General discussion


What is the file: lsass.exe?

By chelly24 ·
I am trying to help a friend fix his computer..
after the windows xp page loads, it tries to go to the desk top, but stops due to this error "lsass.exe". Below in the box, it mentions about the password, and that it could not be changed. Is this the sasser virus? I cannot get to the gui interface or a command line to fdisk, or do a reinstallation of the OS. Further more, his computer has no backup software or reinstall software with it. His comp. is a HP pavilion desktop, and I cannot do anything in its current state. what can I do to get to a command prompt? and how do I go about it? If anyone can help me with this I would really apreciate it.


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by willcomp In reply to What is the file: lsass. ...

If it's Sasser worm, computer does an auto 60 second restart. If no restart, then not Sasser. From your description, doesn't sound like Sasser.

LSASS is the local security authority service and validates user logons. It is an integral part of Win 2000 and Win XP.

Try booting into safe mode and log on as administrator (probably no password). You may be able to change passwords and/or add another user with NO PASSWORD. Then restart normally and log on as the new user.

If you have, or can get, a Windows XP Home CD, try booting from the CD and doing a repair installation (not recovery console). If repair install is not an option, then abort installation (press F3).

Post back with more info after trying these.

Collapse -

by chelly24 In reply to

Poster rated this answer.
sorry, the info was good, but can't use it..
Remember, I cant boot at all, the comp wont do it from a disk or cd, or from the softwareon the comp.. My friend was using shared files with Win MX, is this program similiar to Kazaa in that Kazaa has 5 trojan horses by defaul, ifso, my friend disabled sharing, and it started messing with his pc..I need to get to a command prompt, but cannot..none of the F8 options can access anyting because of the password prompt..
pls help me, sorry this sounds like its very complicated, but if there is something I can do hardware wise, then maybe that is the way to go..

Collapse -

by ls_scs In reply to What is the file: lsass. ...

Windows has a vulnerablity based on lsass and there are a number of worms that take advantage of it. You will probably have to handle the worm and the vulnerability. Check the Symantec Web site - do a search on "lsass" to find info relating to the worms. (Understand you can't boot that pc, do the research on another pc.) After you get semi-functional, be sure to do all the Windows Updates from the Microsoft update site.

To BOOT you need to do 2 things: 1) Find the Win XP CD and put in the CD drive. 2) Change the CMOS so that the PC boots from the CD before it tries to boot from the hard drive. Look during the boot sequence for what key to press to get into CMOS. Often it is the delete key, or F2 or F10. When you get into CMOS find where you can change the boot sequence, and change it to boot from the CD first.

Then boot from the XP CD and try to repair from there.

Collapse -

by willcomp In reply to What is the file: lsass. ...

WinMX does not have adawre/spyware associated with KaZaa and others. Could have picked anything up over a P2P network though.

Try changing boot sequence as described in above response, and then try repair install. In order to fix anything at this point, you either have to boot from an XP Home CD or remove hard drive and connect it to another PC running XP Home or Pro.

Having the luxury of multiple PCs, including one configured for drive testing, I usually pull drive, connect it to test bench PC, and run a virus scan before trying anything else. You might connect the drive to your computer and test. But, before you do, make sure you have effective, up-to-date anti-virus software installed and running on your PC.

Good luck.

Collapse -

by willcomp In reply to

What is exact error message?

Collapse -

by jason9177 In reply to What is the file: lsass. ...

HP Pavilion series has a built in partition to restore it back to factory settings.
Press F10 when u see the HP logo if i'm not wrong or readup on the user manual.

note that all data on disk will be loss.

Collapse -

by neuber In reply to What is the file: lsass. ...

Related Discussions

Related Forums