It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


LSASJ.EXE from ATS alert (not a virus)

page: 1

log in


posted on Aug, 15 2011 @ 07:59 AM
There is an add or a process on this website that has tried to inject the LSASJ.EXE Trojan on my system from ATS.

I advise the administrators to find it and remove it.
edit on 16-8-2011 by SkepticOverlord because: (no reason given)

posted on Aug, 15 2011 @ 08:17 AM
It's entirely up to you, but it might help if we knew more information. It's a huge board. What forum were you in? We're you logged on to ATS at the time, lurking, did you actually click on an ad, etc.?

posted on Aug, 15 2011 @ 08:18 PM
reply to post by Maxmars

This was a virus that created a registry entry by exploiting "Windows Setup".
When your 'media fastclick' ad for the Travian Browser Game in Japanese appeared, the virus executed. I may have clicked on the ad by mistake.

posted on Aug, 15 2011 @ 08:21 PM
reply to post by ren1999

is it this one

\SureThing Shared\stllssvr.exe

posted on Aug, 15 2011 @ 08:28 PM
If the intrusion was 'blocked'... it may have just been triggered , or timed.... by one of your clicks on an ATS AD...

i know you've already gone to your 'System Restore' & cleaned all the attempted malware from your PC/Laptop

i've run into plenty of 'threats' here and other places, but investigation tends to point out that tracking crap is is the issue rather than CP crashing trogans TroJans....

best of luck....
edit on 15-8-2011 by St Udio because: (no reason given)

posted on Aug, 16 2011 @ 05:25 AM
I've run into this a lot on this site as well.

But when you point it out, you get told it's just your machine, not their servers.

...except that it only happens on ATS.


posted on Aug, 16 2011 @ 05:47 AM
reply to post by PrimePorkchop

Funny thing is, I have been a member here for over 4 years and NOT ONCE have I ever encountered a virus from this website. Considering I visit this website several times a day methinks it really IS users PC's that aren't properly protected, rather than ATS.

Learn to use Firewalls/Anti-virus/Anti-spyware properly people.

posted on Aug, 16 2011 @ 05:51 AM
I've been on and surfing now for over 12 hours

Nothing on my machine

Been to almost every forum

Interesting that it would be ATS and not hit my machine, don't you think?


posted on Aug, 16 2011 @ 06:16 AM
Just as I replied to another member who voiced a similar concern via the ATS contact@ email address:

We pay for a service which constantly scans both the servers and our ad
networks to ensure a safe, clean virus-free environment for our users.

The majority of 'fake fraud alerts', 'we scanned your system and found all
of these infections' come via email and often lie dormant .... awaiting a
random trigger point to activate them. The 'trigger point' can be anything
from a certain date/time to even waiting for your web browser to access a
given domain or URL.

This makes it quite difficult to determine their Actual point of origin,
which typically leaves the user to suspect they came from a particular
website or what have you.

My suggestion would be to download and run 'ComboFix'.
It is an anti-malware software designed specifically to detect and eradicate
these type 'faux infections' ... as well as any rootkits which may be present on the

You can download it from the following link:
This is a direct download link for ComboFix

Download and Save it to your desktop.
Then double-click the icon to run the program.
When asked if you wish to download/install the Windows Recovery Console,
you can but it's not necessary.

Other than that ... just follow the prompts ... nd allow it to run through
Thoroughly until you're presented with the log file it will creat upon

Depending upon the level or extent of 'infection' it may need to restart
your system and run again - LET IT.

You'll be back up and running, clean as a whistle, in about 20-30 minutes.

Let me know if you have any questions or need further assistance.


On a side note:

I'm on the site about 12-14 hrs a day and have never had any issues regarding attempted hijacks, downloads of malicious codes or software or anything else that would seem suspicious in nature.

Yet here I sit, for nearly the past year and a half, running virtually 'naked' on the web

Windows XP Pro
Absolutely NO anti-anything software
and Absolutely NO windows updates aside from Service Pack 2 (which came with this particular xp pro release)

I'm not going to tell anyone, "Oh. It must be your machine" ... but given all of the above you would think this machine would be but a mere paperweight by now - Nope ... runs like a champ.

Actually, I had to download the latest Combo Fix ver the other day to run on a client's PC.
So I decided, "What the hey!? I'll run it on mine too." If only for the lulz.
clean as a whistle, nothing was found nor detected.

edit on 8/16/2011 by 12m8keall2c because: (no reason given)

posted on Aug, 16 2011 @ 01:41 PM

After a through search of the Network security boards, I could find no information of a LSASJ executable. Not that it could not exist, but if it does it would be considered a "Zero day" virus...

Are you sure the EXE was not a LSASS.EXE.

"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC or server. Lsass generates the process responsible for authenticating users for the Winlogon service. This is performed by using authentication packages such as the default, Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates then inherit this token.

The lsass.exe file is located in the folder C:WindowsSystem32. If you find a file named that elsewhere on your computer the improperly located file may be a virus.

edit on 16-8-2011 by mileysubet because: (no reason given)

posted on Aug, 16 2011 @ 01:51 PM
reply to post by ren1999

There's no known virus/trojan/malware in the wild of that name. However, there is a lsass.exe process in windows that has often been confused with malware.

top topics


log in