It is intended to assist business collaboration and communication particularly for small groups of people. The utility loads when the computer is started up and is automatically set up when Microsoft Office 2007 is installed. However, this program is not uninstalled when Office 2007 is uninstalled. To get rid of GrooveMonitor from a system, go to the computer’s control panel then select Add/Remove programs and uninstall it.

Some types of malware come in the form of groovemonitor.exe especially if located in C:\Windows\System32 folder. It is therefore important to check your PC’s GrooveMonitor Utility process to verify that it is not a virus, Trojan, worm or spyware. It is possible to use Security Task Manager Software to check if your computer is secure. Whenever errors occur, the process is typically launched. On Windows XP, GrooveMonitor utility occupies about 31016 bytes of the hard disk. Because it is not a system file for windows, it starts up when windows begins. Its rate for technical security is approximately 36 percent dangerous.

GrooveMonitor utility runs in the background and is not malicious to files but includes file sync options on the drop down menu that appears when you right click. Groovemonitor.exe is allied with Microsoft Office 2007 and is part of Grove 2007 business communication application for small groups. The process uses excess memory and system resources and it is therefore wise to disable it in order to improve the overall performance of the system. PC Pitstop Optimize can be used to remove the process to make your system faster and efficient. Disabling the start up of GrooveMonitor utility does not affect the Grove usability.

To identify the groovemonitor.exe file, run a comprehensive scan. This will help you tell whether it is a genuine file or malware. It is located in registry under a string value of ‘HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run’. The file is located in C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe. The version of this utility is 4.2.0.2623 while its part number is 2623. Originally, the file is known as Groovemonitor.exe but its internal filename is GrooveMonitor. To detect any security risks with this file, run a spyware scan and to optimize PC Settings, run a free Performance Scan. The start up type of GrooveMonitor begins automatically with a RunOnce, Run RunServices or RunServicesOnce registry entry.

It authorizes whether users can log on to a Windows computer or server, and creates access tokens. These tokens encapsulate the file’s security descriptor, which contains the necessary information to process user access. It also writes to the Security Log in Microsoft Windows which contains records of login/logout activity and/or other security-related events specified by the system’s auditing policy. When you press Ctrl + Alt + Del, you can access the Windows Task Manager. The Task Manager displays the processes running on your computer at that moment in time. Some of these processes are native to the Operating System (meaning that they are needed for the OS to perform smoothly), other processes are loaded on startup but are third party applications, and then there are the programs which you have opened. Lsass.exe is a needed process as described above for the continued operation of Windows. If something happens to it, Windows will crash and stop working. There should only be 1 process named Lsass.exe (Note that I’m writing lsass.exe with a capital L for you to understand which process I’m referring to since there is lsass.exe which is the legitimate process and isass.exe written with a capital ‘i’ which appears the same as Lsass.exe with a small L when running on your computer). This is because the font used to display processes doesn’t do a nudge on the capital ‘i’. If you notice two processes there’s a strong possibility that this is a virus, unfortunately.

Why do I have 2 processes named lsass.exe running in my Windows Task Manager?

The Sasser Worm was a worm virus that was specifically created to take advantage of a design vulnerability in versions of LSASS that were found in Windows 2000 and Windows XP. There are patches available for download on the internet. Essentially, the worm would make use of LSASS to create what is known as a buffer overrun. This buffer overrun would make it possible for the worm to use the system resources to spread to other machines on the network. Once a computer is infected with the isass.exe Sasser worm, it could quickly propagate to any other computers that were connected to the same network. So you should make sure to check all your computers just to make sure and be safe.

Several threats have been attributed to it including worms, Trojans and viruses of different characteristics in view of the anti-spyware mechanism employed by one’s computer. This process is said to have originated in Portugal and Sweden. As of now, the makers of this product remain unknown.

Statistics are damning where isass.exe is concerned. Out of the more than one hundred and fifty seven cases attributed to this process, all but two were found to be actual threats. This gives a high security assessment of ninety-nine per cent hence implying that one cannot afford to ignore any signs that this process even exists. To ensure that the product spreads, the makers have deliberately changed only the initial letter from the original name lsass.exe, which is an important security process.

Isass.exe is usually invisible and one will find it very hard to describe and locate it in the system. Even though it is invisible, it is lethal to one’s computer in a number of ways. It can connect to the Internet by itself, record inputs and monitor the operations of all applications in use on the computer. It may also delete some vital program files including key system programs. It may also interfere with the logging in or out from the system in addition to resisting efforts to boost one’s computer through repetitive warning messages. It can therefore seriously compromise the security settings of the computer.

Although isass.exe operates alone, it also has the capacity to attract many dangerous parasites in the form of programs, software and processes. It can therefore act as a launching pad for other worms to invade not only the computer system but also individual components of one’s computer. It is normally installed and run by Pahatia, which is a very dangerous virus agent.

Should one suspect an outbreak of this worm, they need to run a thorough scan on the system. If detected, it should be deleted immediately in addition to anything that had already been corrupted by it. If deleting is not enough, then anti virus programs should be launched to eradicate it completely. These programs can be downloaded from the Internet or from authorized antivirus dealers.