![]() |
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Search this Thread | Display Modes |
#1
|
|||
|
|||
![]()
When we[*] open a particular email in Outlook Express, it apparently causes
Lsass.exe (with ell, not eye) to run. Any idea why? It causes an alleged Norton Internet Security pop-up asking for confirmation to allow Lsass.exe to access the Internet. (Actually, I think it is to allow an incoming login request.) I say "alleged" because the only choice is "allow always". It seems unusual to have only the one choice, not also "disallow". That piques my suspicion. When I look at the text of the message in plain ASCII (i.e. Message Source), it looks benign to me. It does have an HTML part; but I do not find any explicit reference to any EXE file, much less Lsass.exe. (I did a Find in Notepad.) However, I do not know HTML very well; I might have overlooked some other mechanism that would trigger a remote login attempt. (What should I look for?) (Also, I was unable to look at the original mail headers because they are stripped when OE forwards email ![]() I know that isass.exe (usually cap eye) is considered to be a trojan horse. But my understanding is that Lsass.exe (usually lowercase ell) is a Windows service, namely the Local Security Authentication Server [sic], according to some web pages. We did a file search and confirmed that isass.exe (with eye) does not exist, whereas Lsass.exe (with ell) does. The system does have multiple user accounts; I assume that Lsass.exe is invoked when we login. But I still do not understand what could cause an incoming login request in that email. FYI, the email is a legitimate response to email that we[*] sent. But of course, that does not rule the possibility that the sender's system is infected, and a trojan horse was attached to legitimate outgoing email. Anyway, any thoughts would be appreciated. Namely: 1. Am I correct to be suspicious and to trash the email? 2. Or should I allow Lsass.exe to access the Internet? 3. And if #2, please let me know why; that is, what is going on? [*] "We" is really my computer-illiterate mother. I am trying to troubleshoot this from 400 miles away. It's a struggle ![]() XP and OE 6. I believe Win XP is SP2, but it might be SP1. |
Thread Tools | Search this Thread |
Display Modes | |
|
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
Why does email run Lsass.exe (ell, not cap eye)? | WhatsUp31415 | Outlook Express | 11 | October 1st 09 02:39 PM |
cannot run Scanpst.exe | letsgetstaged | Outlook - Installation | 0 | November 13th 08 04:01 AM |
LSASS.exe problems | Jim Branberg | Outlook Express | 3 | June 22nd 07 04:00 PM |
Find and run Outlook.exe | Culverin | Outlook and VBA | 3 | August 28th 06 09:22 PM |
Scanpst.exe can no longer be run | rmcompute | Outlook - Installation | 9 | May 24th 06 12:37 AM |