What is slass.exe and how to remove it?

Osama Javaid October 2, 2011
Pinterest Stumbleupon Whatsapp
Ads by Google

Suddenly, a file started appearing in my startup programs: ‘slass.exe’. When I searched it on Google, none of the methods of removal were for a casual user like me.

I want to mention that it is NOT lsass.exe which is a legitimate file, rather it is slass.exe which I am very much sure is a virus.

I have NOD32 installed, but even quick-scan takes hours and hours and due to power breakdowns I can’t perform it. Also the Task Manager is gone. When I press CTRL + ALT + DEL it appears, but suddenly disappears. I am sure it is due to this file. It reappears if I remove it from startup using Auslogics BoostSpeed.

Tell me what to do, tell me some kind of registry fix or targeted method to get rid of it.

  1. Osama
    October 3, 2011 at 10:46 am

    Thanks for the suggestions guys, but luckily I got rid of that file using http://housecall.trendmicro.com/ online virus scanner. Even NOD32 and malwarebytes missed the file.

  2. Jay
    October 3, 2011 at 4:35 am

    Did you try system restore ?
    it will be the first thing I will do in this kind of situation.
    Why to worry much when you have a time machine.
    Just restore back to a date when pc was working fine.
    For safety, you can first create a restore point of today.
    when I googled and I found some Slass removal tools.
    google shows some slass removal tools, but I am not sure they will work or not.

  3. Therin
    October 3, 2011 at 2:06 am

    ....or, download any Linux distribution and install an OS that cannot be infected by Microsoft Windows-based malware.

    • Therin
      October 3, 2011 at 2:14 am

      Sarcasm aside, I do recommend Linux Mint or ZorinOS, both of which are based on Ubuntu but have much more 'Windows-esqe' interfaces to cut back on culture shock.  The above posters do indeed give what I would consider valid and complete suggestions to the malware infestation.

      Ubuntu is good and all, but the interface has changed once this year, is changing again this month, and maybe be different again next April.  Fun for me, but others do not find it so.

  4. FIDELIS
    October 2, 2011 at 9:24 pm

    Hello, with regards to your task manager you can use Re-enable.  This is
    a program that is designed to repair damaged caused by virus, malware,
    etc.  It is very configurable and I have used it in the past with good
    results.  It comes in several versions, I would download the portable
    version.  Your first step would be to clean your system, and once it is
    cleaned, use reenable.

    http://www.tangosoft.co.uk/downloads.html

    If you want to try and cure your system in normal mode, you could try
    downloading the program on the link below.  What this program does, is
    kill the process/processes being used by the malware. As long as your
    computer does not get reestarted, the virus/malware should be inactive.  
    Just double click on the file and let it run.  It might take a few
    minutes until it tells you that the program is running.  Most times,
    when the program managed to kill the process/service from malware you
    will see your icons disappear.  Try to download the iExplore.exe program
    and run it.  The reason this file works most times is because if you
    have malware, it regularly uses internet explorer to communicate.  It
    that file does not work, try downloading the file with the .com or .scr
    extension:

    http://www.bleepingcomputer.com/download/anti-virus/rkill

    Once the program is running, try opening your task manager.  If it still
    does not work as it should, use reenable to restore it.  If your icons
    are gone, you will have to open taskmanager to open programs. 

    -- open task manager

    -- click on file

    -- click on new task

    -- click on browse

    -- find the program you want open

    -- click on OK

    Using the search function in your system, look for the slass.exe
    file/files and delete them.  If when you search for the file you find
    any entry to a specific program, make sure to delete the program also by
    using the  add/remove or by using revo uninstaller.

    Once all the entries are deleted, disable system restore.

    Go to the following link and download the portable version:

    http://www.superantispyware.com/

    Make sure to run a full scan and do not worry  to much if you can not
    update it because it is already up to date.  Make sure to delete all the
    entries found.  When that is done, get malwarebytes and run a full
    scan.  When scan is finished, delete any entries found.

    To make sure, there is no infections left, run another full scan with
    superantispyware.  If it comes clean, give a full scan with your
    antivirus of choice.  I would recommend getting the Bitdefender virus
    scanner on a cd/usb drive and start your computer from it.

    http://www.bitdefender.com/support/How-to-create-a-BitDefender-Rescue-CD-627.html

     

  5. Anonymous
    October 2, 2011 at 9:11 pm

    is it lsass.exe? 'Local Security Authentication Server)

  6. Jeff Fabish
    October 2, 2011 at 7:45 pm

    First, create a restore point. Then Download Task Manager Fix which will install a new task manager. If TaskManagerFix doesn't restore your task manager, you may want to try the command "SFC /SCANNOW". You should then be able to use Task Manager, if you can - Kill the process "slass.exe". Then delete slass.exe from "C:WindowsSystemsystem" It may have also create a process, check and see at the service manager (start -> run/search: "services.msc"), if you find it, right click on it and press "stop" and chose "properties", set the "startup type" to "disabled".

    At this point you should clear your TEMP folder in case it attempts to re-install itself. Go to start -> run/search and type "%Temp%" without quotes. Delete all files in that directory, if possible. Some files may be currently in use (reboot in safe mode to clear them).

    Go to your startup manager (start -> run/search: "msconfig" then go to the "Startup" tab) and disable it from startup. Prevx has a signature against the file "slass.exe", so I would install it. Alternatively you may use AutoRuns or HiJackFree to disable these startup items (which have more capability).

    Make sure you have a Firewall installed and configured as well. Slass.exe will attempt to connect to the internet, do not allow it to. You can use Malwarebytes to scan your system. Once installed, update it and perform a full scan. With ESET, try scanning only the "C:Windows" folder.  

    Unfortunately slass is classified as a rootkit, so you can never be too sure that it is gone. I suggest a re-install (with any rootkit infection). You can get the MD5 hash of slass.exe so I can be sure that it's the same as the malware signatures. 
    Try to upload this file to VirusTotal or NoVirusThanks, if it does not upload, try to do so in Safe Mode With Networking.

Ads by Google