Lsass.exe eating system resources on startup.

[csbassplayer]

Ive read a million topics on this but almost all of them deal with OBVIOUS solutions to the problem. Well I've already updated my OS (newest security patches, service packs, etc...), Antivirus,adware removal...etc... and for about 30mins after a restart, the lsass.exe system process eats all my cpu power. Once its done my system runs like a charm, but those 30min restarts are a waste of time. It is really starting to annoy me. No this is not a virus (according to AVG, McAfee, etc...) problem, or an Adware (spybot,adaware) problem. It is the legitimate system process eating my resources and i have no clue what to do about it. Any suggestions on a fix?

Athlon XP2500
1.5 Corsair XMS
Seagate SATA 80gig HD
Radeon x850 Pro 256

 

[dmroeder]

Search your computer for that file. The internet tells me that it's only supposed to be located in the System32 folder and if anywhere else, it's malicious.

Although that is a normal windows file, there are virus' that run under that name.

 

[csbassplayer]

I am aware of that, however this is NOT a virus, it is the correct spelling of the process, in the correct file location. It just eats a boatload of my system resources for a while. The actual virus makes your system crash after 60 seconds of use. THIS IS NOT A VIRUS.

 

[CHEEZball]

First hit when Googling Lsass.exe eating resources

.. some neat info in there! Hope you can get this fixed, I'd be annoyed to high hell! Looks like killing processes which lsass .. reprocesses will help alot

 

[fattony]

lsass is the local authentication and security module, anything requires passing of credentials and authorization has to go through lsass

so either something keeps hitting the box for authentication and craps out or there's something running on there and keeps requesting for something from lsass

you may want to turn on security auditing from gpedit.msc and check your security logs on eventvwr.msc or on the contrary if you find out that all auditing is enabled, this can cause it to spike too, so you should just turn it all off to save CPU

 

[olderthandirt101]

Goto Systernals and download Process Explorer and see what Handles and Strings Isaas is repeatedly hooking.

 

[pscowboy]

Regardless of what you think, it still may be a Sasser worm infection.

Nothing to lose by implementing the removal process. Google "Sasser" to get the skinny on it.