lsass.exe error which is not the sasser worm

[Guest]

My neighbor is having a problems which escapes me completely. His system
boots, starts Windows XP home edition, displays one error message and
automatically reboots.

Unlike the issues noted in this forum regarding sasser the start menu is
never made available prior to the reboot.

The message (which took several reboot cycles to read as it was so fast) was:

lsass.exe
When trying to update a password the return status indicates that the value
provided is not correct.

When attempting to use the XP CD to get to the Recovery Console we were
asked for a password. He'd never put a password on the system, so the system
ends up rebooting again.

Apparently this issue started on 12/31/04 at 6:00 p.m. Haven't found
anything regarding new viruses like this, so I thought I'd post here. Thanks
in advance for your help

 

[Guest]

I have the same problem. But I have a few more details:

I _was_ running WindowsXP Pro with SP2 and all current security updates.
Everything was fine untill Dec. 14th. Then, my system froze, I tried to
reboot, and nothing has been the same since.

At first, the system would reboot after flashing a blue screen that was so
fast, I actually had to snap a digital pitcure of it so I could read it. (I
couldn't even get safe mode to start; it would freeze on a blank screen with
no disk activity) The error was "Stop: c0000218 {Registry File Failure} The
registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE or
its log or alternate"

I followed the insructions in Microsoft Support Article 307545. I had to go
the Recovery Console route because I didn't make an ASR backup. After the
entire procedure was complete, I got Windows to start normaly..... ....or
so I thought.

The desktop started to load, and then I got the same error:
lsass.exe
When trying to update a password the return status indicates that the value
provided is not correct.

Once again, (using another system) I went to Microsoft Support, found
reference to that exact error, downloaded the sasser worm detection utility,
ran it on the system in question, and it says there is no sasser worm
detected.

I was then able to get the system to boot up by following the corrupted
registry recovery procedure again; but this time, I choose a much earlier
restore point. However, now when I to use System Restore to try and return
my system to normal, it goes through all the motions and then when the system
reboots, I get the message that System Restore was unable to complete the
process and that nothing was changed on my system. This happens no matter
which restore point I choose. Even as far back as 2002!

I decide to just burn to CD all of my critical documents and files, reformat
the hard drive, and start clean. But now my CD burner will not detect a disk
in the drive! The device manager shows that the device is functioning
normaly, and I've tried two new cables with the same results.

I'm getting a little frustrated.
Someone, please have an answer.
Thanks.

 

[Guest]

I have the same problem. But I have a few more details:

I _was_ running WindowsXP Pro with SP2 and all current security updates.
Everything was fine untill Dec. 14th. Then, my system froze, I tried to
reboot, and nothing has been the same since.

At first, the system would reboot after flashing a blue screen that was so
fast, I actually had to snap a digital pitcure of it so I could read it. (I
couldn't even get safe mode to start; it would freeze on a blank screen with
no disk activity) The error was "Stop: c0000218 {Registry File Failure} The
registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE or
its log or alternate"

I followed the insructions in Microsoft Support Article 307545. I had to go
the Recovery Console route because I didn't make an ASR backup. After the
entire procedure was complete, I got Windows to start normaly..... ....or
so I thought.

The desktop started to load, and then I got the same error:
lsass.exe
When trying to update a password the return status indicates that the value
provided is not correct.

Once again, (using another system) I went to Microsoft Support, found
reference to that exact error, downloaded the sasser worm detection utility,
ran it on the system in question, and it says there is no sasser worm
detected.

I was then able to get the system to boot up by following the corrupted
registry recovery procedure again; but this time, I choose a much earlier
restore point. However, now when I to use System Restore to try and return
my system to normal, it goes through all the motions and then when the system
reboots, I get the message that System Restore was unable to complete the
process and that nothing was changed on my system. This happens no matter
which restore point I choose. Even as far back as 2002!

I decide to just burn to CD all of my critical documents and files, reformat
the hard drive, and start clean. But now my CD burner will not detect a disk
in the drive! The device manager shows that the device is functioning
normaly, and I've tried two new cables with the same results.

I'm getting a little frustrated.
Someone, please have an answer.
Thanks.

 

[Guest]

Kuritsu

Thanks for your update on this problem. Your detailed account is very close
to the issue they're having.

I ran the sasser removal to no avail. Additionally booted from their Norton
CD and scanned with no viruses found (newest Norton as they renewed back in
Nov). They too have kept up with the latest patches, as the system is used
to manage their Boiler Repair company. Fortunately they've made backups on a
weekly basis.

Trying to get to the recovery console we were consistently blocked as we
were asked for the password. As they've never set a password on the system
we've been frozen at that point, and cannot even follow procedures for the
recovery console.

Unlike your issue with the CD, theirs is still currently functional.
Otherwise your problem sounds very similar. Unfortunately they cannot find
their restore CDs that came with their system (no name box that came with
XP). If we could I would wipe the system as well and re-install.

 

[Guest]

Pcsdir

I have solved the problem (supposedly), but I don't think it will be
possible for you to apply the same solution. I booted directly from the
Windows XP Pro CD and performed a repair installation. [Booting directly
from the CD is also how I managed to get to the recovery console.] Since it
sounds like your friends are the victims of the dreaded "OEM Installation", I
doubt that they were given the original CD with their system.

I will have to say though, the overall situation is not completly resolved.
After performing the repair installation, I have regained the ability to burn
CDs, but there still is a host of things wrong.

Since I had to originally choose a rather old restore point to just get the
desktop up without the lsass.exe error, a lot of my programs that were
installed after that point in time, no longer function.

This restore point is also early enough to be pre SP2 and all current
security updates. However, when I try to run Windows Update from the Start
menu, nothing happens. I went to the Windows Support site and tried Windows
Update from there, but it tries to install the new version of Windows Update
and feezes at the end of the install.

I'm still going forward with a reformat and clean installation of XP. It
seems that I have no other choice.

Good luck to you and solving your friends problem. It may take the purchase
of an original copy of XP to get back to a reliable system. Hope not.