|
Posted by Gerald309 on March 30, 2007, 9:33 pm
If you were Registered and logged in, you could reply and use other advanced thread options >
>
>
> > My daughter's PC is not starting.
> > She gets a msg about LSASS.EXE and
> > P.S..... She also tried to get into Safe Mode (F8
> > or F3) but that didn't work.
>
> > Problem on boot up. Here's the sequence of events
> > Turned her Sony laptop on.
> > During boot up process is seem to hesitate, blue
> > bars were across the screen.
> > Then it continued the boot up process & got the
> > following error/problem
> > In a box it said, "This operation was
> > unsuccessful"
> > Underneath this line was another box within the
> > main box that said "OK". In the upper right
> > corner of
> > the main box it showed "LSASS.EXE".
>
> > She was not able to click on the ok as it
> > disappeared
> > almost instantly and the whole system died, power
> > & all.
> > It was like you turned off the laptop instantly,
> > not the
> > usual shut down sequences.
>
> > She had to do a couple more restarts to be able to
> > read the whole message down as it went by so fast.
>
> > I had her try an F8 to get into "Safe Mode", but
> > that didn't work.
>
> > Then she gave up and left it alone for awhile.
> > When she started
> > the laptop again all went okay, so I had her do; a
> > Disk Cleanup,
> > a Virus Scan with "vcleaner.exe" from AVG,
> > a"Spybot" scan and
> > a Defrag. No viruses or spyware was found be
> > either program.
>
> > She left it on as she decided to buy a USB Hard
> > Drive so she
> > could copy her files when she got home in case she
> > was
> > able to get a good boot again. When she got home
> > the laptop
> > was off again.
>
> > I'm trying to help her as she really can't afford
> > CompUSA or MS Help prices.
>
> > Anyone have any idea of what's going on and how it
> > can be fixed.
>
> > Thanks in advance for the help.
>
> If you suspect infection - read and do this:
>
> Here's your 'dumpster dive'.... apparently a same-name threat with the
> valid windows os. The dumpster dive meaning a couple things to do -
> and as I can see you know what I know (safe mode). Number one download
> and install the free Microsoft Malicious Software Removal Tool and
> also/or McAfee Stinger Malicious Software Removal Tool.... they are
> all about the same as the Microsoft one. This will cleanly and safely
> remove the worms and viruses associated here as same name threats also
> in worst offenders (worms/virus). As far as trojans, probably not, but
> if possible run the removal tool in Safe Mode to stop the process from
> running rather than doing another 20 minute scan when it tells you you
> have to go into safe mode to remove it. (Saves the double scan -
> normal mode, safe mode).
>
> With any luck - that took care of it if it was the worm. Do tell your
> daughter not to dare touvh her machine except the emergency install
> and run. If it is a severe worm you are going to get about 2 or 3
> clicks if you are lucky. May be feasible to copy the removal tool to a
> cd and run it if possible - or try computer group for bootable
> language neccessary to create one. The severe worms will go after
> destroying files and the windows operating system.
>
> You'll want to get intelligent about an antispyware software. Bottom
> line - well you are an operator and I'm a website and groups owner
> about spyware removal. Your top three are Trend Micro Antispyware,
> Webroot Spysweeper and CounterSpy. In that order. (Best pay
> subscription shields - Trend). We sound the same age - I have a son
> 29. So get to it. Right and the second dumpster dive is for the trojan
> removal. As best as I can tell from your initial information is that
> the daughter's machine has decent paid antivirus on it. No ? Get some
> immediately and do not operate the machine without active paid
> antivirus and a firewall. If money is not an option tell the daughter
> to get out a 100 dollar bill and buy all three immediately - firewall,
> antivirus, antispyware. The paid subscription is the only thing that
> activates the real time protection. Don't listen to idiots preaching
> the free stuff -it does not protect the machine as proactive. The free
> stuff is only reactive - after the fact scanning - and you can see the
> results of that. On second thought she must have a free antivirus
> software running or probably would not have gotten this specific
> infection
>
> Grab this and register for the free liefetime update defintions -
> update it - and do a full system scan:
>
> a-squared trojan remover (Free Working Version for life and Proactive
> Premium Version)http://www.emsisoft.com/en/software/free/
>
> AND THIS:
> SUPERAntiSpyware [working-freeware, and premium
version]http://www.superantispyare.com
>
> OR THIS:
> Ad-Aware [working-freeware, personal use - and premium
version]http://www.lavasoftusa.com/software/adaware/
>
> This is one of the areas the HiJackThis crowd and their software is
> not able to address. There is no fix it button there. Trend Micro now
> owns it and hopefully they are going to add these things. Apparently
> the HiJackThis click-it-fix-it buttons only delete one registry item
> or the executable of a complete malware installation of up to 30 or
> more items. This can reak havoc for the pc and make rootkit scans
> inoperative or worthless and give constant false positives in other
> softwares. The left over installation will only be removed if the
> "orphans" are detected as traces or variants of the threat if there
> were any. In other words screw the HiJackThis crowd and their forums.
> You want a clean uninstallation of malware. The paid softwares do that
> - not HiJackThis MVP's. Ya talk someone into jumping off a bridge you
> should be held for manslaughter is my point. If HiJackThis utility
> could remove spyware installations or virus/worms it would be a either
> an antispyware program or an antivirus program or both. It is not -
> obviously !
>
> This may apparently by one of the "Same Name Threats" that most times
> do use the valid names of the Windows OS for their malwares. Here is
> an example of information for your "same name threats" below:
>
> [YOU WILL FIND A LOT MORE AT MY WEB:www.bluecollarpc.net/]:
>
> [Note of course the same name threat here is the executable :
> Isass.exe - both a part of Microsft Windows and a malware]:
>
> lsass.exe - lsass - Process
Informationhttp://www.liutilities.com/products/wintaskspro/processlibrary/lsass/
>
> Process File: lsass.exe or lsass
> Process Name: Local Security Authority Service
>
> Description:
> lsass.exe is a system process of the Microsoft Windows security
> mechanisms. It specifically deals with local security and login
> policies. This program is important for the stable and secure running
> of your computer and should not be terminated.
>
> Note: lsass.exe is a process which is registered as a trojan. This
> Trojan allows attackers to access your computer from remote locations,
> stealing passwords, Internet banking and personal data. This process
> is a security risk and should be removed from your system.
>
> Note: lsass.exe is registered as a downloader. This process usually
> comes bundled with a virus or spyware and its main role is to do
> nothing other than download other viruses/spyware to your computer.
> This process is a security risk and should be removed from your
> system.
>
> Determining whether lsass.exe is a virus or a legitimate Windows
> process depends on the directory location it executes or runs from.
> Click Here to Scan Your PC including lsass.exe to Detect any Security
> Threat
>
> Recommendation for lsass.exe:
> lsass.exe should not be disabled, required for essential applications
> to work properly. It is highly recommended to Run a Free Performance
> Scan to automatically optimize memory, CPU and Internet settings.
>
> Author: Microsoft Corp.
> Part Of: Microsoft Windows Operating System
>
> Gerald309,
> webmaster/bluecollarpc.net
FOLLOW UP INFORMATION:
http://www.neuber.com/taskmanager/process/lsass.exe.html
Note: The lsass.exe file is located in the folder C:\Windows\System32.
In other cases, lsass.exe is a virus, spyware, trojan or worm! Check
this with Security Task Manager.
Virus with same name:
W32.Nimos.Worm - Symantec Corporation
W32.Sasser.E.Worm (Lsasss.exe) - McAfee
W32.HLLW.Lovgate.C@mm - Symantec Corporation
| 
XML site map