Readers like you help support MUO. When you make a purchase using links on our site, we may earn an affiliate commission. Read More.

Suddenly, a file started appearing in my startup programs: 'slass.exe'. When I searched it on Google, none of the methods of removal were for a casual user like me.

I want to mention that it is NOT lsass.exe which is a legitimate file, rather it is slass.exe which I am very much sure is a virus.

I have NOD32 installed, but even quick-scan takes hours and hours and due to power breakdowns I can't perform it. Also the Task Manager is gone. When I press CTRL + ALT + DEL it appears, but suddenly disappears. I am sure it is due to this file. It reappears if I remove it from startup using Auslogics BoostSpeed.

MAKEUSEOF VIDEO OF THE DAY
SCROLL TO CONTINUE WITH CONTENT

Tell me what to do, tell me some kind of registry fix or targeted method to get rid of it.

Osama
2011-10-03 10:46:00
Thanks for the suggestions guys, but luckily I got rid of that file using http://housecall.trendmicro.com/ online virus scanner. Even NOD32 and malwarebytes missed the file.
Jay
2011-10-03 04:35:00
Did you try system restore ?it will be the first thing I will do in this kind of situation.Why to worry much when you have a time machine.Just restore back to a date when pc was working fine.For safety, you can first create a restore point of today.when I googled and I found some Slass removal tools.google shows some slass removal tools, but I am not sure they will work or not.
Therin
2011-10-03 02:06:00
....or, download any Linux distribution and install an OS that cannot be infected by Microsoft Windows-based malware.
Therin
2011-10-03 02:14:00
Sarcasm aside, I do recommend Linux Mint or ZorinOS, both of which are based on Ubuntu but have much more 'Windows-esqe' interfaces to cut back on culture shock.  The above posters do indeed give what I would consider valid and complete suggestions to the malware infestation.Ubuntu is good and all, but the interface has changed once this year, is changing again this month, and maybe be different again next April.  Fun for me, but others do not find it so.
FIDELIS
2011-10-02 21:24:00
Hello, with regards to your task manager you can use Re-enable.  This is a program that is designed to repair damaged caused by virus, malware, etc.  It is very configurable and I have used it in the past with good results.  It comes in several versions, I would download the portable version.  Your first step would be to clean your system, and once it is cleaned, use reenable.http://www.tangosoft.co.uk/downloads.html If you want to try and cure your system in normal mode, you could try downloading the program on the link below.  What this program does, is kill the process/processes being used by the malware. As long as your computer does not get reestarted, the virus/malware should be inactive.   Just double click on the file and let it run.  It might take a few minutes until it tells you that the program is running.  Most times, when the program managed to kill the process/service from malware you will see your icons disappear.  Try to download the iExplore.exe program and run it.  The reason this file works most times is because if you have malware, it regularly uses internet explorer to communicate.  It that file does not work, try downloading the file with the .com or .scr extension:http://www.bleepingcomputer.com/download/anti-virus/rkillOnce the program is running, try opening your task manager.  If it still does not work as it should, use reenable to restore it.  If your icons are gone, you will have to open taskmanager to open programs.  -- open task manager-- click on file-- click on new task-- click on browse-- find the program you want open-- click on OKUsing the search function in your system, look for the slass.exe file/files and delete them.  If when you search for the file you find any entry to a specific program, make sure to delete the program also by using the  add/remove or by using revo uninstaller.Once all the entries are deleted, disable system restore.Go to the following link and download the portable version:http://www.superantispyware.com/Make sure to run a full scan and do not worry  to much if you can not update it because it is already up to date.  Make sure to delete all the entries found.  When that is done, get malwarebytes and run a full scan.  When scan is finished, delete any entries found.To make sure, there is no infections left, run another full scan with superantispyware.  If it comes clean, give a full scan with your antivirus of choice.  I would recommend getting the Bitdefender virus scanner on a cd/usb drive and start your computer from it.http://www.bitdefender.com/support/How-to-create-a-BitDefender-Rescue-CD-627.html 
2011-10-02 21:11:00
is it lsass.exe? 'Local Security Authentication Server)
Jeff Fabish
2011-10-02 19:45:00
First, create a restore point . Then Download Task Manager Fix which will install a new task manager. If TaskManagerFix doesn't restore your task manager, you may want to try the command " SFC /SCANNOW ". You should then be able to use Task Manager, if you can - Kill the process "slass.exe". Then delete slass.exe from "C:WindowsSystemsystem" It may have also create a process, check and see at the service manager (start -> run/search: "services.msc"), if you find it, right click on it and press "stop" and chose "properties", set the "startup type" to "disabled".At this point you should clear your TEMP folder in case it attempts to re-install itself. Go to start -> run/search and type "%Temp%" without quotes. Delete all files in that directory, if possible. Some files may be currently in use (reboot in safe mode to clear them).Go to your startup manager (start -> run/search: "msconfig" then go to the "Startup" tab) and disable it from startup.
Prevx has a signature [Broken Link Removed] against the file "slass.exe", so I would install it. Alternatively you may use AutoRuns or HiJackFree [Broken Link Removed] to disable these startup items (which have more capability).Make sure you have a Firewall installed and configured as well. Slass.exe will attempt to connect to the internet, do not allow it to. You can use Malwarebytes to scan your system. Once installed, update it and perform a full scan. With ESET, try scanning only the "C:Windows" folder.  Unfortunately slass is classified as a rootkit, so you can never be too sure that it is gone. I suggest a re-install (with any rootkit infection). You can get the MD5 hash of slass.exe so I can be sure that it's the same as the malware signatures. Try to upload this file to VirusTotal or NoVirusThanks [Broken Link Removed], if it does not upload, try to do so in Safe Mode With Networking .