lsass.exe termination error

[Dusty]

Since upgrading from Windows 98 to Windows XP Pro, after
being connected to the internet for a short time, I get an
error message, Event ID #1074, win/sys32/lsass.exe
terminated unexpectedly w/status code -1073741819, the
system will restart. I am able to abort the shutdown from
a command prompt, but then cannot shutdown properly;
logging off takes me to a blue screen, the system hangs
and will not allow me to logon again. When I turn off the
system and reboot, I get a message on startup, LSA Shell
(export version) encountered a problem and needed to
close. A temp file, appcompat.txt is generated with every
error. The only info I can find points me to info about
the Sasser virus, which I've already checked for. I tried
to re-install XP with no change. What could be causing
this?

 

[NoNoBadDog!]

Lets see....

1. You connected to the internet without enabling the Windows firewall.

2. You also have no antivirus software installed.

3. You did not update your version of windows...if you had, the patch to
prevent infection from the SASSER worm would have been on your system (it's
been available for months).

The reason that your machine is infected is because of all of the above.
You must educate yourself on basic computer security.

Here's what you need to do now, in this exact order...

1. Disconnect the computer from the internet...If you have broadband,
physically disconnect the cable from the back of the computer.


2. Turn the computer on. When the message appears, START>Run>'Shutdown -a"

3. Enable the windows firewall. It is very rudimentary as firewalls go,
but it is better than nothing.

4. Install a reputable Antivirus program. You will have to update it after
re-connecting to the internet, and thereafter you MUST KEEP IT UPDATED.

5. Connect to the internet.

6. Update your antivirus software.

7. Run a scan and let the antivirus software will clean your system.

8. Connect to Windows Update and download ALL Critical downloads. Install
them. You may have to repeat this more than once in order to download and
install all Critical Updates.

9. Never, ever connect to the internet, even briefly, without having met
all of the above requirements.

You not only allowed you machine to be infected, but you turned it into a
tool that is/was looking for other unprotected computers to connect. It has
been recently announced that an unprotected computer can be infected in as
little as 40 seconds.

I would venture a bet that your computer has more than just the latest
variant of the SASSER worm.

Once you begin to practice basic computer security, you can become a
responsible "netizen"

Bobby

 

[Cari \(MS MVP\)]

There's another one of these in xp.accessability. You would have thought
they'd have learned by now! I'll leave it for you, your write up is so
good!

 

[Dusty]

I've downloaded a tool to check for the Sasser worm and
installed anti-virus software--neither of which found the
Sasser worm. Any other ideas?

 

[NoNoBadDog!]

Dusty;

It is a variant of the Sasser Worm, or possibly Blaster. I would
recommend that you Google for online Virus Scan and visit at least two
online scans. There may be new variants that the existing removal tool
cannot remove. At the very least, you do have some type of infection. If
all else fails, a format and reinstall will most certainly get rid of the
Virus. It is possible also that the virus is in a System Restore point. If
this is the case, you will have to turn off system restore, reboot, and then
turn on System Restore. You will lose all of the restore points that exist
on your computer.

Bobby