Sasser Complications

  • Thread starter Thread starter aaron
  • Start date Start date
A

aaron

Hello.

I am working on a friend's computer, he is running Windows
XP SP 1...and not all updates installed.

He was infected with the Sasser worm, so we downloaded the
available critical updates, and in the process of
installing them, the worm restarted his machine.

Now upon rebooting, after the OS-loading screen, but before
a user logon screen, I get this message:

--------------------

lsass.exe-Unable to locate component

This application has failed to start because LSASRV.dll was
not found. Re-installing the application may fix the problem.

--------------------

Once I click ok...I am left with a blank "windows blue"
screen with no options or availability to do anything. No
keyboard shortcuts or commands will bring about any
response. Not sure what to do now.

Any help would be greatly appreciated. Thank you.
 
aaron said:
Hello.

I am working on a friend's computer, he is running Windows
XP SP 1...and not all updates installed.

He was infected with the Sasser worm, so we downloaded the
available critical updates, and in the process of
installing them, the worm restarted his machine.

Now upon rebooting, after the OS-loading screen, but before
a user logon screen, I get this message:

--------------------

lsass.exe-Unable to locate component

This application has failed to start because LSASRV.dll was
not found. Re-installing the application may fix the problem.

--------------------

Once I click ok...I am left with a blank "windows blue"
screen with no options or availability to do anything. No
keyboard shortcuts or commands will bring about any
response. Not sure what to do now.

Any help would be greatly appreciated. Thank you.
Click to expand...

You should have enabled the XP firewall before connecting the computer to
the internet.
See the link below.
http://www.microsoft.com/security/incident/sasser_printxp.mspx
--

Michael Stevens MS-MVP XP
(e-mail address removed)
http://michaelstevenstech.com
For a better newsgroup experience. Setup a newsreader.
http://michaelstevenstech.com/outlookexpressnewreader.htm
 
RIGHT.

I read that article after (unfortunately) the fact. I am
not familiar with Sasser, nor consider myself a "windows
expert". I just do my updates on time and am behind a
firewall...and not techno-phobic like my friend...hence why
I'm trying to help.

Anyhow...I believe the purpose of the messages boards is to
assist finding a solution to the problem stated. I'm not
sure how your answer fulfilled that purpose at all.
 
Michael,

Thank for your time and providing the link. I did click
on the link and read the article. However...

The computer 'locks up' before it even reaches the user
log on screen. So when the article you referred me to
suggests using the task bar, turning on the firewall,
undoing system restore...I understand all of those
points...but I cannot access ANY of those things, as the
Lsass.exe component is unable to be located
even...preventing me from being able to log into windows.

If you have any further advice, I would be very open and
humbly receptive to it.

Thank you.
 
aaron said:
Michael,

Thank for your time and providing the link. I did click
on the link and read the article. However...

The computer 'locks up' before it even reaches the user
log on screen. So when the article you referred me to
suggests using the task bar, turning on the firewall,
undoing system restore...I understand all of those
points...but I cannot access ANY of those things, as the
Lsass.exe component is unable to be located
even...preventing me from being able to log into windows.

If you have any further advice, I would be very open and
humbly receptive to it.

Thank you.
Click to expand...

Yes, I will try again.
If your computer starts to shut down,
follow these steps to abort any system shutdown that may be in progress.

1.
On the taskbar at the bottom of your screen, click Start, and then
click Run.

2.
Type: cmd and then click OK.

3.
At the command prompt, type: shutdown.exe -a and then press ENTER.

If you had time to type your reply, you had time to read the prior
instructions I provided.

--

Michael Stevens MS-MVP XP
(e-mail address removed)
http://michaelstevenstech.com
For a better newsgroup experience. Setup a newsreader.
http://michaelstevenstech.com/outlookexpressnewreader.htm
 
You can try a few things:
try booting into safe mode and doing a system restore to a
previous point.
try booting into last good know configuration.

while booting up keep pressing f8 until the options come
up.

if these dont work you are going to probably have to do a
repair install of xp.
 
Michael Stevens said:
Yes, I will try again.
If your computer starts to shut down,
follow these steps to abort any system shutdown that may be in progress.

1.
On the taskbar at the bottom of your screen, click Start, and then
click Run.

2.
Type: cmd and then click OK.

3.
At the command prompt, type: shutdown.exe -a and then press ENTER.

If you had time to type your reply, you had time to read the prior
instructions I provided.

--

Michael Stevens MS-MVP XP
(e-mail address removed)
http://michaelstevenstech.com
For a better newsgroup experience. Setup a newsreader.
http://michaelstevenstech.com/outlookexpressnewreader.htm
Click to expand...

Oh.........., If it locks up before you can get to the start button
disconnect the computer from the internet as was originally suggested in
step #1.
--

Michael Stevens MS-MVP XP
(e-mail address removed)
http://michaelstevenstech.com
For a better newsgroup experience. Setup a newsreader.
http://michaelstevenstech.com/outlookexpressnewreader.htm
 
Thank you for another reply.

I may not be communicating the complication of my problem
very clearly...I apologize.

Here's my problem...my computer shut down...when it came
back up...it will NOT load into Windows...it stops just
before the user log on screen.

Therefore, I am unable to access my task bar, the start
button, the run command, or to input the suggested
command into the run line. I can not access windows at
all. This is the problem I cannot get around. If I could
get into windows...I'd be fine...but the computer won't
even let me sign into the account...all that is on my
screen is a "windows blue" screen...not a dos blue screen
of death...but like part of windows is loaded, but not
fully. Most likely because of the aforementioned error
message which says: "This application has failed to start
because LSASRV.dll was not found."

Something else that might help clarify, I'm researching
and writing these posts from MY machine, my friends
machine is the one with the problem...sitting next to my
machine. Sorry if this caused any confusion.
 
anonymous said:
Thank you for another reply.

I may not be communicating the complication of my problem
very clearly...I apologize.

Here's my problem...my computer shut down...when it came
back up...it will NOT load into Windows...it stops just
before the user log on screen.

Therefore, I am unable to access my task bar, the start
button, the run command, or to input the suggested
command into the run line. I can not access windows at
all. This is the problem I cannot get around. If I could
get into windows...I'd be fine...but the computer won't
even let me sign into the account...all that is on my
screen is a "windows blue" screen...not a dos blue screen
of death...but like part of windows is loaded, but not
fully. Most likely because of the aforementioned error
message which says: "This application has failed to start
because LSASRV.dll was not found."

Something else that might help clarify, I'm researching
and writing these posts from MY machine, my friends
machine is the one with the problem...sitting next to my
machine. Sorry if this caused any confusion.
Click to expand...


Tried Safe Mode?
 
Nooo. Just keep it up.

You can try a few things:
try booting into safe mode and doing a system restore to a
previous point.
try booting into last good know configuration.

while booting up keep pressing f8 until the options come
up.

if these dont work you are going to probably have to do a
repair install of xp.
Click to expand...
 
This is EXACTLY what is happening to my laptop..

I am also on another computer...

I want to fix this problem before I have to do a hard reset.... hav
doctoral work on my PC =(

Would hate to lose it.


Please help
 
In
jillb said:
This is EXACTLY what is happening to my laptop..

I am also on another computer...

I want to fix this problem before I have to do a hard reset.... have
doctoral work on my PC =(

Would hate to lose it.


Please help!
Click to expand...

As you've posted this reply with no 'quoted text' from the original post,
I'm not sure that anyone will have enough information to help you. You
should probably post a new message with your specific problem if you need
help....even if you'd provided the quoted text, "Me, too!" posts are
discouraged.
 
From: "jillb" <[email protected]>

| This is EXACTLY what is happening to my laptop..
|
| I am also on another computer...
|
| I want to fix this problem before I have to do a hard reset.... havedoctoral work on my PC
| =(
|
| Would hate to lose it.
|
| Please help!-- jillb

"This is EXACTLY what is happening to my laptop.."

And what is that ?
I don't see it !

If you are having a virus problem then your post belongs in an anti virus News Group.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

BTW: The chances of getting the Sasser Internet worm is extremely low now. However the
cgances of getting the SDBot, RBot or GAOBot which uses the same exploitation is extremely
high *IF* your PC is unpatched !

Your post has ZERO facts !
 
I cut copied and pasted exactly what the previous post said:



Here's my problem...my computer shut down...when it came
back up...it will NOT load into Windows...it stops just
before the user log on screen.

Therefore, I am unable to access my task bar, the start
button, the run command, or to input the suggested
command into the run line. I can not access windows at
all. This is the problem I cannot get around. If I could
get into windows...I'd be fine...but the computer won't
even let me sign into the account...all that is on my
screen is a "windows blue" screen...not a dos blue screen
of death...but like part of windows is loaded, but not
fully. Most likely because of the aforementioned error
message which says: "This application has failed to start
because LSASRV.dll was not found."

Something else that might help clarify, I'm researching
and writing these posts from MY machine, my friends
machine is the one with the problem...sitting next to my
machine. Sorry if this caused any confusion.


ANY SUGGESTIONS TO FIX THIS PROBLEM?

THanks,
Jill
 
From: "jillb" <[email protected]>

| I cut copied and pasted exactly what the previous post said:
|
| Here's my problem...my computer shut down...when it came
| back up...it will NOT load into Windows...it stops just
| before the user log on screen.
|
| Therefore, I am unable to access my task bar, the start
| button, the run command, or to input the suggested
| command into the run line. I can not access windows at
| all. This is the problem I cannot get around. If I could
| get into windows...I'd be fine...but the computer won't
| even let me sign into the account...all that is on my
| screen is a "windows blue" screen...not a dos blue screen
| of death...but like part of windows is loaded, but not
| fully. Most likely because of the aforementioned error
| message which says: "This application has failed to start
| because LSASRV.dll was not found."
|
| Something else that might help clarify, I'm researching
| and writing these posts from MY machine, my friends
| machine is the one with the problem...sitting next to my
| machine. Sorry if this caused any confusion.
|
| ANY SUGGESTIONS TO FIX THIS PROBLEM?
|
| THanks,
| Jill
|

You might have copied the text of the post you were replying to but you didn't paste that in
your reply. Additionall if you just replied directly to th post, it would have
automatically been included. However your post appears as an unreferenced new post.

Anyway...

You have a problem with the LSASS sub-system but it is NOT realted to any Internet worm
trying to exploit the LSASS buffer over flow vulnerability via TCP port 445 that was known
to have originally been exploited vy the Sasser Internet worm.

You either need to run System Restore and restore a state in safe Mode to previously created
Restore Point or you will have to do a Repair Install.

It might just be easier for you to take the PC into a reputable and certified service
center.
 
I tried restarting in safe mode, and tried restarting to the last known
setting that worked. Neither was a success. =(


Any other ideas?
 
In
jillb said:
I tried restarting in safe mode, and tried restarting to the last
known setting that worked. Neither was a success. =(


Any other ideas?
Click to expand...

No, because you still haven't mentioned exactly what the problem is. Did you
see my previous reply? You need to post a new message with all the details.
 
Back
Top