TechRepublic|Forums|Windows

Windows

General discussion

  • Creator
    Topic
  • November 4, 2004 at 5:43 am #2276593

    Win XP Restart Error – lsass.exe

    Locked

    by lee32 · about 18 years, 4 months ago

    Hi,
    I’m looking for an option other than “reinstall the OS” for this problem. Please note the items I’ve tried already.

    System is a Dell Dimension 4400, P4 @ 1.7GHz. OS=WinXP Home Edition w/ all patches and SP2, Firewall=ZoneAlarm Pro w/ latest updates, Norton AV w/ latest definition file.

    I’m receiving the “System is shutting down in 60 seconds” message due to lsass.exe terminating unexpectedly during power on.

    Things I’ve tried so far…
    1) I used the F8 option to boot up in Safe Mode but the same shutdown error is displayed.
    2) Also tried booting with the last known good configuration but received the same error.
    3) The START button isn’t displayed when the error occurs so no way to start another program.
    4) I used another PC to create 6 boot diskettes (the sick machine isn’t configured to boot from a CD) and started the Recovery Console on the sick PC. Using the Recovery Console command prompt I copied a good lsass.exe file from the other PC over to the sick PC in c:\windows\system32. This didn’t correct the error.

    No idea how this machine got infected but I’d appreciate a suggestion on how to fix it!
    Thanks!

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Comments

  • Author
    Replies
    • November 4, 2004 at 7:11 am #3294786

      Reply To: Win XP Restart Error – lsass.exe

      by darts32 · about 18 years, 4 months ago

      In reply to Win XP Restart Error – lsass.exe

      Sasser worm I believe.

      http://tinyurl.com/23592 – Symantec site.

    • November 4, 2004 at 7:35 am #3295463

      Reply To: Win XP Restart Error – lsass.exe

      by jamesrl · about 18 years, 4 months ago

      In reply to Win XP Restart Error – lsass.exe

      My understanding of Sasser is that it comes through a networking vulnerability, which should be eliminated by SP2, so the good news is that once you are cleaned, you should not be re-infected.

      Here is my attempt at a step by step.

      1. Turn off system restore. This will wipe out your old restore points, but otherwise your risk not cleaning it from those older files and potentially re-infecting yourself.

      2. Get a standalone cleaner like Stinger – from McAfee.com and free. When I mean standalone, I mean an app which can run in safe mode because it doesn’t rely on dlls that don’t start up in safe mode. I put stinger on a CD for this purpose.

      3. Boot into safe mode(no networking) and clean with Stinger.

      4. Reboot, run your virus and spyware checkers just to be safe.

      5. Re check your updates to ensure you have them all.

      Good luck.

      James

    • November 4, 2004 at 12:37 pm #3295298

      Reply To: Win XP Restart Error – lsass.exe

      by dustyd · about 18 years, 4 months ago

      In reply to Win XP Restart Error – lsass.exe

      To gain more time for removal procedures, look at the TechRepublic article:
      http://techrepublic.com.com/5100-22_11-5234679.html?tag=search

      or at Microsoft’s suggestion here:
      http://www.microsoft.com/security/incident/sasser_printxp.asp

    • November 4, 2004 at 2:57 pm #3295242

      Reply To: Win XP Restart Error – lsass.exe

      by petitjc · about 18 years, 4 months ago

      In reply to Win XP Restart Error – lsass.exe

      You have a virus my friend…

    • November 5, 2004 at 12:37 am #3295169

      Reply To: Win XP Restart Error – lsass.exe

      by rindi1 · about 18 years, 4 months ago

      In reply to Win XP Restart Error – lsass.exe

      The quickest way to remove sasser would probably be to remove your disk from your PC, jumper it to be slave, put it in a sasser-free, virus-free, System-Restore disabled, desktop PC. You should then be able clean that disk from sasser. Be sure to follow the links to microsoft and symantec mentioned in the above answers. If after that you can boot your original PC without the system restarting (make sure you have disconnected any cables that would allow an internet connection, like USB Modem, Ethernet etc.). Now make sure system restore is disabled and repeat the sasser removal steps from above, just to make sure.

      • November 5, 2004 at 11:41 pm #3296261

        Reply To: Win XP Restart Error – lsass.exe

        by lee32 · about 18 years, 4 months ago

        In reply to Reply To: Win XP Restart Error – lsass.exe

        Thanks for the suggestion. I moved the drive from the sick PC into a good PC after configuring it as a slave. Running Norton & McAfee AV routines confirmed the drive was virus free. I reinstalled the drive into the original machine and using the 6 XP boot disks followed the instructions at: http://www.tunexp.com/faqs/windows_xp_crashed_heres_help/

        This allowed me to manually rebuild the OS without losing any data. Back up and running again!

    • November 5, 2004 at 11:41 pm #3296260

      Reply To: Win XP Restart Error – lsass.exe

      by lee32 · about 18 years, 4 months ago

      In reply to Win XP Restart Error – lsass.exe

      This question was closed by the author

  • Author
    Replies
Viewing 5 reply threads