Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91913 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Protected Storage Service


  • Please log in to reply
3 replies to this topic

#1 watcherduck

watcherduck

    Authentic Member

  • Authentic Member
  • PipPip
  • 116 posts

Posted 28 January 2008 - 10:43 PM

I was browsing my services to see what was started manually and what was started automatically, and what was dependent on the service. (okay, I was bored). :popcorn:

I came across "Protected Storage" and upon looking at the path and dependencies, I noticed that the path was C:\WINDOWS\system 32\Isass.exe. I cant tell whether it is a capital I or a lower case l. The dependency is Remote Proceedure Call (RPC) which strikes me as suspicious.

Can someone look at these captures and give me an educated opinion?
Thanks! and Aloha, Don

Posted Image Posted Image Posted Image

    Advertisements

Register to Remove


#2 Abydos

Abydos

    WTT Tech Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 1,736 posts

Posted 29 January 2008 - 01:27 AM

Hi Watcherduck

All 3 services are normal benign in nature.

lsass.exe (with lower L) is a system process that control local security and login policies. It should not be teminated as it is vital to the overall security of your windows system.

Sidenote: The most notably infection in this file that springs to mind, is the lsass.worm.
But if you were infected, you would know, as it starts a clock on your screen, bidding you to close everything and backup your stuff before its countdown reaches zero (something like that anyhow). Google it if you want.

Remote Procedure Call

Protected Storage (Can be closed without any complications other than you have to write your passwords in OE and IE thereafter)

Regards Abydos

Abydos

Asking for Technical Help


Preventing Malware Slow PC? Recovery Console!

"I am not young enough to know everything" - Oscar Wilde


#3 watcherduck

watcherduck

    Authentic Member

  • Authentic Member
  • PipPip
  • 116 posts

Posted 29 January 2008 - 10:17 AM

Thanks! I did google some, but couldn't find a satisfactory explanation, except the lsass worm, and was wondering. These links are excellent. Again thanks! :thumbup: Aloha, Don

#4 Abydos

Abydos

    WTT Tech Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 1,736 posts

Posted 29 January 2008 - 10:38 AM

Hi Watcherduck

Youre welcome :thumbup:

If you have similar questions, a great site is this one

At the bottom of the page, look for the category Libraries.

TheEldergeek.com is also great.

Kind regards Abydos

Abydos

Asking for Technical Help


Preventing Malware Slow PC? Recovery Console!

"I am not young enough to know everything" - Oscar Wilde

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users