LSASS.EXE Terminated Unexpectedely Code 1073741819

R

Robert J. Rando

HELP!! System Shutting down after 10 min with "LSASS.EXE Terminated
Unexpectedly with status Code 1073741819". I've run the Microsoft Malicious
Software tool and it doesn't detect the W32.Sasser.E.Worm. I've tried the
Symantec tool as well but the system shuts down before it is complete. I've
compared this to my other system and the Registry entries for LSASS.EXE are
exactly the same. My other system is fine. I have tried virtually every
suggestion I have found on the Web and still no resolution.

Any suggestions? Bob
 
R

Rick \Nutcase\ Rogers

Hi,

It's a worm. When the message appears, click start/run and type
"shutdown -a" (without the quotes) to halt it and then download some up to
date Antivirus scanning software.

Free virus removal tools:

http://vil.nai.com/vil/stinger/
http://www.emsisoft.com/en/
http://free.grisoft.com/doc/8/lng/us/tpl/v5/nid/3001#3001
http://www.f-secure.com/download-purchase/tools.shtml

Also, you may use this free on-line scanner:
http://housecall.trendmicro.com/

Symantec also distributes many free removal tools that are virus-specific:
http://securityresponse.symantec.com/avcenter/tools.list.html

Many are best run in Safe mode to minimize interference. Most will resist
removal in normal mode where they are active.

How to start in Safe mode:
http://www.rickrogers.org/fixes.htm#Safe mode

Emergency system tools:
http://www.dougknox.com/xp/utils/xp_emerutils.htm

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org
 
R

Robert J. Rando

Rick....Most times it freezes up first with STOP:C000021a Windows Logon
Process System Process Terminated unexpectedly with a status of 0xC0000005.
I turned off Automatically Restart in Startup and Recovery. one t9ime I was
working in a program and at the 10 minute mark the error message LSASS.EXE
Terminated Unexpectedly Code 1073741819 showed up in a small box for 60
seconds and then came the stop message. How do I get the system to show me
the LSASS.EXE terminated message so I can click start/run within 60 seconds
before the system locks up>
I've logged on in Safe Mode and the system still shuts down after 10
minutes. If I do the shutdown -a in safe mode will the system stay up?

Thanks, Bob
 
D

David H. Lipman

From: "Rick "Nutcase" Rogers" <[email protected]>

| Hi,
|
| It's a worm. When the message appears, click start/run and type
| "shutdown -a" (without the quotes) to halt it and then download some up to
| date Antivirus scanning software.
|
| Free virus removal tools:
|
| http://vil.nai.com/vil/stinger/
| http://www.emsisoft.com/en/
| http://free.grisoft.com/doc/8/lng/us/tpl/v5/nid/3001#3001
| http://www.f-secure.com/download-purchase/tools.shtml
|
| Also, you may use this free on-line scanner:
| http://housecall.trendmicro.com/
|
| Symantec also distributes many free removal tools that are virus-specific:
| http://securityresponse.symantec.com/avcenter/tools.list.html
|
| Many are best run in Safe mode to minimize interference. Most will resist
| removal in normal mode where they are active.
|
| How to start in Safe mode:
| http://www.rickrogers.org/fixes.htm#Safe mode
|
| Emergency system tools:
| http://www.dougknox.com/xp/utils/xp_emerutils.htm
|

Rick:

You have listed various AV software which may find such worms as; W32/Radebot.worm ,
W32/Plexus , W32/Gaobot.worm and W32/Reatle that Exploit the LSASS Buffer Overflow
Vulnberability via TCP port 445, but you left out the most important part. Exploitation
mitigation.

The patch associated with KB835732 is not mentioned. Nor is using either a software
FireWall or a NAT Router. If these are NOT used the user will just get re-infected or just
keep on getting the message...

NT AUTHORITY\SYSTEM
'c:\windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819
 
D

David H. Lipman

From: "Robert J. Rando" <[email protected]>

| Rick....Most times it freezes up first with STOP:C000021a Windows Logon
| Process System Process Terminated unexpectedly with a status of 0xC0000005.
| I turned off Automatically Restart in Startup and Recovery. one t9ime I was
| working in a program and at the 10 minute mark the error message LSASS.EXE
| Terminated Unexpectedly Code 1073741819 showed up in a small box for 60
| seconds and then came the stop message. How do I get the system to show me
| the LSASS.EXE terminated message so I can click start/run within 60 seconds
| before the system locks up>
| I've logged on in Safe Mode and the system still shuts down after 10
| minutes. If I do the shutdown -a in safe mode will the system stay up?
|

Disconnect the PC from the Internet.
Download the patch and place it on media such as CDROM, USB Flash, etc.
With the PC disconnected from the Internet install the patch.

I would also assume that you are NOT using WinXP SP2. You must patch the system, scan the
system with the tool I provided you and when the PC is known to be clean, install WinXP SP2
and all post SP2 patches. I also suggest a Cable/DSL Router. If you had used one to begin
with you wouldn't be experiencing these problems.
 
R

Robert J. Rando

David,
What is a NAT router and where do I get one? I believe I got this virus
installing a corrupted
system download exe 0of SpyDoctor of all things.
________________________________________________________________________________
You have listed various AV software which may find such worms as;
W32/Radebot.worm ,
 
D

David H. Lipman

From: "yakuza" <[email protected]>

|
| ||
| You could try a System Restore to a time previous to when the problem
| occured.
|

It would NOT work. W/o patching the system and/or implementing a FireWall and mitigating
the exploitation code then he would still be getting the shutdown in 60 secs.
 
K

Kadaitcha Man

In
David H. Lipman said:
It would NOT work. W/o patching the system and/or implementing a
FireWall and mitigating the exploitation code then he would still be
getting the shutdown in 60 secs.
Click to expand...

Yeah? You reckon? You useless ****ing tit.
 
G

Guest

HI robert... I got 1 file that you need to install ofline then your problem
will be gone ,too bad I dunno how to load the file in here ,so if u need it
just drop me a mail and i will attach to you.remember to put your name Robert
in it ya cos i usually dun reply to strangers .
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

LSASS.EXE terminates 3
LSASS.EXE Terminated Unexpectedely Code 1073741819 15
lsass.exe 2
Microsoft .NET Framework update leads to virus-like symptoms? 1
Microsoft .NET Famework 2
lsass.exe terminated 3
Lsass.exe automatic shutdown UPON STARTUP 4
The system process 'C:\windows/system32\lsass.exe' error 2

Top