lsass.exe takes cpu times for a few minutes
From: tomoseki (tomoseki_at_discussions.microsoft.com)
Date: 07/14/04
- Next message: Shenan Stanley: "Re: All processes eat too much memory (please no spyware removal advices)"
- Previous message: ProJee: "Re: All processes eat too much memory (please no spyware removal advices)"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 14 Jul 2004 02:04:01 -0700
Hi,
I posted this to security and administration group, but I had only one response so far.
Any advice are welcome.
Thanks,
Tomoki
-----------
When I logon to my XP Pro box, the logon process runs very slowly.
Taskmgr shows that lsass.exe takes up a lot of cpu cycle like 70-80% for a few minuites. During this, everything goes very slowly. After that, everything works fine.
Windows XP Pro SP1, all updates are applied.
The box is not in a domain.
NAV2003 is installed on the box, and scans the PC everyday. So, I don't think that it is affected by any viruses.
I looked into eventlog, but there is nothing special in application log and system log.
And when I logon to the box with other local accounts, it doesn't happen. Everything looks normal. Only my account seems affected.
I suspect that it's kind of a spyware or something like that, but I can't find any thing saying that how to fix this.
I was advised to install and scan spyware, so I did it.
I installed spybot and the latest rule, and scaned the box.
It found some tracing cookies, and registry settings (DSO Exploit and Alexa related).
I removed those things, but it doesn't change the situation.
I looked into task list again, and I found that one svchost.exe also take some cpu time. It looks like the svchost and lsass working together for something.
below is the output from tasklist.exe /svc :
svchost.exe 952 AudioSrv, Browser, CryptSvc, Dhcp, dmserver,
ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
HidServ, lanmanserver, lanmanworkstation,
Messenger, Netman, Nla, RasMan, Schedule,
seclogon, SENS, ShellHWDetection, srservice,
TapiSrv, TermService, Themes, TrkWks,
uploadmgr, W32Time, winmgmt, wuauserv, WZCSVC
Again, it only affects my local account.
Some more information.
I recently write some codes that use com+, com+ catalog, com+ events, com+ instruments, msmq, event tracing for windows.
Also, I applied group policy setting to disable windows messenger.
I don't remember anything else that likely affects the system behavior..
Any comments are welcome.
-------
Thanks,
tomoki
- Next message: Shenan Stanley: "Re: All processes eat too much memory (please no spyware removal advices)"
- Previous message: ProJee: "Re: All processes eat too much memory (please no spyware removal advices)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
