Lsassl.exe

[L.W. \(Bill\) Hughes III \(Microsoft\)]

Hi All,
A look through your subjects told me I'll probably have toe format my
Wife's Hewitt Packard Pavilion ze4500 notebook with Windows XP Home or
Pro.(?) It just restarts and restarts displaying a same systems error:
LSASS.EXE. Tried restoring to the last registry, via the it's F12 to no
avail. But according to:
http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99&tabid=2
that's been destroyed, anyway. No Windows disk came with the notebook, new.
So knowing I have a backup registry file on it's drive, I tried booting from
a Win98se CD disk I'd made, but I still can't see the directory of C drive.
Is that because of the incompatibility between the two operating systems? Or
do I just need to find a XP boot CD?
Thanks in Advance, Bill
mailto:[email protected] http://www.billhughes.com/

 

[Malke]

Hi All,
A look through your subjects told me I'll probably have toe format my
Wife's Hewitt Packard Pavilion ze4500 notebook with Windows XP Home or
Pro.(?) It just restarts and restarts displaying a same systems error:
LSASS.EXE. Tried restoring to the last registry, via the it's F12 to no
avail. But according to:
http://www.symantec.com/security_response/writeup.jsp?docid=2004-100519-0947-99&tabid=2
that's been destroyed, anyway. No Windows disk came with the notebook, new.
So knowing I have a backup registry file on it's drive, I tried booting from
a Win98se CD disk I'd made, but I still can't see the directory of C drive.
Is that because of the incompatibility between the two operating systems? Or
do I just need to find a XP boot CD?

You can't see the files from your boot disk because the XP partition is
formatted NTFS. If you want to rescue data on your wife's machine, you
can do it in several ways:

1. Pull the drive and slave it in a computer running a working install
of XP. Depending on the target drive's characteristics, you may need a
drive adapter; i.e., laptop-to-IDE or a SATA controller card, etc. A
usb/firewire external drive enclosure works very well, too. Use the
working Windows Explorer to copy the data to the rescue system's hard
drive and then burn the data to cd or dvd.

2. Often XP will not boot with a slaved drive that has a damaged file
system. In that case, boot the target computer with either a Bart's PE
or a Linux live cd such as Knoppix and retrieve the data that way. Here
is general information on using Knoppix for this:

You will need a computer with two cd drives, one of which is a cd/dvd-rw
OR a usb thumb drive with enough capacity to hold your data OR an
external usb/firewire hard drive formatted FAT32 (not NTFS). To get
Knoppix, you need a computer with a fast Internet connection and
third-party burning software. Download the Knoppix .iso and create your
bootable cd. Then boot with it and it will be able to see the Windows
files. If you are using the usb thumb drive or the external hard drive,
right-click on its icon (on the Desktop) to get its properties and
uncheck the box that says "Read Only". Then click on it to open it. Note
that the default mouse action in the window manager used by Knoppix
(KDE) is a single click to open instead of the traditional MS Windows'
double-click. Otherwise, use the K3b burning program to burn the files
to cd/dvd-r's.

http://www.knoppix.net
http://www.nu2.nu/pebuilder/ - Bart's PE Builder

As for returning your wife's computer to factory condition, most HP's
have a hidden partition on the hard drive with a restore image. Pressing
some key such as F10 as the computer starts up will get you to the
factory restore process. Refer to the laptop manual or to HP's tech
support site for the specific model machine. All modern HP's that have a
hidden partition-based factory image also have the ability to create
physical restore disks. It's too late to do this now, but after you
restore the machine to factory condition I suggest you do this.

Alternatively, contact HP for replacement restore disks. They will not
be very expensive.


Malke

 

[L.W. \(Bill\) Hughes III]

Hi Malke,
Thanks muches. I bought the CD via http://www.knoppix.net at:
http://www.spotmau.com/products/package/full.htm?gclid=COqivrHX_4sCFRAkggodwHmIzQ I
have the dual DVD burners, and the ISO program, but the thought of trying to
make Hughes.net satellite dish download seven hundred megabytes was
excruciating, shoulda never quite COX. FYI the F10 just loaded a corrupt
file without prompt, with now usual lsass.exe error message floating across
the screen like a screen saver.
Thanks again, Bill
mailto:[email protected] http://www.billhughes.com/

 

[Malke]

Hi Malke,
Thanks muches. I bought the CD via http://www.knoppix.net at:
http://www.spotmau.com/products/package/full.htm?gclid=COqivrHX_4sCFRAkggodwHmIzQ I
have the dual DVD burners, and the ISO program, but the thought of trying to
make Hughes.net satellite dish download seven hundred megabytes was
excruciating, shoulda never quite COX. FYI the F10 just loaded a corrupt
file without prompt, with now usual lsass.exe error message floating across
the screen like a screen saver.

You're welcome. When you get Knoppix, post back if you need help using
it. Get your wife's data off and restore the machine to factory condition.

Malke

 

[L.W. \(Bill\) Hughes III]

Will do.
God Bless America, Bill
mailto:[email protected] http://www.billhughes.com/

 

[L.W. \(Bill\) Hughes III]

Hi Malke,
An update. I ran PowerSuite from Spotmau, and could see C drive. and I
thought I deleted C:\Windows\System32\ del lsass.exe, anyway the file didn't
come up like if the file is not there. Tried to boot to safe mode command,
and it wrote I couldn't as these files were missing:
Windows\system32\ntoskrnl.exe
Windows\system32\hal.dll
Windows\system32 \kdcom.dll
Windows\system32 \bootvid.dll
Windows\system32\comfig\system
Windows\system32\system.alt
Searched: http://search.microsoft.com/search.aspx?mkt=en-US&setlang=en-US
for any replacement, but they wouldn't allow me to download I guess because
I was using Win98se. Meanwhile I found an XP Home installation disk and
tried to use it's recovery. And it renamed the directors and started loading
XP and jammed finding the corrupt lasass.exe file, that I thought I'd
deleted. So I've spent hours trying to find that file to no avail, It's not
in either of the system32 directories. During this I did find my Wife's
important stuff at: C:\docume~1\nancyh~1\mydocu~1\*.* but was unable to copy
it with just the CD drive booting it, and no floppies, and no way to boot my
Iomega on LT1. I am now waiting for a new 100 Gig drive, that at least half
will be formatted with a REAL OS, and a USB backup drive that maybe
PowerSuite will boot and save my wife's info.
Thanks for your concern, Bill
mailto:[email protected] http://www.billhughes.com/

 

[Peter Foldes]

With what you have posted as missing and the symptoms that you have described I would strongly suggest a brand new CLEAN re-install of your system

 

[L.W. \(Bill\) Hughes III]

Yup, a reformat and Win98se install.
God Bless America, Bill O|||||||O
mailto:[email protected] http://www.billhughes.com/


With what you have posted as missing and the symptoms that you have
described I would strongly suggest a brand new CLEAN re-install of your
system

 

[L.W. \(Bill\) Hughes III]

Hi Malke & Peter,
We're up and running again, bought an eighty gig drive, which I loaded
with the original files I just bought on six CDs from HP, that took the XP
numbers taped to the notebook. And an "EZ-UP Universal USB2.0 EZGig Data
Trans that excepted my wife's old drive, which of course let be search it's
files for C:\i386\system32\lsass.exe and let me transfer "My Documents" with
all her school work, that she was very proud of. The EZ-UP also came with a
disk cloning thing that'll make hard drives a little easier to change in the
future.
God Bless America, Bill O|||||||O
mailto:[email protected] http://www.billhughes.com/

 

[Malke]

Hi Malke & Peter,
We're up and running again, bought an eighty gig drive, which I loaded
with the original files I just bought on six CDs from HP, that took the XP
numbers taped to the notebook. And an "EZ-UP Universal USB2.0 EZGig Data
Trans that excepted my wife's old drive, which of course let be search it's
files for C:\i386\system32\lsass.exe and let me transfer "My Documents" with
all her school work, that she was very proud of. The EZ-UP also came with a
disk cloning thing that'll make hard drives a little easier to change in the
future.

Glad you got it sorted. Thanks for taking the time to let us know. BTW,
next time you post don't include your real, unmunged email address. It
will get harvested by spambots and you'll get even more spam. Here's a
link that explains that:

http://www3.telus.net/dandemar/munad.htm - how to munge email address


Malke

 

[L.W. \(Bill\) Hughes III]

Hi Malke,
I did panic when I saw after a clean install, the
Windows\system\lsass.exe was still there, but apparently the Trojan starts
by rewriting it, for which it's named.
Thanks for your advice, but I've been using my name and address, since I
log on to Prodigy in '86, AOL in '90 then with their access to the internet
in '93. That's what my parent taught me, to take responsibility for myself,
and that starts with becoming a man, listed in the telephone book. You may
see I use it all the news groups:
http://groups.google.com/group/rec....p+willys&q=billhughes@&qt_g=Search+this+group
Of course it draws out the jealous cowards that use remailers, trying to
slander me, to no avail. Fortunately news.cox.net, and teranews.com block
them so I don't see them. I get very few spams, about one a day, mostly
Viagra, they probably get my address from another place (ISP?) that would
know I'm 65.
God Bless America, Bill O|||||||O
mailto:[email protected] http://www.billhughes.com/