Unable to remove the Lsass.exe

R

Rishi Flower

Hello People,
I know my computer is infected with some kind of virus or
worm. I have winodws XP Home, and I have Norton Anti Virus
2003, and Norton Internet Security 2003. When I do a
system scan or use the tool to delete the sasser worm it
does not detect anything. But when I do a Ctrl+Alt+Del, I
see the Lsass.exe running in the background. I am unable
to stop the process.
Please help
 
C

Carey Frisch [MVP]

The "Lsass.exe" is a critical Windows XP system file.
Do not attempt to delete it!

lsass.exe - Process
http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/

Follow these directions to remove "The Sasser Worm" from your computer:
http://www3.telus.net/dandemar/sasser.htm

[Courtesy of MS-MVP Jupiter Jones]

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

----------------------------------------------------------------------------


| Hello People,
| I know my computer is infected with some kind of virus or
| worm. I have winodws XP Home, and I have Norton Anti Virus
| 2003, and Norton Internet Security 2003. When I do a
| system scan or use the tool to delete the sasser worm it
| does not detect anything. But when I do a Ctrl+Alt+Del, I
| see the Lsass.exe running in the background. I am unable
| to stop the process.
| Please help
 
G

Guest

My friend’s computer has been infected with this virus. The problem is, is that the computer starts, shows logo, brings up an lsass.exe error message about a password and then shuts down. We cannot get to a screen to run anything. Startup disk do not work and neither did a reformat. Any suggestions. Thanks BRYAN PROBS

----- Carey Frisch [MVP] wrote: ----

The "Lsass.exe" is a critical Windows XP system file
Do not attempt to delete it

lsass.exe - Process
http://www.liutilities.com/products/wintaskspro/processlibrary/lsass

Follow these directions to remove "The Sasser Worm" from your computer
http://www3.telus.net/dandemar/sasser.ht

[Courtesy of MS-MVP Jupiter Jones

--
Carey Frisc
Microsoft MV
Windows XP - Shell/Use

Be Smart! Protect your PC
http://www.microsoft.com/security/protect

---------------------------------------------------------------------------


| Hello People
| I know my computer is infected with some kind of virus or
| worm. I have winodws XP Home, and I have Norton Anti Virus
| 2003, and Norton Internet Security 2003. When I do a
| system scan or use the tool to delete the sasser worm it
| does not detect anything. But when I do a Ctrl+Alt+Del, I
| see the Lsass.exe running in the background. I am unable
| to stop the process.
| Please hel
 
S

Sadie

Hello,

Try this,and if it works,or you find your own
solution,post back so that others may benefit.Could you
also expand upon your definition of "reformat",please?

This is highly experimental,since I am uncertain what is
causing the constant resets being reported by so many
people.Virus activity is one possibility-but a multitude
of other things such as soundcard problems can cause
resets.Bear in mind,this is written purely from a sense
of enabling a P.C to remain online long enough to
download critical patches.Let me know if it works or not.

If your computer resets before accessing Windows XP,refer
to your BIOS manual to determine how to boot into safe
mode via the BIOS.(e.g.I tap F5,but your computer may be
different.)This may prove impossible-report back,so a
clearer picture of events can be garnered from your
responses.

To prevent resets interupting the downloading of patches
Turn off Automatic Reboot, if you haven't already. Of
course, you can only do this if you can get into Safe
Mode and logged in as Administrator:

1) Click on "Start", right-click on "My Computer",
choose "Properties"
2) Click on the "Advanced" tab.
3) Under "Startup and Recovery" click on "Settings"
4) Under "System Failure" uncheck "Automatically Restart".
5) Click "Apply" then "Ok" then reboot your system. If
you get an error message, and your system doesn't reboot,
report the precise error message.

-----Original Message-----
My friendâ?Ts computer has been infected with this
Click to expand...
virus. The problem is, is that the computer starts, shows
logo, brings up an lsass.exe error message about a
password and then shuts down. We cannot get to a screen
to run anything. Startup disk do not work and neither
did a reformat. Any suggestions. Thanks BRYAN PROBST
----- Carey Frisch [MVP] wrote: -----

The "Lsass.exe" is a critical Windows XP system file.
Do not attempt to delete it!

lsass.exe - Process
http://www.liutilities.com/products/wintaskspro/processlib
rary/lsass/

Follow these directions to remove "The Sasser Worm" from your computer:
http://www3.telus.net/dandemar/sasser.htm

[Courtesy of MS-MVP Jupiter Jones]

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect your PC!
http://www.microsoft.com/security/protect/

---------------------------------------------------- ------------------------


| Hello People,
| I know my computer is infected with some kind of virus or
| worm. I have winodws XP Home, and I have Norton Anti Virus
| 2003, and Norton Internet Security 2003. When I do a
| system scan or use the tool to delete the sasser worm it
| does not detect anything. But when I do a Ctrl+Alt+Del, I
| see the Lsass.exe running in the background. I am unable
| to stop the process.
| Please help

.
Click to expand...
 
G

Guest

thanks. the reboot cannot be reset. This all takes place in about one minutes time. We cannot get to START to get to RUN. Even in safe mode, the computer reboots about 3 seconds after getting into to that mode. By reformat I mean a full reformat and recovery of the hard drive. He does have sasser worm virus. This probablem became apparent while trying to download the patch. The pc shut off, rebotted, and has ben in that cycle ever since. THANKS
 
S

Sadie

Bryan,

I honestly have no idea what is going on,here.I wrote a
detailed description of events to my AV company today.If
you read the postings,you will see what a widespread
problem this is.Of course,the standard set of
instructions for analysing what's set to run on start up
is not applicable,since folks can't even get into their
computers..

You are the first person I have had contact with who has
actually reformatted their drive-to no effect.This edges
me towards thinking it may be an in-memory resident
process...
The thing about Sasser is,it was an "indicator"-showing
that the P.C.wasn't patched,the vulnerability was open to
exploits.Many stealthy,polymorphic agobots/gaobots also
took advantage of the lsass vulnerability before Sasser.
Sasser was loud and let you know it was there,but the
Agobot family can elude detection by A.V scanners..

All I can suggest is that you either call in a support
professional/engineer,or keep watching these pages for a
solution.I am going all out to determine what is
happening,believe me.

Sadie
-----Original Message-----
thanks. the reboot cannot be reset. This all takes
Click to expand...
place in about one minutes time. We cannot get to START
to get to RUN. Even in safe mode, the computer reboots
about 3 seconds after getting into to that mode. By
reformat I mean a full reformat and recovery of the hard
drive. He does have sasser worm virus. This probablem
became apparent while trying to download the patch. The
pc shut off, rebotted, and has ben in that cycle ever
since. THANKS
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

lsass.exe problem 1
LSASS.EXE 2
lsass.exe 1
lsass.exe system error 5
lsass.exe... 1
lsass.exe problems... 1
lsass.exe takes a lot of CPU 1
lsass.exe error after loading SP2 0

Top