LSASS.EXE Terminated Unexpectedely Code 1073741819

  • Thread starter Thread starter Robert J. Rando
  • Start date Start date
R

Robert J. Rando

HELP!! System Shutting down after 10 min with "LSASS.EXE Terminated
Unexpectedly with status Code 1073741819". I've run the Microsoft Malicious
Software tool and it doesn't detect the W32.Sasser.E.Worm. I've tried the
Symantec tool as well but the system shuts down before it is complete. I've
compared this to my other system and the Registry entries for LSASS.EXE are
exactly the same. My other system is fine. I have tried virtually every
suggestion I have found on the Web and still no resolution.

Any suggestions? Bob
 
Hi,

It's a worm. When the message appears, click start/run and type
"shutdown -a" (without the quotes) to halt it and then download some up to
date Antivirus scanning software.

Free virus removal tools:

http://vil.nai.com/vil/stinger/
http://www.emsisoft.com/en/
http://free.grisoft.com/doc/8/lng/us/tpl/v5/nid/3001#3001
http://www.f-secure.com/download-purchase/tools.shtml

Also, you may use this free on-line scanner:
http://housecall.trendmicro.com/

Symantec also distributes many free removal tools that are virus-specific:
http://securityresponse.symantec.com/avcenter/tools.list.html

Many are best run in Safe mode to minimize interference. Most will resist
removal in normal mode where they are active.

How to start in Safe mode:
http://www.rickrogers.org/fixes.htm#Safe mode

Emergency system tools:
http://www.dougknox.com/xp/utils/xp_emerutils.htm

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org
 
Rick....Most times it freezes up first with STOP:C000021a Windows Logon
Process System Process Terminated unexpectedly with a status of 0xC0000005.
I turned off Automatically Restart in Startup and Recovery. one t9ime I was
working in a program and at the 10 minute mark the error message LSASS.EXE
Terminated Unexpectedly Code 1073741819 showed up in a small box for 60
seconds and then came the stop message. How do I get the system to show me
the LSASS.EXE terminated message so I can click start/run within 60 seconds
before the system locks up>
I've logged on in Safe Mode and the system still shuts down after 10
minutes. If I do the shutdown -a in safe mode will the system stay up?

Thanks, Bob
 
From: "Rick "Nutcase" Rogers" <[email protected]>

| Hi,
|
| It's a worm. When the message appears, click start/run and type
| "shutdown -a" (without the quotes) to halt it and then download some up to
| date Antivirus scanning software.
|
| Free virus removal tools:
|
| http://vil.nai.com/vil/stinger/
| http://www.emsisoft.com/en/
| http://free.grisoft.com/doc/8/lng/us/tpl/v5/nid/3001#3001
| http://www.f-secure.com/download-purchase/tools.shtml
|
| Also, you may use this free on-line scanner:
| http://housecall.trendmicro.com/
|
| Symantec also distributes many free removal tools that are virus-specific:
| http://securityresponse.symantec.com/avcenter/tools.list.html
|
| Many are best run in Safe mode to minimize interference. Most will resist
| removal in normal mode where they are active.
|
| How to start in Safe mode:
| http://www.rickrogers.org/fixes.htm#Safe mode
|
| Emergency system tools:
| http://www.dougknox.com/xp/utils/xp_emerutils.htm
|

Rick:

You have listed various AV software which may find such worms as; W32/Radebot.worm ,
W32/Plexus , W32/Gaobot.worm and W32/Reatle that Exploit the LSASS Buffer Overflow
Vulnberability via TCP port 445, but you left out the most important part. Exploitation
mitigation.

The patch associated with KB835732 is not mentioned. Nor is using either a software
FireWall or a NAT Router. If these are NOT used the user will just get re-infected or just
keep on getting the message...

NT AUTHORITY\SYSTEM
'c:\windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819
 
From: "Robert J. Rando" <[email protected]>

| Rick....Most times it freezes up first with STOP:C000021a Windows Logon
| Process System Process Terminated unexpectedly with a status of 0xC0000005.
| I turned off Automatically Restart in Startup and Recovery. one t9ime I was
| working in a program and at the 10 minute mark the error message LSASS.EXE
| Terminated Unexpectedly Code 1073741819 showed up in a small box for 60
| seconds and then came the stop message. How do I get the system to show me
| the LSASS.EXE terminated message so I can click start/run within 60 seconds
| before the system locks up>
| I've logged on in Safe Mode and the system still shuts down after 10
| minutes. If I do the shutdown -a in safe mode will the system stay up?
|

Disconnect the PC from the Internet.
Download the patch and place it on media such as CDROM, USB Flash, etc.
With the PC disconnected from the Internet install the patch.

I would also assume that you are NOT using WinXP SP2. You must patch the system, scan the
system with the tool I provided you and when the PC is known to be clean, install WinXP SP2
and all post SP2 patches. I also suggest a Cable/DSL Router. If you had used one to begin
with you wouldn't be experiencing these problems.
 
David,
What is a NAT router and where do I get one? I believe I got this virus
installing a corrupted
system download exe 0of SpyDoctor of all things.
________________________________________________________________________________
You have listed various AV software which may find such worms as;
W32/Radebot.worm ,
 
From: "yakuza" <[email protected]>

|
| ||
| You could try a System Restore to a time previous to when the problem
| occured.
|

It would NOT work. W/o patching the system and/or implementing a FireWall and mitigating
the exploitation code then he would still be getting the shutdown in 60 secs.
 
In
David H. Lipman said:
It would NOT work. W/o patching the system and/or implementing a
FireWall and mitigating the exploitation code then he would still be
getting the shutdown in 60 secs.
Click to expand...

Yeah? You reckon? You useless ****ing tit.
 
HI robert... I got 1 file that you need to install ofline then your problem
will be gone ,too bad I dunno how to load the file in here ,so if u need it
just drop me a mail and i will attach to you.remember to put your name Robert
in it ya cos i usually dun reply to strangers .
 
Back
Top