Memory Leaks and Missing Reg Keys

[Guest]

Every now and then my PC seems to have a few issues. This seems to be a
memory leak issue regarding Lsass.exe and svchost.exe. I realise these are
system processes and have been, in the past used by malware. However I
regularly clean my machine and run anti malware programs. During the latest
"attack" I was writing to a DVD and thought this was the reason for the
slowdown. My CPU usage was topped out (100%) and lsass.exe appeared to be
hogging most of that. I closed the DVD writer down and the "attack"
continued. I opened regmon and filemon and lsass was being very repetitive:
RegMon:-
HKLM\SAM\SAM\DOMAINS\Account\Users\000003EF\V - Querying
HKLM\SECURITY\Policy\SecDesc\(Default) BUFFER OVERFLOW
....among others

FileMon:-
1. C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred SUCCESS Options:
Open Sequential Access: All
2. OPEN C:\Documents and Settings\<Username>\Application
Data\Microsoft\Protect\S-1-5-21-1384128032-3379435263-1629665760-1007\Preferred
3. C:\Documents and Settings\<Username>\Local Settings\Temp
....among others

I have a high spec machine that in the most part runs fine but every now and
then I have this issue. I have read about NT servers and the like having
similar issues but not much on the Win XP Pro Platform. I do run a couple of
programming environments and am wondering if this could be the issue is
anyone else having a similar issue.

Any help would be great,

Cheers,
Alistair

 

[Ron Martell]

Every now and then my PC seems to have a few issues. This seems to be a
memory leak issue regarding Lsass.exe and svchost.exe. I realise these are
system processes and have been, in the past used by malware. However I
regularly clean my machine and run anti malware programs. During the latest
"attack" I was writing to a DVD and thought this was the reason for the
slowdown. My CPU usage was topped out (100%) and lsass.exe appeared to be
hogging most of that. I closed the DVD writer down and the "attack"
continued.

<snip>

What are the specific anti malware programs that you use? There are a
number of these that are in fact malware themselves. Check out your
antispyware products using Eric Howes' list of rogue/suspect products
at http://www.spywarewarrior.com/rogue_anti-spyware.htm

You should also get a "second opinion" by doing a free online scan at
one of the following sites:
Bit Defender http://www.bitdefender.com/scan8/ie.html
Trend Micro http://housecall.trendmicro.com
Kaspersky Online Scanner http://www.kaspersky.com/virusscanner
Panda ActiveScan http://www.pandasoftware.com/activescan
WindowSecurity.com TrojanScan http://windowssecurity.com/trojanscan
Webroot http://www.webroot.com/


Your report indicates that the problem is with CPU usage and therefore
looking for a "memory leak" related solution is not likely to be
productive. An actual memory leak would result in increasing memory
usage by a specific task or process.

Good luck

Ron Martell Duncan B.C. Canada
--
Microsoft MVP (1997 - 2006)
On-Line Help Computer Service
http://onlinehelp.bc.ca

"Anyone who thinks that they are too small to make a difference
has never been in bed with a mosquito."