Windows

General discussion

Gravatar
Locked

Win XP Restart Error - lsass.exe

By Lee32 ·
Hi,
I'm looking for an option other than "reinstall the OS" for this problem. Please note the items I've tried already.

System is a Dell Dimension 4400, P4 @ 1.7GHz. OS=WinXP Home Edition w/ all patches and SP2, Firewall=ZoneAlarm Pro w/ latest updates, Norton AV w/ latest definition file.

I'm receiving the "System is shutting down in 60 seconds" message due to lsass.exe terminating unexpectedly during power on.

Things I've tried so far...
1) I used the F8 option to boot up in Safe Mode but the same shutdown error is displayed.
2) Also tried booting with the last known good configuration but received the same error.
3) The START button isn't displayed when the error occurs so no way to start another program.
4) I used another PC to create 6 boot diskettes (the sick machine isn't configured to boot from a CD) and started the Recovery Console on the sick PC. Using the Recovery Console command prompt I copied a good lsass.exe file from the other PC over to the sick PC in c:\windows\system32. This didn't correct the error.

No idea how this machine got infected but I'd appreciate a suggestion on how to fix it!
Thanks!

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
+ Follow this Discussion ·
| Thread display: Collapse - | Expand +

All Comments

gravatar
Collapse -

by darts32 In reply to Win XP Restart Error - ls ...

Sasser worm I believe.

http://tinyurl.com/23592 - Symantec site.

gravatar
Collapse -

by darts32 In reply to

Here's a tool to remove it.

http://tinyurl.com/1x4v

Also see the Microsoft Security Bulletin MS04-011.

http://tinyurl.com/4j7th

gravatar
Collapse -

by Lee32 In reply to

Thanks for taking to time to reply to my question. This didn't help solve my problem because the error message is posted during power-up before the START button is available so I can't run the removal tool. The only command prompt I've been able to access is the Recovery Console which has limited function.

gravatar
Collapse -

by JamesRL In reply to Win XP Restart Error - ls ...

My understanding of Sasser is that it comes through a networking vulnerability, which should be eliminated by SP2, so the good news is that once you are cleaned, you should not be re-infected.

Here is my attempt at a step by step.

1. Turn off system restore. This will wipe out your old restore points, but otherwise your risk not cleaning it from those older files and potentially re-infecting yourself.

2. Get a standalone cleaner like Stinger - from McAfee.com and free. When I mean standalone, I mean an app which can run in safe mode because it doesn't rely on dlls that don't start up in safe mode. I put stinger on a CD for this purpose.

3. Boot into safe mode(no networking) and clean with Stinger.

4. Reboot, run your virus and spyware checkers just to be safe.

5. Re check your updates to ensure you have them all.

Good luck.

James

gravatar
Collapse -

by dustyD In reply to Win XP Restart Error - ls ...

To gain more time for removal procedures, look at the TechRepublic article:
http://techrepublic.com.com/5100-22_11-5234679.html?tag=search

or at Microsoft's suggestion here:
http://www.microsoft.com/security/incident/sasser_printxp.asp

gravatar
Collapse -

by petitjc In reply to Win XP Restart Error - ls ...

You have a virus my friend...

gravatar
Collapse -

by rindi1 In reply to Win XP Restart Error - ls ...

The quickest way to remove sasser would probably be to remove your disk from your PC, jumper it to be slave, put it in a sasser-free, virus-free, System-Restore disabled, desktop PC. You should then be able clean that disk from sasser. Be sure to follow the links to microsoft and symantec mentioned in the above answers. If after that you can boot your original PC without the system restarting (make sure you have disconnected any cables that would allow an internet connection, like USB Modem, Ethernet etc.). Now make sure system restore is disabled and repeat the sasser removal steps from above, just to make sure.

gravatar
Collapse -

by Lee32 In reply to

Thanks for the suggestion. I moved the drive from the sick PC into a good PC after configuring it as a slave. Running Norton & McAfee AV routines confirmed the drive was virus free. I reinstalled the drive into the original machine and using the 6 XP boot disks followed the instructions at: http://www.tunexp.com/faqs/windows_xp_crashed_heres_help/

This allowed me to manually rebuild the OS without losing any data. Back up and running again!

gravatar
Collapse -

by Lee32 In reply to Win XP Restart Error - ls ...

This question was closed by the author

Back to Windows Forum
9 total posts (Page 1 of 1)  

Start or search

Related Discussions

Related Forums