请问进程中lsass.exe是什么文件？

lsass.exe 管理 IP 安全策略以及启动 ISAKMP/Oakley (IKE) 和 IP 安全驱动程序。
(系统服务)
产生会话密钥以及授予用于交互式客户/服务器验证的服务凭据(ticket)。(系统服务)

你好
lsass.exe (5.1.2600.1106)
包含在软件
名字: Windows XP Home Edition, Deutsch
执照: 商业
信息链接: http://www.microsoft.com/windowsxp/
文件细节
文件道路: C:\WINDOWS\system32 \ lsass.exe
文件日期: 2002-08-29 14:00:00
版本: 5.1.2600.1106
文件大小: 11.776 字节
检查和和文件hashes
CRC32: D2697D2E
MD5: 5823 9984 742E 8FD4 CD3F CEEB 5453 66C1
SHA1: 7010 716E 0C17 E3B9 88FC 87A2 F079 AFF4 E3FD C33A
版本资源信息
公司名称: Microsoft Corporation
文件描述: LSA Shell (Export Version)
文件操作系统: Windows NT, Windows 2000, Windows XP, Windows 2003
文件类型: Dynamic Link Library (DLL)
文件版本: 5.1.2600.1106
内部名: lsass.exe
法律版权: ? Microsoft Corporation. All rights reserved.
原始的文件名: lsass.exe
产品名称: Microsoft? Windows? Operating System
产品版本: 5.1.2600.1106


lsass.exe 被发现了在以下报告:

W32.Nimos.Worm
技术细节
...Copies itself as %Windows%SystemLsass.exe. Note: %Windir% is a variable....
..."System Handler"="%Windir%SystemLSASS.EXE" to the registry keys:...
撤除指示
..."System Handler"="%Windir%SystemLSASS.EXE" Do one of the following:...
..."System Handler"="%Windir%SystemLSASS.EXE" Navigate to the registry key:...
来源: http://securityresponse.symantec.com/avcenter/venc/data/w32.nimos.worm.html 
Backdoor.IRC.Ratsou.D
技术细节
...Libparse.exe (A nonmalicious file) Lsass.exe (Detected as Backdoor.IRC.Ratsou.D)...
..."HID.EXE"="%windir%system32dsdn36lsass.exe" "lsass"="%windir%system32dsdn36lsass.exe"...
...which call %Windir%System32Dsdn36lsass.exe when chat files are opened....
撤除指示
..."HID.EXE"="%windir%system32dsdn36lsass.exe" "lsass"="%windir%system32dsdn36lsass.exe"...
来源: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.d.html 
W32.Sasser.G
关于W32.Sasser.G
...W32.Sasser.G is a variant of W32.Sasser.Worm that attempts to exploit the LSASS vulnerability described in Microsoft Security Bulletin MS04-011....
威胁评估
...Computer will restart when Lsass.exe process crashes. Releases confidential info:...
...Unpatched systems vulnerable to LSASS exploit - MS04-011 ...
技术细节
...Note: The Lsass.exe process will crash after the worm exploits the Windows LSASS vulnerability....
撤除指示
...following text in the Comment box: Delay Lsass.exe shutdown. Click OK....
来源: http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.g.html 
Backdoor.Queen
关于W32.Sasser.G
...The Trojan attempts to disguise itself as the normal Windows process named "LSASS.EXE." The Trojan has two components:...
技术细节
...Attempts to create a remote thread in "LSASS.EXE" and inject itself into it....
来源: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.queen.html 
Backdoor.Lassrv
技术细节
...This file injects lsasrv32.dll into the Windows file Lsass.exe. lsarv32.dll....
...If the .exe file is executed, it injects lsasrv32.dll as a thread into Lsass.exe. The thread connects to ports...
来源: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lassrv.html 
W32.HLLW.Lovgate.D@mm
关于W32.Sasser.G
...2000, or XP, the worm attempts to disguise itself as the normal Windows process, Lsass.exe. This threat is written in...
技术细节
...Injects a thread into "LSASS.EXE" and starts a listening server that provides a command shell on port 20168,...
来源: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate.d@mm.html 
Backdoor.IRC.Ratsou.B
技术细节
...LibParse.exe, a process viewer, clean. Lsass.exe, hacked mIRC32 client, detected as Backdoor.IRC.Ratsou.B....
..."HID.EXE"="%System%HID.EXE" "lsass"="%Windir%DebugUserModelsass.exe"...
...extensions in HKEY_LOCAL_MACHINSoftwareClasses, which call %Windir%DebugUserModelsass.exe when chat files are opened....
撤除指示
...HID.EXE lsass Exit the Registry Editor....
来源: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.b.html 
Hacktool.Asni
技术细节
...When Hacktool.Asni is executed on a remote machine, it attempts to crash the LSASS.exe process, which handles some Windows log-on authentication tasks....
来源: http://securityresponse.symantec.com/avcenter/venc/data/hacktool.asni.html 
W32.Sasser.F.Worm
关于W32.Sasser.G
...This worm attempts to exploit the LSASS vulnerability described in Microsoft Security Bulletin MS04-011....
威胁评估
...Unpatched systems vulnerable to LSASS exploit - MS04-011. ...
技术细节
...For example, 74354_up.exe. The Lsass.exe process will crash after the worm exploits the Windows LSASS vulnerability....
撤除指示
...following text in the Comment box: Delay Lsass.exe shutdown. Click OK....
来源: http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.f.worm.html 
W32.HLLW.Lovgate@mm
关于W32.Sasser.G
...XP, the worm will attempt to disguise itself as the normal Windows process, "LSASS.EXE." W32.HLLW.Lovgate@mm is written...
技术细节
...If the worm detects the process, "LSASS.EXE," it will attempt to create a remote thread in that particular process and...
...Injects another thread into "LSASS.EXE", which starts a listening server that provides a command shell on port 20168...

你好，我想问一下，我的电脑昨天从新启动了N次。说是：LSASS.EXE什么的出现问题，系统自动在1分钟之内关机。想删掉那个文件可是有不行。下在了很多沙度软件，可是也没有中毒。请问我现在该怎么办？不会需要系统重装吧？非常感谢！

看了就帮你顶一下吧

楼主和我一样

引用:

【天下奇才的贴子】你好 lsass.exe (5.1.2600.1106) 包含在软件 名字: Windows XP Home Edition, Deutsch 执照: 商业 信息链接: http://www.microsoft.com/windowsxp/ 文件细节 文件道路: C:\WINDOWS\system32 \ lsass.exe 文件日期: 2002-08-29 14:00:00 版本: 5.1.2600.1106 文件大小: 11.776 字节 检查和和文件hashes CRC32: D2697D2E MD5: 5823 9984 742E 8FD4 CD3F CEEB 5453 66C1 SHA1: 7010 716E 0C17 E3B9 88FC 87A2 F079 AFF4 E3FD C33A 版本资源信息 公司名称: Microsoft Corporation 文件描述: LSA Shell (Export Version) 文件操作系统: Windows NT, Windows 2000, Windows XP, Windows 2003 文件类型: Dynamic Link Library (DLL) 文件版本: 5.1.2600.1106 内部名: lsass.exe 法律版权: ? Microsoft Corporation. All rights reserved. 原始的文件名: lsass.exe 产品名称: Microsoft? Windows? Operating System 产品版本: 5.1.2600.1106 lsass.exe 被发现了在以下报告: W32.Nimos.Worm 技术细节 ...Copies itself as %Windows%SystemLsass.exe. Note: %Windir% is a variable.... ..."System Handler"="%Windir%SystemLSASS.EXE" to the registry keys:... 撤除指示 ..."System Handler"="%Windir%SystemLSASS.EXE" Do one of the following:... ..."System Handler"="%Windir%SystemLSASS.EXE" Navigate to the registry key:... 来源: http://securityresponse.symantec.com/avcenter/venc/data/w32.nimos.worm.html  Backdoor.IRC.Ratsou.D 技术细节 ...Libparse.exe (A nonmalicious file) Lsass.exe (Detected as Backdoor.IRC.Ratsou.D)... ..."HID.EXE"="%windir%system32dsdn36lsass.exe" "lsass"="%windir%system32dsdn36lsass.exe"... ...which call %Windir%System32Dsdn36lsass.exe when chat files are opened.... 撤除指示 ..."HID.EXE"="%windir%system32dsdn36lsass.exe" "lsass"="%windir%system32dsdn36lsass.exe"... 来源: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.d.html  W32.Sasser.G 关于W32.Sasser.G ...W32.Sasser.G is a variant of W32.Sasser.Worm that attempts to exploit the LSASS vulnerability described in Microsoft Security Bulletin MS04-011.... 威胁评估 ...Computer will restart when Lsass.exe process crashes. Releases confidential info:... ...Unpatched systems vulnerable to LSASS exploit - MS04-011 ... 技术细节 ...Note: The Lsass.exe process will crash after the worm exploits the Windows LSASS vulnerability.... 撤除指示 ...following text in the Comment box: Delay Lsass.exe shutdown. Click OK.... 来源: http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.g.html  Backdoor.Queen 关于W32.Sasser.G ...The Trojan attempts to disguise itself as the normal Windows process named "LSASS.EXE." The Trojan has two components:... 技术细节 ...Attempts to create a remote thread in "LSASS.EXE" and inject itself into it.... 来源: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.queen.html  Backdoor.Lassrv 技术细节 ...This file injects lsasrv32.dll into the Windows file Lsass.exe. lsarv32.dll.... ...If the .exe file is executed, it injects lsasrv32.dll as a thread into Lsass.exe. The thread connects to ports... 来源: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.lassrv.html  W32.HLLW.Lovgate.D@mm 关于W32.Sasser.G ...2000, or XP, the worm attempts to disguise itself as the normal Windows process, Lsass.exe. This threat is written in... 技术细节 ...Injects a thread into "LSASS.EXE" and starts a listening server that provides a command shell on port 20168,... 来源: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.lovgate.d@mm.html  Backdoor.IRC.Ratsou.B 技术细节 ...LibParse.exe, a process viewer, clean. Lsass.exe, hacked mIRC32 client, detected as Backdoor.IRC.Ratsou.B.... ..."HID.EXE"="%System%HID.EXE" "lsass"="%Windir%DebugUserModelsass.exe"... ...extensions in HKEY_LOCAL_MACHINSoftwareClasses, which call %Windir%DebugUserModelsass.exe when chat files are opened.... 撤除指示 ...HID.EXE lsass Exit the Registry Editor.... 来源: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.ratsou.b.html  Hacktool.Asni 技术细节 ...When Hacktool.Asni is executed on a remote machine, it attempts to crash the LSASS.exe process, which handles some Windows log-on authentication tasks.... 来源: http://securityresponse.symantec.com/avcenter/venc/data/hacktool.asni.html  W32.Sasser.F.Worm 关于W32.Sasser.G ...This worm attempts to exploit the LSASS vulnerability described in Microsoft Security Bulletin MS04-011.... 威胁评估 ...Unpatched systems vulnerable to LSASS exploit - MS04-011. ... 技术细节 ...For example, 74354_up.exe. The Lsass.exe process will crash after the worm exploits the Windows LSASS vulnerability.... 撤除指示 ...following text in the Comment box: Delay Lsass.exe shutdown. Click OK.... 来源: http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.f.worm.html  W32.HLLW.Lovgate@mm 关于W32.Sasser.G ...XP, the worm will attempt to disguise itself as the normal Windows process, "LSASS.EXE." W32.HLLW.Lovgate@mm is written... 技术细节 ...If the worm detects the process, "LSASS.EXE," it will attempt to create a remote thread in that particular process and... ...Injects another thread into "LSASS.EXE", which starts a listening server that provides a command shell on port 20168... ...........................

呵呵 有意思