lsass.exe ??

MilesAhead

Eclectician
Vista Guru
Gold Member
Hmmmm I seem to be at a loss!! If I remove or disable one item that touches all the files on my drive then some other piece of software picks up the ball and does the same thing. Now lsass.exe often decides to check every registry setting and file on my system. Sometimes it just runs on for 1/2 an hour!! Virus scans show nothing. I'm lost!! :cry:

I'm starting to understand why some people don't want to move from XP!
It is really becoming annoying to use this OS!!
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilion m9515y
    CPU
    Phenom X4 9850
    Memory
    8 GB
    Graphics Card(s)
    Some Radeon Cheapie with 512 MB Ram
    Monitor(s) Displays
    CRT
    Screen Resolution
    1280x1024
    Hard Drives
    750 GB SATA 3G
    2 SIIG Superspeed docks w/WD Caviar Black Sata II or III

My Computers

System One System Two

  • Operating System
    Windows 10 Pro 64-bit
    Manufacturer/Model
    Custom
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 10 Pro
    Manufacturer/Model
    HP Envy Y0F94AV
    CPU
    i7-7500U @ 2.70 GHz
    Memory
    16 GB DDR4-2133
    Graphics card(s)
    NVIDIA GeForce 940MX
    Sound Card
    Conexant ISST Audio
    Monitor(s) Displays
    17.3" UHD IPS touch
    Screen Resolution
    3480 x 2160
    Hard Drives
    512 GB M.2 SSD

My Computer

System One

  • Manufacturer/Model
    ME.....
    CPU
    Q9450 @ 3.6ghz
    Motherboard
    P5K PREMIUM
    Memory
    8GB 1066mhz buffalo firestix
    Graphics Card(s)
    HD 5970
    Monitor(s) Displays
    20'' syncmaster
    Screen Resolution
    1680x1050
    Hard Drives
    160GB 7200RPM SEAGATE BARRACUDA IDE
    160GB 7200RPM SEAGATE BARRACUDA SATA 2
    PSU
    XCILIO 850w
    Case
    unknown ATX
    Cooling
    Arctic cooler pro 775
    Keyboard
    logitech EX110
    Mouse
    logitech cordless optical
    Internet Speed
    2mb
Thanks for the replies. I never got the shutdown message until I tried to autokill lsass.exe. So far it seems like it's just making my HD run on, but I suppose it could be looking through all my files. It feels more like Vista running on than something malicious.

For one thing, it is in c:\windows\system32 and no virus scanners have picked up on it. Since this Sasser thing has been around since at least 2004 I find it hard to believe it wouldn't turn it up. But who knows?
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilion m9515y
    CPU
    Phenom X4 9850
    Memory
    8 GB
    Graphics Card(s)
    Some Radeon Cheapie with 512 MB Ram
    Monitor(s) Displays
    CRT
    Screen Resolution
    1280x1024
    Hard Drives
    750 GB SATA 3G
    2 SIIG Superspeed docks w/WD Caviar Black Sata II or III
No, if your system shutdown when you killed it, that is the right one, owing to its location as well.
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro X64 Insider Preview (Skip Ahead) latest build
    Manufacturer/Model
    The Beast Model V (homebrew)
    CPU
    Intel Core i7 965 EE @ 3.6 GHz
    Motherboard
    eVGA X58 Classified 3 (141-GT-E770-A1)
    Memory
    3 * Mushkin 998981 Redline Enhanced triple channel DDR3 4 GB CL7 DDR3 1600 MHz (PC3-12800)
    Graphics Card(s)
    eVGA GeForce GTX 970 SSC ACX 2.0 (04G-P4-3979-KB)
    Sound Card
    Realtek HD Audio (onboard)
    Monitor(s) Displays
    2 * Lenovo LT2323pwA Widescreeen
    Screen Resolution
    2 * 1920 x 1080
    Hard Drives
    SanDisk Ultra SDSSDHII-960G-G25 960 GB SATA III SSD (System)
    Crucial MX100 CT256MX100SSD1 256GB SATA III SSD (User Tree)
    2 * Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM SATA II Mech. HD
    Seagate ST1500DL001-9VT15L Barracuda 7200.12 1.5 TB S
    PSU
    Thermaltake Black Widow TX TR2 850W 80+ Bronze Semi-Mod ATX
    Case
    ThermalTake Level 10 GT (Black)
    Cooling
    Corsair H100 (CPU, dual 140 mm fans on radiator) + Air (2 *
    Keyboard
    Logitech G15 (gen 2)
    Mouse
    Logitech MX Master (shared)
    Internet Speed
    AT&T Lightspeed Gigabit duplex
  • Operating System
    Sabayon Linux (current, weekly updates, 5.1.x kernel)
    Manufacturer/Model
    Lenovo ThinkPad E545
    CPU
    AMD A6-5350M APU
    Motherboard
    Lenovo
    Memory
    8 GB
    Graphics card(s)
    Radeon HD (Embedded)
    Sound Card
    Conextant 20671 SmartAudio HD
    Monitor(s) Displays
    Lenovo 15" Matte
    Screen Resolution
    1680 * 1050
    Hard Drives
    INTEL Cherryvill 520 Series SSDSC2CW180A 180 GB SSD
    PSU
    Lenovo
    Case
    Lenovo
    Cooling
    Lenovo
    Mouse
    Logitech MX Master (shared) | Synaptics TouchPad
    Keyboard
    Lenovo
    Internet Speed
    AT&T LightSpeed Gigabit Duplex
No, if your system shutdown when you killed it, that is the right one, owing to its location as well.

That's a relief but I'm wondering why there seems to be 10% unlucky people who have
this thing run on? When I google I see stuff from 2004 with no solution. If the guy
doesn't have the worm, the thread just trails off. I know everyone's drives don't just glow full on for 1/2 hour every day!! Can't be! There's got to be a work-around.

The more I search the more I see zero reports of this thing being made to go away.
Even reports of guys with 5 XP machines, 4 without the HD run on due to lsass.exe and one with. No clue what the difference is. Really bizarre.
 
Last edited:

My Computer

System One

  • Manufacturer/Model
    HP Pavilion m9515y
    CPU
    Phenom X4 9850
    Memory
    8 GB
    Graphics Card(s)
    Some Radeon Cheapie with 512 MB Ram
    Monitor(s) Displays
    CRT
    Screen Resolution
    1280x1024
    Hard Drives
    750 GB SATA 3G
    2 SIIG Superspeed docks w/WD Caviar Black Sata II or III
More info. My XP machine has lsass.exe and explorer.exe doing their thing checking whatever they check, but the disk access LED doesn't flicker. I saw a post similar to this about Vista. Seems for some reason it actually sends each file read write create to the disk hardware instead of doing any caching. There's got to be a fix for this someplace!

Maybe a driver fix?
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilion m9515y
    CPU
    Phenom X4 9850
    Memory
    8 GB
    Graphics Card(s)
    Some Radeon Cheapie with 512 MB Ram
    Monitor(s) Displays
    CRT
    Screen Resolution
    1280x1024
    Hard Drives
    750 GB SATA 3G
    2 SIIG Superspeed docks w/WD Caviar Black Sata II or III
I think I may have finally hit pay dirt!
It seemed like lsass.exe was running my HD but in actuality
it was svhost.exe, which launches services. Similar hits pop
up in Google as far back as 2004 where some guys have HD
run on but most don't. My new theory is that it's due to the
fact that the desktops in question are Media Center PCs.

These run the 2 services Function Discovery Provider Host and
Function Discovery Resource Publication which publishes
multimedia resources on the network. I dsiabled both of these
and now when svhost.exe runs checking files, it checks a bunch
of .dlls and stuff in the system folders, but it doesn't read my .avi
and .mp3 files. So the HD runs only for a couple of minutes instead
of 20. Plus it's not totally pegged out so you can actually say, load
a browser while this is going on!!

Keeping my fingers crossed!!

:cool:
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilion m9515y
    CPU
    Phenom X4 9850
    Memory
    8 GB
    Graphics Card(s)
    Some Radeon Cheapie with 512 MB Ram
    Monitor(s) Displays
    CRT
    Screen Resolution
    1280x1024
    Hard Drives
    750 GB SATA 3G
    2 SIIG Superspeed docks w/WD Caviar Black Sata II or III
MilesAhead,

Thank you for posting your results back.

Shawn
 

My Computers

System One System Two

  • Operating System
    Windows 10 Pro 64-bit
    Manufacturer/Model
    Custom
    CPU
    Intel i7-8700K 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    2 x Samsung Odyssey G7 27"
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Samsung 990 PRO M.2,
    4TB Samsung 990 PRO PRO M.2,
    8TB WD MyCloudEX2Ultra NAS
    PSU
    Seasonic Prime Titanium 850W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master 3
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Galaxy S23 Plus phone
  • Operating System
    Windows 10 Pro
    Manufacturer/Model
    HP Envy Y0F94AV
    CPU
    i7-7500U @ 2.70 GHz
    Memory
    16 GB DDR4-2133
    Graphics card(s)
    NVIDIA GeForce 940MX
    Sound Card
    Conexant ISST Audio
    Monitor(s) Displays
    17.3" UHD IPS touch
    Screen Resolution
    3480 x 2160
    Hard Drives
    512 GB M.2 SSD
I think I may have finally hit pay dirt!
It seemed like lsass.exe was running my HD but in actuality
it was svhost.exe, which launches services. Similar hits pop
up in Google as far back as 2004 where some guys have HD
run on but most don't. My new theory is that it's due to the
fact that the desktops in question are Media Center PCs.

These run the 2 services Function Discovery Provider Host and
Function Discovery Resource Publication which publishes
multimedia resources on the network. I dsiabled both of these
and now when svhost.exe runs checking files, it checks a bunch
of .dlls and stuff in the system folders, but it doesn't read my .avi
and .mp3 files. So the HD runs only for a couple of minutes instead
of 20. Plus it's not totally pegged out so you can actually say, load
a browser while this is going on!!

Keeping my fingers crossed!!

:cool:


Thanks, just realised after reading this thread that I have the same problem as well. I've disabled them two services you mentioned, and will see if it makes a difference when I restart my PC as I get a slow down when I turn it on and things take a few mins to load.
 

My Computer

System One

  • Manufacturer/Model
    Custom Built
    CPU
    Intel Core 2 Quad Q9550
    Motherboard
    XFX MB-750I-72P9 NF750i
    Memory
    4096MB Corsair XMS2 PC-5400
    Graphics Card(s)
    ASUS Nvidia Geforce GTX470
    Sound Card
    ASUS Xonar DX
    Monitor(s) Displays
    Dell 24" S2409W & Dell 20" E207WFP
    Screen Resolution
    1920x1080 & 1680x1050
    Hard Drives
    750GB Western Digital Caviar Black & 500GB Samsung
    PSU
    750 watt Thermaltake Toughpower
    Case
    Coolermaster Dominator 690 Nvidia Edition
    Cooling
    Zalman CNPS9700-NT Cooler, 6x 120mm Chassis Fans
    Keyboard
    Logitech G11 Keyboard
    Mouse
    Logitech G5 Laser Mouse (2007 edition)
    Internet Speed
    100Mbps
    Other Info
    abit airpace 54mbps wireless PCI-E x1 card
MilesAhead,

Thank you for posting your results back.

Shawn


Sure thing. So far so good. HD seems to be acting normally or at least
acceptably. I made a hard copy with the state of all my services in the
hope that this setup will be a keeper. :)
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilion m9515y
    CPU
    Phenom X4 9850
    Memory
    8 GB
    Graphics Card(s)
    Some Radeon Cheapie with 512 MB Ram
    Monitor(s) Displays
    CRT
    Screen Resolution
    1280x1024
    Hard Drives
    750 GB SATA 3G
    2 SIIG Superspeed docks w/WD Caviar Black Sata II or III
Thanks, just realised after reading this thread that I have the same problem as well. I've disabled them two services you mentioned, and will see if it makes a difference when I restart my PC as I get a slow down when I turn it on and things take a few mins to load.


Hope it works. This has been an ongoing struggle since I bought this machine. Seems to be a lot of interlocking overlapping file indexing and publishing stuff going on, esp if you have a Media Center type of PC. I don't know if I'll ever find them all. :)

I like HP Media Center PCs because of good bang for the buck but unless they come up with an easier way to disable the multimedia bloat I might have to find another way of PCin'. :(
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilion m9515y
    CPU
    Phenom X4 9850
    Memory
    8 GB
    Graphics Card(s)
    Some Radeon Cheapie with 512 MB Ram
    Monitor(s) Displays
    CRT
    Screen Resolution
    1280x1024
    Hard Drives
    750 GB SATA 3G
    2 SIIG Superspeed docks w/WD Caviar Black Sata II or III
Back
Top