Readers like you help support MUO. When you make a purchase using links on our site, we may earn an affiliate commission. Read More.
Suddenly, a file started appearing in my startup programs: 'slass.exe'. When I searched it on Google, none of the methods of removal were for a casual user like me.
I want to mention that it is NOT lsass.exe which is a legitimate file, rather it is slass.exe which I am very much sure is a virus.
I have NOD32 installed, but even quick-scan takes hours and hours and due to power breakdowns I can't perform it. Also the Task Manager is gone. When I press CTRL + ALT + DEL it appears, but suddenly disappears. I am sure it is due to this file. It reappears if I remove it from startup using Auslogics BoostSpeed.
Tell me what to do, tell me some kind of registry fix or targeted method to get rid of it.
2011-10-03 10:46:00
Thanks for the suggestions guys, but luckily I got rid of that file using http://housecall.trendmicro.com/ online virus scanner. Even NOD32 and malwarebytes missed the file.
2011-10-03 04:35:00
Did you try system restore ?it will be the first thing I will do in this kind of situation.Why to worry much when you have a time machine.Just restore back to a date when pc was working fine.For safety, you can first create a restore point of today.when I googled and I found some Slass removal tools.google shows some slass removal tools, but I am not sure they will work or not.
2011-10-03 02:06:00
....or, download any Linux distribution and install an OS that cannot be infected by Microsoft Windows-based malware.
2011-10-03 02:14:00
Sarcasm aside, I do recommend Linux Mint or ZorinOS, both of which are based on Ubuntu but have much more 'Windows-esqe' interfaces to cut back on culture shock. The above posters do indeed give what I would consider valid and complete suggestions to the malware infestation.Ubuntu is good and all, but the interface has changed once this year, is changing again this month, and maybe be different again next April. Fun for me, but others do not find it so.
2011-10-02 21:24:00
Hello, with regards to your task manager you can use Re-enable. This is a program that is designed to repair damaged caused by virus, malware, etc. It is very configurable and I have used it in the past with good results. It comes in several versions, I would download the portable version. Your first step would be to clean your system, and once it is cleaned, use reenable.http://www.tangosoft.co.uk/downloads.html If you want to try and cure your system in normal mode, you could try downloading the program on the link below. What this program does, is kill the process/processes being used by the malware. As long as your computer does not get reestarted, the virus/malware should be inactive. Just double click on the file and let it run. It might take a few minutes until it tells you that the program is running. Most times, when the program managed to kill the process/service from malware you will see your icons disappear. Try to download the iExplore.exe program and run it. The reason this file works most times is because if you have malware, it regularly uses internet explorer to communicate. It that file does not work, try downloading the file with the .com or .scr extension:http://www.bleepingcomputer.com/download/anti-virus/rkillOnce the program is running, try opening your task manager. If it still does not work as it should, use reenable to restore it. If your icons are gone, you will have to open taskmanager to open programs. -- open task manager-- click on file-- click on new task-- click on browse-- find the program you want open-- click on OKUsing the search function in your system, look for the slass.exe file/files and delete them. If when you search for the file you find any entry to a specific program, make sure to delete the program also by using the add/remove or by using revo uninstaller.Once all the entries are deleted, disable system restore.Go to the following link and download the portable version:http://www.superantispyware.com/Make sure to run a full scan and do not worry to much if you can not update it because it is already up to date. Make sure to delete all the entries found. When that is done, get malwarebytes and run a full scan. When scan is finished, delete any entries found.To make sure, there is no infections left, run another full scan with superantispyware. If it comes clean, give a full scan with your antivirus of choice. I would recommend getting the Bitdefender virus scanner on a cd/usb drive and start your computer from it.http://www.bitdefender.com/support/How-to-create-a-BitDefender-Rescue-CD-627.html
2011-10-02 21:11:00
is it lsass.exe? 'Local Security Authentication Server)
2011-10-02 19:45:00
First,
create a restore point
. Then Download
Task Manager Fix
which will install a new task manager. If TaskManagerFix doesn't restore your task manager, you may want to try the command "
SFC /SCANNOW
". You should then be able to use Task Manager, if you can - Kill the process "slass.exe". Then delete slass.exe from "C:WindowsSystemsystem" It may have also create a process, check and see at the service manager (start -> run/search: "services.msc"), if you find it, right click on it and press "stop" and chose "properties", set the "startup type" to "disabled".At this point you should clear your TEMP folder in case it attempts to re-install itself. Go to start -> run/search and type "%Temp%" without quotes. Delete all files in that directory, if possible. Some files may be currently in use (reboot in safe mode to clear them).Go to your startup manager (start -> run/search: "msconfig" then go to the "Startup" tab) and disable it from startup.
Prevx
has a signature [Broken Link Removed] against the file "slass.exe", so I would install it. Alternatively you may use
AutoRuns
or HiJackFree [Broken Link Removed] to disable these startup items (which have more capability).Make sure you have a
Firewall
installed and configured as well. Slass.exe will attempt to connect to the internet, do not allow it to. You can use
Malwarebytes
to scan your system. Once installed, update it and perform a full scan. With ESET, try scanning only the "C:Windows" folder. Unfortunately slass is classified as a rootkit, so you can never be too sure that it is gone. I suggest a re-install (with any rootkit infection). You can
get the MD5 hash
of slass.exe so I can be sure that it's the same as the malware signatures. Try to upload this file to
VirusTotal
or NoVirusThanks [Broken Link Removed], if it does not upload, try to do so in
Safe Mode With Networking
.