Group:  English: Windows XP ยป microsoft.public.windowsxp.perform_maintain
Thread: lsass.exe takes a lot of CPU

DotNetBag
.NET Development Newsgroups

HTVi
TV Discussion Newsgroups

 Our Hot Pick: Rising Antivirus 2006 - Certified by TUV & Checkmark! Get 10% discount by entering this coupon code: ONDISCOUNT10
Rising Antivirus 2006

lsass.exe takes a lot of CPU
Jan Willem Boer 12.07.2007 15:50:02
On unpredictable moments lsass.exe uses a lot of CPU on my Windows XP Pro SP2.
I have all updates installed and a virus scan did not reveal any viruses or
malware. The process can't be killed, because this shuts the computer down
(as the sasser worm does).

Inspecting the threads the program runs, it looks like it is always the same
action that makes lsass.exe skyrocket in cpu usage: a thread with the name
ntdll.dll!RtlAllocateHeap. When i kill this thread only, the lsass process
runs fine and CPU usage cools down.

See http://www.flickr.com/photos/10019716[ at ]N06/787972601/ for a screenshot of
the process properties in processexplorer

Does this sound familiar to anyone?
RE: lsass.exe takes a lot of CPU
nass 12.07.2007 19:34:02


"Jan Willem Boer" wrote:

[Quoted Text]
> On unpredictable moments lsass.exe uses a lot of CPU on my Windows XP Pro SP2.
> I have all updates installed and a virus scan did not reveal any viruses or
> malware. The process can't be killed, because this shuts the computer down
> (as the sasser worm does).
>
> Inspecting the threads the program runs, it looks like it is always the same
> action that makes lsass.exe skyrocket in cpu usage: a thread with the name
> ntdll.dll!RtlAllocateHeap. When i kill this thread only, the lsass process
> runs fine and CPU usage cools down.
>
> See http://www.flickr.com/photos/10019716[ at ]N06/787972601/ for a screenshot of
> the process properties in processexplorer
>
> Does this sound familiar to anyone?

First try to scan from another vendor(s) with on-line scanner.
Turn the windows Auto Update OFF and see if the issue will resolve.
What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp
W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html
http://www.microsoft.com/downloads/details.aspx?FamilyID=97945A5D-DB0B-40F8-9A2E-DE93CBB5CB3A&displaylang=en
Download these tools to see the running processes in real-time and you
can search them to make sure they are Legit.
"Process Explorer for Windows v10.21"
http://www.microsoft.com/technet/sysinternals/utilities/processexplorer.mspx
"AutoRuns for Windows v8.61 By Mark Russinovich and Bryce Cogswell" http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/Autoruns.mspx
HTH.
nass
------
www.nasstec.co.uk

Home | Search | Terms | Imprint | Contact
Newsgroups Reader - provided by WiredBox.Net