some web pages.

We did a file search and confirmed that isass.exe (with eye) does not
exist,
whereas Lsass.exe (with ell) does.

The system does have multiple user accounts; I assume that Lsass.exe is
invoked when we login. But I still do not understand what could cause an
incoming login request in that email.

FYI, the email is a legitimate response to email that we[*] sent. But of
course, that does not rule the possibility that the sender's system is
infected, and a trojan horse was attached to legitimate outgoing email.

Anyway, any thoughts would be appreciated. Namely:

1. Am I correct to be suspicious and to trash the email?

2. Or should I allow Lsass.exe to access the Internet?

3. And if #2, please let me know why; that is, what is going on?


[*] "We" is really my computer-illiterate mother. I am trying to
troubleshoot this from 400 miles away. It's a struggle . Her PC has
Win
XP and OE 6. I believe Win XP is SP2, but it might be SP1.


  #6  
Old July 15th 09, 11:07 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress,microsoft.public.windowsxp.general
PA Bear [MS MVP]
external usenet poster
 
Posts: 3,647
Default Why does email run Lsass.exe (ell, not cap eye)?

OE Tools | Options | Security (tab):

Make certain that OE is running in the Restricted Sites zone.

If no joy, see if enabling or disabling (as the case may be) the "Block
images..." option resolves the behavior.

For even more security, enabled OE Tools | Options | Read | Read all
messages in plain text =this option.

PS: If NAV is configured to scan incoming/outgoing mail, disable it. It
provides no additional protection, it could be causing the behavior, and
even Symantec says it's not necessary:

QP
Disabling Email Scanning does not leave you unprotected against viruses that
are distributed as email attachments. Norton AntiVirus Auto-Protect scans
incoming files as they are saved to your hard drive, including email and
email attachments. Email Scanning is just another layer on top of this. To
make sure that Auto-Protect is providing the maximum protection, keep
Auto-Protect enabled and run LiveUpdate regularly to ensure that you have
the most recent virus definitions.
/QP
http://service1.symantec.com/SUPPORT...02111812533106

Why you don't need your anti-virus to scan your email
http://thundercloud.net/infoave/tuto...ning/index.htm
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002



WhatsUp31415 wrote:
When we[*] open a particular email in Outlook Express, it apparently
causes
Lsass.exe (with ell, not eye) to run.

Any idea why?

It causes an alleged Norton Internet Security pop-up asking for
confirmation
to allow Lsass.exe to access the Internet. (Actually, I think it is to
allow an incoming login request.) I say "alleged" because the only choice
is "allow always". It seems unusual to have only the one choice, not also
"disallow". That piques my suspicion.

When I look at the text of the message in plain ASCII (i.e. Message
Source),
it looks benign to me. It does have an HTML part; but I do not find any
explicit reference to any EXE file, much less Lsass.exe. (I did a Find in
Notepad.) However, I do not know HTML very well; I might have overlooked
some other mechanism that would trigger a remote login attempt.

(What should I look for?)

(Also, I was unable to look at the original mail headers because they are
stripped when OE forwards email .)

I know that isass.exe (usually cap eye) is considered to be a trojan
horse.
But my understanding is that Lsass.exe (usually lowercase ell) is a
Windows
service, namely the Local Security Authentication Server [sic], according
to
some web pages.

We did a file search and confirmed that isass.exe (with eye) does not
exist,
whereas Lsass.exe (with ell) does.

The system does have multiple user accounts; I assume that Lsass.exe is
invoked when we login. But I still do not understand what could cause an
incoming login request in that email.

FYI, the email is a legitimate response to email that we[*] sent. But of
course, that does not rule the possibility that the sender's system is
infected, and a trojan horse was attached to legitimate outgoing email.

Anyway, any thoughts would be appreciated. Namely:

1. Am I correct to be suspicious and to trash the email?

2. Or should I allow Lsass.exe to access the Internet?

3. And if #2, please let me know why; that is, what is going on?


[*] "We" is really my computer-illiterate mother. I am trying to
troubleshoot this from 400 miles away. It's a struggle . Her PC has
Win
XP and OE 6. I believe Win XP is SP2, but it might be SP1.


  #7  
Old September 30th 09, 05:36 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress,microsoft.public.windowsxp.general
nate hudgen
external usenet poster
 
Posts: 2
Default Why does email run Lsass.exe (ell, not cap eye)?


"WhatsUp31415" wrote in message
...
When we[*] open a particular email in Outlook Express, it apparently
causes Lsass.exe (with ell, not eye) to run.

Any idea why?

It causes an alleged Norton Internet Security pop-up asking for
confirmation to allow Lsass.exe to access the Internet. (Actually, I
think it is to allow an incoming login request.) I say "alleged" because
the only choice is "allow always". It seems unusual to have only the one
choice, not also "disallow". That piques my suspicion.

When I look at the text of the message in plain ASCII (i.e. Message
Source), it looks benign to me. It does have an HTML part; but I do not
find any explicit reference to any EXE file, much less Lsass.exe. (I did
a Find in Notepad.) However, I do not know HTML very well; I might have
overlooked some other mechanism that would trigger a remote login attempt.

(What should I look for?)

(Also, I was unable to look at the original mail headers because they are
stripped when OE forwards email .)

I know that isass.exe (usually cap eye) is considered to be a trojan
horse. But my understanding is that Lsass.exe (usually lowercase ell) is a
Windows service, namely the Local Security Authentication Server [sic],
according to some web pages.

We did a file search and confirmed that isass.exe (with eye) does not
exist, whereas Lsass.exe (with ell) does.

The system does have multiple user accounts; I assume that Lsass.exe is
invoked when we login. But I still do not understand what could cause an
incoming login request in that email.

FYI, the email is a legitimate response to email that we[*] sent. But of
course, that does not rule the possibility that the sender's system is
infected, and a trojan horse was attached to legitimate outgoing email.

Anyway, any thoughts would be appreciated. Namely:

1. Am I correct to be suspicious and to trash the email?

2. Or should I allow Lsass.exe to access the Internet?

3. And if #2, please let me know why; that is, what is going on?


[*] "We" is really my computer-illiterate mother. I am trying to
troubleshoot this from 400 miles away. It's a struggle . Her PC has
Win XP and OE 6. I believe Win XP is SP2, but it might be SP1.



  #8  
Old September 30th 09, 05:36 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress,microsoft.public.windowsxp.general
nate hudgen
external usenet poster
 
Posts: 2
Default Why does email run Lsass.exe (ell, not cap eye)?


"WhatsUp31415" wrote in message
...
When we[*] open a particular email in Outlook Express, it apparently
causes Lsass.exe (with ell, not eye) to run.

Any idea why?

It causes an alleged Norton Internet Security pop-up asking for
confirmation to allow Lsass.exe to access the Internet. (Actually, I
think it is to allow an incoming login request.) I say "alleged" because
the only choice is "allow always". It seems unusual to have only the one
choice, not also "disallow". That piques my suspicion.

When I look at the text of the message in plain ASCII (i.e. Message
Source), it looks benign to me. It does have an HTML part; but I do not
find any explicit reference to any EXE file, much less Lsass.exe. (I did
a Find in Notepad.) However, I do not know HTML very well; I might have
overlooked some other mechanism that would trigger a remote login attempt.

(What should I look for?)

(Also, I was unable to look at the original mail headers because they are
stripped when OE forwards email .)

I know that isass.exe (usually cap eye) is considered to be a trojan
horse. But my understanding is that Lsass.exe (usually lowercase ell) is a
Windows service, namely the Local Security Authentication Server [sic],
according to some web pages.

We did a file search and confirmed that isass.exe (with eye) does not
exist, whereas Lsass.exe (with ell) does.

The system does have multiple user accounts; I assume that Lsass.exe is
invoked when we login. But I still do not understand what could cause an
incoming login request in that email.

FYI, the email is a legitimate response to email that we[*] sent. But of
course, that does not rule the possibility that the sender's system is
infected, and a trojan horse was attached to legitimate outgoing email.

Anyway, any thoughts would be appreciated. Namely:

1. Am I correct to be suspicious and to trash the email?

2. Or should I allow Lsass.exe to access the Internet?

3. And if #2, please let me know why; that is, what is going on?


[*] "We" is really my computer-illiterate mother. I am trying to
troubleshoot this from 400 miles away. It's a struggle . Her PC has
Win XP and OE 6. I believe Win XP is SP2, but it might be SP1.



  #9  
Old October 1st 09, 01:38 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress,microsoft.public.windowsxp.general
o
external usenet poster
 
Posts: 161
Default Why does email run Lsass.exe (ell, not cap eye)?


"nate hudgen" wrote in message
...

"WhatsUp31415" wrote in message
...
When we[*] open a particular email in Outlook Express, it apparently
causes Lsass.exe (with ell, not eye) to run.

Any idea why?

It causes an alleged Norton Internet Security pop-up asking for
confirmation to allow Lsass.exe to access the Internet. (Actually, I
think it is to allow an incoming login request.) I say "alleged" because
the only choice is "allow always". It seems unusual to have only the one
choice, not also "disallow". That piques my suspicion.

When I look at the text of the message in plain ASCII (i.e. Message
Source), it looks benign to me. It does have an HTML part; but I do not
find any explicit reference to any EXE file, much less Lsass.exe. (I did
a Find in Notepad.) However, I do not know HTML very well; I might have
overlooked some other mechanism that would trigger a remote login
attempt.

(What should I look for?)

(Also, I was unable to look at the original mail headers because they are
stripped when OE forwards email .)

I know that isass.exe (usually cap eye) is considered to be a trojan
horse. But my understanding is that Lsass.exe (usually lowercase ell) is
a Windows service, namely the Local Security Authentication Server [sic],
according to some web pages.

We did a file search and confirmed that isass.exe (with eye) does not
exist, whereas Lsass.exe (with ell) does.

The system does have multiple user accounts; I assume that Lsass.exe is
invoked when we login. But I still do not understand what could cause an
incoming login request in that email.

FYI, the email is a legitimate response to email that we[*] sent. But
of course, that does not rule the possibility that the sender's system is
infected, and a trojan horse was attached to legitimate outgoing email.

Anyway, any thoughts would be appreciated. Namely:

1. Am I correct to be suspicious and to trash the email?

2. Or should I allow Lsass.exe to access the Internet?

3. And if #2, please let me know why; that is, what is going on?


[*] "We" is really my computer-illiterate mother. I am trying to
troubleshoot this from 400 miles away. It's a struggle . Her PC has
Win XP and OE 6. I believe Win XP is SP2, but it might be SP1.





  #10  
Old October 1st 09, 01:38 PM posted to microsoft.public.windows.inetexplorer.ie6_outlookexpress,microsoft.public.windowsxp.general
o
external usenet poster
 
Posts: 161
Default Why does email run Lsass.exe (ell, not cap eye)?


"nate hudgen" wrote in message
...

"WhatsUp31415" wrote in message
...
When we[*] open a particular email in Outlook Express, it apparently
causes Lsass.exe (with ell, not eye) to run.

Any idea why?

It causes an alleged Norton Internet Security pop-up asking for
confirmation to allow Lsass.exe to access the Internet. (Actually, I
think it is to allow an incoming login request.) I say "alleged" because
the only choice is "allow always". It seems unusual to have only the one
choice, not also "disallow". That piques my suspicion.

When I look at the text of the message in plain ASCII (i.e. Message
Source), it looks benign to me. It does have an HTML part; but I do not
find any explicit reference to any EXE file, much less Lsass.exe. (I did
a Find in Notepad.) However, I do not know HTML very well; I might have
overlooked some other mechanism that would trigger a remote login
attempt.

(What should I look for?)

(Also, I was unable to look at the original mail headers because they are
stripped when OE forwards email .)

I know that isass.exe (usually cap eye) is considered to be a trojan
horse. But my understanding is that Lsass.exe (usually lowercase ell) is
a Windows service, namely the Local Security Authentication Server [sic],
according to some web pages.

We did a file search and confirmed that isass.exe (with eye) does not
exist, whereas Lsass.exe (with ell) does.

The system does have multiple user accounts; I assume that Lsass.exe is
invoked when we login. But I still do not understand what could cause an
incoming login request in that email.

FYI, the email is a legitimate response to email that we[*] sent. But
of course, that does not rule the possibility that the sender's system is
infected, and a trojan horse was attached to legitimate outgoing email.

Anyway, any thoughts would be appreciated. Namely:

1. Am I correct to be suspicious and to trash the email?

2. Or should I allow Lsass.exe to access the Internet?

3. And if #2, please let me know why; that is, what is going on?


[*] "We" is really my computer-illiterate mother. I am trying to
troubleshoot this from 400 miles away. It's a struggle . Her PC has
Win XP and OE 6. I believe Win XP is SP2, but it might be SP1.





 




Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to check email without removing the email copy from email serv Eric Outlook Express 2 May 19th 08 09:14 AM
LSASS.exe problems Jim Branberg Outlook Express 3 June 22nd 07 03:00 PM


All times are GMT +1. The time now is 03:27 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.Search Engine Friendly URLs by vBSEO 2.4.0
Copyright ©2004-2024 Outlook Banter.
The comments are property of their posters.