A common technique that spyware, adwares, viruses, keyloggers etc use to hide from users is to drop files on the system that use the same name as a legitimate file but in a different folder. WinDir.lsass is a warning that there is a file named lsass.exe located in %WinDir% on your system. The legitimate lsass.exe file is located in %SystemDir%. You might want to analyse %WinDir%\lsass.exe to verify it is something that you really want on your system. Do not delete %WinDir%\lsass.exe unless you are 100% sure it is a threats. Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000). Note: %SystemDir% is a variable (?). By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP). Manual removal Please follow the instructions below if you would like to remove WinDir.lsass manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If WinDir.lsass remains on your system after stepping through the removal instructions, please double-check by stepping through them again. Do not delete %WinDir%\lsass.exe unless you are 100% sure it is a threats. Start your computer in safe mode. Start Windows Explorer and delete: %WinDir%\lsass.exe Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000). My computer is way faster than that it just gives me the wrong info

Pretty sure %WinDir% is the Directory that windows is in. Can be anything but usually c:/windows. Similar with %SystemDir% would be normally /system subdirectory. Might be wrong on that but as above there are a lot of stinkers out there. Be sure to protect your system with good AV and firewall and get latest patches.