G
Guest
Every now and then my PC seems to have a few issues. This seems to be a
memory leak issue regarding Lsass.exe and svchost.exe. I realise these are
system processes and have been, in the past used by malware. However I
regularly clean my machine and run anti malware programs. During the latest
"attack" I was writing to a DVD and thought this was the reason for the
slowdown. My CPU usage was topped out (100%) and lsass.exe appeared to be
hogging most of that. I closed the DVD writer down and the "attack"
continued. I opened regmon and filemon and lsass was being very repetitive:
RegMon:-
HKLM\SAM\SAM\DOMAINS\Account\Users\000003EF\V - Querying
HKLM\SECURITY\Policy\SecDesc\(Default) BUFFER OVERFLOW
....among others
FileMon:-
1. C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred SUCCESS Options:
Open Sequential Access: All
2. OPEN C:\Documents and Settings\<Username>\Application
Data\Microsoft\Protect\S-1-5-21-1384128032-3379435263-1629665760-1007\Preferred
3. C:\Documents and Settings\<Username>\Local Settings\Temp
....among others
I have a high spec machine that in the most part runs fine but every now and
then I have this issue. I have read about NT servers and the like having
similar issues but not much on the Win XP Pro Platform. I do run a couple of
programming environments and am wondering if this could be the issue is
anyone else having a similar issue.
Any help would be great,
Cheers,
Alistair
memory leak issue regarding Lsass.exe and svchost.exe. I realise these are
system processes and have been, in the past used by malware. However I
regularly clean my machine and run anti malware programs. During the latest
"attack" I was writing to a DVD and thought this was the reason for the
slowdown. My CPU usage was topped out (100%) and lsass.exe appeared to be
hogging most of that. I closed the DVD writer down and the "attack"
continued. I opened regmon and filemon and lsass was being very repetitive:
RegMon:-
HKLM\SAM\SAM\DOMAINS\Account\Users\000003EF\V - Querying
HKLM\SECURITY\Policy\SecDesc\(Default) BUFFER OVERFLOW
....among others
FileMon:-
1. C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred SUCCESS Options:
Open Sequential Access: All
2. OPEN C:\Documents and Settings\<Username>\Application
Data\Microsoft\Protect\S-1-5-21-1384128032-3379435263-1629665760-1007\Preferred
3. C:\Documents and Settings\<Username>\Local Settings\Temp
....among others
I have a high spec machine that in the most part runs fine but every now and
then I have this issue. I have read about NT servers and the like having
similar issues but not much on the Win XP Pro Platform. I do run a couple of
programming environments and am wondering if this could be the issue is
anyone else having a similar issue.
Any help would be great,
Cheers,
Alistair