Re: PC won't boot up - LSASS.exe problem ???

On Mar 30, 9:22 pm, "Gerald309" <gerald...@xxxxxxxxx> wrote:
On Mar 29, 10:01 am, "Bubey" <catlo...@xxxxxxxxxxx> wrote:



My daughter's PC is not starting.
She gets a msg about LSASS.EXE and
P.S..... She also tried to get into Safe Mode (F8
or F3) but that didn't work.

Problem on boot up. Here's the sequence of events
Turned her Sony laptop on.
During boot up process is seem to hesitate, blue
bars were across the screen.
Then it continued the boot up process & got the
following error/problem
In a box it said, "This operation was
unsuccessful"
Underneath this line was another box within the
main box that said "OK". In the upper right
corner of
the main box it showed "LSASS.EXE".

She was not able to click on the ok as it
disappeared
almost instantly and the whole system died, power
& all.
It was like you turned off the laptop instantly,
not the
usual shut down sequences.

She had to do a couple more restarts to be able to
read the whole message down as it went by so fast.

I had her try an F8 to get into "Safe Mode", but
that didn't work.

Then she gave up and left it alone for awhile.
When she started
the laptop again all went okay, so I had her do; a
Disk Cleanup,
a Virus Scan with "vcleaner.exe" from AVG,
a"Spybot" scan and
a Defrag. No viruses or spyware was found be
either program.

She left it on as she decided to buy a USB Hard
Drive so she
could copy her files when she got home in case she
was
able to get a good boot again. When she got home
the laptop
was off again.

I'm trying to help her as she really can't afford
CompUSA or MS Help prices.

Anyone have any idea of what's going on and how it
can be fixed.

Thanks in advance for the help.

If you suspect infection - read and do this:

Here's your 'dumpster dive'.... apparently a same-name threat with the
valid windows os. The dumpster dive meaning a couple things to do -
and as I can see you know what I know (safe mode). Number one download
and install the free Microsoft Malicious Software Removal Tool and
also/or McAfee Stinger Malicious Software Removal Tool.... they are
all about the same as the Microsoft one. This will cleanly and safely
remove the worms and viruses associated here as same name threats also
in worst offenders (worms/virus). As far as trojans, probably not, but
if possible run the removal tool in Safe Mode to stop the process from
running rather than doing another 20 minute scan when it tells you you
have to go into safe mode to remove it. (Saves the double scan -
normal mode, safe mode).

With any luck - that took care of it if it was the worm. Do tell your
daughter not to dare touvh her machine except the emergency install
and run. If it is a severe worm you are going to get about 2 or 3
clicks if you are lucky. May be feasible to copy the removal tool to a
cd and run it if possible - or try computer group for bootable
language neccessary to create one. The severe worms will go after
destroying files and the windows operating system.

You'll want to get intelligent about an antispyware software. Bottom
line - well you are an operator and I'm a website and groups owner
about spyware removal. Your top three are Trend Micro Antispyware,
Webroot Spysweeper and CounterSpy. In that order. (Best pay
subscription shields - Trend). We sound the same age - I have a son
29. So get to it. Right and the second dumpster dive is for the trojan
removal. As best as I can tell from your initial information is that
the daughter's machine has decent paid antivirus on it. No ? Get some
immediately and do not operate the machine without active paid
antivirus and a firewall. If money is not an option tell the daughter
to get out a 100 dollar bill and buy all three immediately - firewall,
antivirus, antispyware. The paid subscription is the only thing that
activates the real time protection. Don't listen to idiots preaching
the free stuff -it does not protect the machine as proactive. The free
stuff is only reactive - after the fact scanning - and you can see the
results of that. On second thought she must have a free antivirus
software running or probably would not have gotten this specific
infection

Grab this and register for the free liefetime update defintions -
update it - and do a full system scan:

a-squared trojan remover (Free Working Version for life and Proactive
Premium Version)http://www.emsisoft.com/en/software/free/

AND THIS:
SUPERAntiSpyware [working-freeware, and premium version]http://www.superantispyare.com

OR THIS:
Ad-Aware [working-freeware, personal use - and premium version]http://www.lavasoftusa.com/software/adaware/

This is one of the areas the HiJackThis crowd and their software is
not able to address. There is no fix it button there. Trend Micro now
owns it and hopefully they are going to add these things. Apparently
the HiJackThis click-it-fix-it buttons only delete one registry item
or the executable of a complete malware installation of up to 30 or
more items. This can reak havoc for the pc and make rootkit scans
inoperative or worthless and give constant false positives in other
softwares. The left over installation will only be removed if the
"orphans" are detected as traces or variants of the threat if there
were any. In other words screw the HiJackThis crowd and their forums.
You want a clean uninstallation of malware. The paid softwares do that
- not HiJackThis MVP's. Ya talk someone into jumping off a bridge you
should be held for manslaughter is my point. If HiJackThis utility
could remove spyware installations or virus/worms it would be a either
an antispyware program or an antivirus program or both. It is not -
obviously !

This may apparently by one of the "Same Name Threats" that most times
do use the valid names of the Windows OS for their malwares. Here is
an example of information for your "same name threats" below:

[YOU WILL FIND A LOT MORE AT MY WEB:www.bluecollarpc.net/]:

[Note of course the same name threat here is the executable :
Isass.exe - both a part of Microsft Windows and a malware]:

lsass.exe - lsass - Process Informationhttp://www.liutilities.com/products/wintaskspro/processlibrary/lsass/

Process File: lsass.exe or lsass
Process Name: Local Security Authority Service

Description:
lsass.exe is a system process of the Microsoft Windows security
mechanisms. It specifically deals with local security and login
policies. This program is important for the stable and secure running
of your computer and should not be terminated.

Note: lsass.exe is a process which is registered as a trojan. This
Trojan allows attackers to access your computer from remote locations,
stealing passwords, Internet banking and personal data. This process
is a security risk and should be removed from your system.

Note: lsass.exe is registered as a downloader. This process usually
comes bundled with a virus or spyware and its main role is to do
nothing other than download other viruses/spyware to your computer.
This process is a security risk and should be removed from your
system.

Determining whether lsass.exe is a virus or a legitimate Windows
process depends on the directory location it executes or runs from.
Click Here to Scan Your PC including lsass.exe to Detect any Security
Threat

Recommendation for lsass.exe:
lsass.exe should not be disabled, required for essential applications
to work properly. It is highly recommended to Run a Free Performance
Scan to automatically optimize memory, CPU and Internet settings.

Author: Microsoft Corp.
Part Of: Microsoft Windows Operating System

Gerald309,
webmaster/bluecollarpc.net


FOLLOW UP INFORMATION:
http://www.neuber.com/taskmanager/process/lsass.exe.html

Note: The lsass.exe file is located in the folder C:\Windows\System32.
In other cases, lsass.exe is a virus, spyware, trojan or worm! Check
this with Security Task Manager.

Virus with same name:
W32.Nimos.Worm - Symantec Corporation
W32.Sasser.E.Worm (Lsasss.exe) - McAfee
W32.HLLW.Lovgate.C@mm - Symantec Corporation

.