Karl`s PC Help Forums

LSASS.EXE
goodcitizen - 19-12-2007 at 12:17

Hi Everyone

I am new here with a problem on desktop Dell Dimension. I keep getting LSASS.EXE pop up and cannot start the computer. Have tried, start in safe mode, last known configuration and recovery from XP CD but the problem remains. It does not recognise D or A drive or the files on them and so cannot reinstall LSASS.EXE. Will appreciate if someone has a solution to this problem. I do not really want to reload the XP as it will change my settings.


LSemmens - 19-12-2007 at 13:28

Welcome, goodcit! LSASS is the Local Security Authentication Server. It verifies the validity of user logons to your PC.

It may be a problem that has popped up as as part of an infection of the Sasser Worm. What sort of security are you running on your computer? Please be as detailed as possible as that will give us some clues as to what needs to be upgraded and your computer knowledge. IF you don't understand anything, please ask, none of us bight, much!


goodcitizen - 19-12-2007 at 14:31

Hi

I have Mcafie security system and use AOL as browser. But I was recently getting pop ups saying "your computer is not fully protected". If the system is infected I cant even run a scan on it because it does not start .


Pancake - 19-12-2007 at 23:34

Just do a scan on your files and make sure you dont have C:Windowslsass.exe in this spot,if so its a virus.It should reside in C:WindowsSystem32lsass.exe


goodcitizen - 20-12-2007 at 09:56

Hi

I cannot do a scan because the computer does not run.


LSemmens - 20-12-2007 at 14:05

You say that the computer does not recognise the D: or the A: drives so I am assuming that the C: drive is still ok. What do you mean that it doesn't recognise these? Do they show up in BIOS? Is the D: drive your optical drive or another HDD? I suspect that you need to change the boot order in BIOS to allow the machine to boot from the optical drive. Do you know how to do that? If so, what is the boot order?


goodcitizen - 20-12-2007 at 14:14

D is the CD ROM drive and A is the floppy disc drive, while c is the hard disc. In the boot order I can choose the right drive.

But the difficulty occurs later in the process.

I have tried rebooting the system and repairing windows xp by inserting a CD and a floppy disc. Everytime I do this I get a message drive not found , file not found, path not valid . I feel I may have to slave the hard drive of the affected comoputer to my laptop and then investigate further. Any advise how to connect the two macines or other ideas will be much appreciated.


LSemmens - 20-12-2007 at 14:58

You won't be able to connect the two machines together unless you have a working operating system in both machines. You say you get a message drive not found etc. when you try to boot from your Windoze CD. Can you tell me exactly what process that you've used to establish that the Optical and Floppy drive are not working. I suspect that waht is actually happening is that you are not pressing a key early enough in the BIOS boot sequence and are still attempting to boot from the HDD which is the source of your problem. What you must do is place you Windoze CD in the drive, reboot and watch the screen as it performs POST. Wait until BIOS tells you to press any key to boot from CD and do so, if you don't respond to this quickly enough, the system will assume that you want to boot form the HDD, and you;ll get nowhere.


goodcitizen - 20-12-2007 at 15:27

Thanks for the reply. I put a Windows XP CD in the D drive. The machine does log on to CD, no doubt about that. It downloads a number of files from the CD. then there comes a message on the screen asking to press R for repair. I press R and then enter a number of dos commands to install the LSASS.EXE file from the CD into HD. Then it says cant find the CD or cant find the file.

I have a floppy disc with the folder i386 contaning a file LSASS.Exe which I downloaded from another PC. When I put this floppy in the affected PC. and try to copy from it by dos commands it does not work either.


LSemmens - 21-12-2007 at 10:45

You say that you enter DOS commands to install LSASS.EXE from the CD. Can you give us Step by Step exactly what you are doing. e.g. Place CD in drive and re-boot. When prompted to boot from CD, press a key. CD loads and after about 3 minutes gives the option to Install a new OS or Repair the existing one.......

Please also give us the exact text of any error messages that you receive.

Personally, I'd just re-install windoze and not waste time trying to fix a niggling problem if it can't be rectified in short order, but that's just me and nothing is learnt in the process.


Daz - 21-12-2007 at 10:57

Quote:
Originally posted by goodcitizen
then there comes a message on the screen asking to press R for repair.


A better, (IMHO), and also "Non Destructive" method of repairing XP is explained at M$ HERE

Info on the same procedure, but with ScreenShots can be found HERE


goodcitizen - 21-12-2007 at 11:25

Hi

These are the steps I took.

Insert the OS CD for Windows XP
Press F2 and set CD as the First Boot Device
Press Escape
Propmt to CDROM
Select CDROM and Press Entre
Windows XP set up begins
Press R to select recovery
In password prompt press Entre
Get C:windows
Type : cd windowssystem32dllcache
Press Entre
Type : copy LSASS.EXE C:windowssystem32LSASS.EXE
Press Entre
File not found


Alternative to above I did this.

Cd D:i386
Expand LSASS.EX_%systemroot%system32
File not found

The above instructions were taken from Dell support but unfortunately have not worked in this case.

A third alternative I used was to try to reboot from a Boot CD which I had downloaded on a good PC from BartPE. The affected PC did not even accept this CD and again I failed.

You are suggesting to reinstall Windows. May be this is what I should do this weekend. But how do I go about doing this safely. Will I loose any data. And will I need to reload the original applications and what about the updates.

Thanks


goodcitizen - 21-12-2007 at 11:43

DAZ

Thanks for the two links. I have already tried the method given in your links . I can go as far as Press F8 to accept the license agreement. After that I dont get the option to entre R for repair. i.e on Screen 6 at the bottom it says Install or Quit. At this point I do not proceed any further because I am unsure about accepting "Install ".


Daz - 21-12-2007 at 11:50

Quote:
Originally posted by goodcitizen
DAZ

Thanks for the two links. I have already tried the method given in your links . I can go as far as Press F8 to accept the license agreement. After that I dont get the option to entre R for repair. i.e on Screen 6 at the bottom it says Install or Quit. At this point I do not proceed any further because I am unsure about accepting "Install ".


Hmm, you did right....! This usually happens if the versions don't match, or if it's a slipstreamed version...

I would imagine in that case, the version of XP on the CD was different to that on the PC... (Retail rather than OEM, Pro instead of home, etc, etc)

I'll drop you a PM... (u2u)


goodcitizen - 21-12-2007 at 12:06

Thanks for the reply. You are right about versions. I have XP Pro but I guess the instructions given in your link are regarding XP Home. However my CD of XP Pro is the same that was originally installed on the PC. look forward to receiving any further advise.


LSemmens - 21-12-2007 at 12:56

Quote:
Alternative to above I did this.

Cd D:i386
Expand LSASS.EX_%systemroot%system32
File not found


Your problem may be as simple a typographical error,

You say you typed "Expand LSASS.EX_%systemroot%system32"
What happens if you type "Expand LSASS.EX_ %systemroot%system32" note the space between "Expand LSASS.EX_" and "%systemroot%system32"


goodcitizen - 21-12-2007 at 14:46

I did put a space there. Moreover I rechechekd again and again and tried several times to make sure that I was not typing incorrectly.


Daz - 21-12-2007 at 23:47

Quote:
Originally posted by goodcitizen
You are right about versions. I have XP Pro but I guess the instructions given in your link are regarding XP Home. However my CD of XP Pro is the same that was originally installed on the PC


No, the link for repairing relates to all versions of XP...

Hmm, that is stange then, each time I've encountered that scenario is if I've used a different version of XP to that installed, or if I've used my custom slipstreamed version by mistake...

(NB, Pro also comes in OEM and Retail flavours...)


LSemmens - 22-12-2007 at 13:19

If you're aware of BartPE, you'll probably be aware of the Ultimate Boot CD for Windows.

Download that, create the CD and use that to boot your recalcitrant PC. You can perform many useful tasks from within the windows environment create, including back up of critical files. Once your backup is done, you can then perform a complete reload.


goodcitizen - 24-12-2007 at 08:26

Hi

I have tried with Ultimate Boot CD but it still did not work. The screen message says. Press F1 for retry or F2 to Quit. If I press F1 it just repeats the same message and goes on.

What are my options now. Reinstal Windows ! what is the safest method to do this. Or shall I take the hard drive out and make it slave to my laptop .


LSemmens - 24-12-2007 at 13:32

It sounds as though your optical drive is not playing nicely if it is not allowing you to boot cleanly from your UBCD4Win. Can you test the CD in another computer to prove it? What is the exact text of the message that precedes the "Press F1 for retry..." message?


goodcitizen - 27-12-2007 at 08:40

Hi

I have now removed the hard drive from the desk top. Then put this hard drive in an enclosure and connected to the USB port bof my laptop. Thank God all my files were intact. I have copied them all on back up CDs. Now I a free to investigate the matter further. I looked at the System 32 folder and the file LSASS is there with the properties:

Created : 16 Jul 03
Modified : 04 Aug. 04
Accessed : 13 Sep. 05

From the above it would appear there has been no recent activity on this file. Any ideas to do further checks.

Obviously I can reformat and and reinstall the windows on this hard drive but that way I still do not learn what is the cause of the problem.


LSemmens - 28-12-2007 at 11:23

Since the drive is now in an external enclosure, it could be worth running various virus and other nasty scans on it from your working machine. I can't be too optimistic about learning much about the cause of the problem by this, but it may turn up a nasty which might give you some clues.


goodcitizen - 28-12-2007 at 11:38

I have done a full scan from the good machine and there is no virus found.

Obviously there is some file(x) in windows which has been corrupted. If someone can tell me which file is this and how to go about repairing it.

Windows Help pointed me to a file called Sc.exe which is a tool to change configurations. But when I run it , it opens a screen asking a question :

Do you want help (y : n)

If I press y or n , the screen just disappears.

There must be a way to get to the offending file.