The lsass.exe process – Its Purpose
The security policy on a Windows computer is enforced by the lsass.exe process. Whenever a user logs in on a Windows computer, the lsass.exe file verifies if the credentials provided are valid or not.
The lsass.exe file lends security to a Windows computer by preventing unwanted users from accessing any private information. Another important function of the lsass.exe process is to handle password modifications done by the user.
Lsass.exe error on a Windows XP computer
When you start your Windows XP computer, you may receive the following error message:
“Lsass.exe: Entry Point Not Found
The procedure entry point _resetstkoflw could not be located in the dynamic link library Msvcrt.dll.”
Cause of the Error
The above error is reported when the msvcrt.dll file is replaced by a third-party application by its own msvcrt.dll file that does not contain the _resetstkoflw function.
To fix this issue, you need to replace the msvcrt.dll file with the original version. The following steps will help you achieve this.
- Insert the Windows XP installation CD in your CD-ROM drive and reboot your computer from the CD-ROM.
- At the Welcome to Setup screen, press the R key to start Recovery Console.
- Press the number key that points to Windows installation that you need to repair.
- Next, type the administrator password and press Enter.
- Type the following commands on the Recovery Console screen and press Enter after each command.
ren msvcrt.dll msvcrt.old
expand msvcrt.dl_ C:\windows\system32
F: here denotes the CD-ROM drive. If your CD-ROM drive is different than F, then type the drive letter of your CD-ROM drive in place of F.
- C here denotes C drive, which is the default drive on which Windows is installed. If you have installed Windows on another drive, replace letter C with the drive letter of the drive on which you have installed Windows.
Lsass.exe – Can you trust this process?
The true lsass.exe process is a safe process that is essential for the proper functioning of a Windows computer. However, a malicious version of the lsass.exe process also exists, which is registered as a trojan. The malicious lsass.exe is used by their authors to remotely access your computer with the intention of stealing your confidential and personal information.
Listed below are some of the file behaviors that the lsass.exe virus is known to perform:
- Adds and deletes other processes on an infected system.
- Makes outbound connections to other computers.
- Communicates with other computers, using HTTP and TCP protocols.
- Disables the built-in Windows File Protection System and System Restore feature.
- Disables access to the Windows Registry Editor and Task Manager.
- Resists interrogation by security products.
- Modifies the registry to auto start programs.
- Registers a DLL file on infected computers.
How to ensure that the lsass.exe process running is not a system threat
To ensure the lsass.exe process running on your system is not a system threat, run a malware check of your entire computer using advanced security software, such as STOPzilla Antivirus and Spyware Cease. In case the scan results report the presence of the malicious lsass.exe file, immediately remove it.
After you have successfully removed the lsass.exe virus, clean your Windows registry using a reliable registry cleaning tool, such as RegServe. It is important that you do not skip this step as malware, such as lsass.exe virus, often add innumerable harmful and invalid entries to the registry that may lead to various errors besides slowing down your computer.