lsass.exe - access denied

[udz2002]

I am receiving the following message when I boot the computer:

lsass.exe - access denied

a process has requested access to an object, but has not been granted
those access rights.

I have:
1) Ran F-Prot virus scan via Hiren's Boot CD v7.9 [found FormatC@troj,
Munga.D, W32/Dialer.BSK) deleted infected files.
2) Restored lsass.exe (windows\system32) with the XP CD

Any ideas?

 

[YoKenny]

I am receiving the following message when I boot the computer:

lsass.exe - access denied

a process has requested access to an object, but has not been granted
those access rights.

I have:
1) Ran F-Prot virus scan via Hiren's Boot CD v7.9 [found FormatC@troj,
Munga.D, W32/Dialer.BSK) deleted infected files.
2) Restored lsass.exe (windows\system32) with the XP CD

Any ideas?

Download then install and update Ewido Security Suite then update it with
its latest definition files.
http://www.ewido.net/en

Boot into Safe Mode by continually tapping F8 at boot up.

Run Ewido and have it remove what it found.

 

[David H. Lipman]

From: <[email protected]>

| I am receiving the following message when I boot the computer:
|
| lsass.exe - access denied
|
| a process has requested access to an object, but has not been granted
| those access rights.
|
| I have:
| 1) Ran F-Prot virus scan via Hiren's Boot CD v7.9 [found FormatC@troj,
| Munga.D, W32/Dialer.BSK) deleted infected files.
| 2) Restored lsass.exe (windows\system32) with the XP CD
|
| Any ideas?

Assuming one of those Trojans or viruses replaced LSASS.EXE, then when you replaced
LSASS.EXE from the XP CD you may have installed the WRONG version.

For example you might have WinXP SP2 installed on your PC but the CDROM may may WinXP Gold
or WinXP SP1 on it and therefore the LSASS.EXE you copid off of the CDROM to the PC is not
the right version.

 

[udz2002]

only problem is, i cannot boot in safe mode either!

 

[David H. Lipman]

From: <[email protected]>

| only problem is, i cannot boot in safe mode either!

Then you'll have to boot into the Recovery Console or boot from a DOS Boot Disk with
NTFS4DOS.

Otherwise you will have to do a Repair Install.

 

[Snowsquall]

I am receiving the following message when I boot the computer:

lsass.exe - access denied

a process has requested access to an object, but has not been granted
those access rights.

I have:
1) Ran F-Prot virus scan via Hiren's Boot CD v7.9 [found FormatC@troj,
Munga.D, W32/Dialer.BSK) deleted infected files.
2) Restored lsass.exe (windows\system32) with the XP CD

Any ideas?

I see you found the Munga Trojan. As you mentioned FormatC@troj and
Munga.D. When I google munga trojan format c I get a lot of interesting
information.
Apparantly there have been different variants of a trojan called Munga. It
originally was a batch file then an exe file then it became more complex.
But it all did the same thing: attempt to format your hard drive and make
your date irrecoverable. Hope that has not happened to you but if you can
find someone who knows DOS (disk operating system not denial of service} you
can find if your data is still on your hard disk. What my concern is that
the data may be overwritten and hard to recover if the trojan is as nasty as
it claims to be. You had a dialer too and I wonder if the hacker wanted to
wipe your hard drive in order to cover his tracks once the dialer has been
used.
I do not seem very helpful but if you find that you are not stung with a big
phone bill and your data if safe you will be a very happy camper. But it
goes to show how important it is to keep your computer safe. Years ago to
have a disk formated the destructive way such as creating bad sectors would
cost the person mega bucks to get a new computer. Today it is much cheaper
to replace the harddisk and/or the computer but one could still stand to
lose mega bucks through hefty phone bills from dialers. All the more reason
to practise safe computing.