Help needed.... some major computer problems

[Willing and Unsure]

Okay, so last night I get home from class and seriously just look at my computer after turning the monitor back on and I get a message that says lsass.exe has unexpectedly ended and your computer will restart in 1 minute. I hadnt been here for about 4 hours before this and everything was fine when I had left it before. So I got a virusscan running and it didnt find anything. And now it keeps doing this. MSConfig was missing (a friend helped me find it). And now I cant use that part of my computer anymore.

Does anyone have any idea of what went wrong or how to fix it?


Thanks in advance, I could really use the help.

 

[ReadyOne]

Are the virus definations up to date? This matches really close to a couple of known worms. Also, some virus will automatically close down certain windows like titles like MSCONFIG or Anti-Virus.

I'd boot in safe mode command line and run the standalone virues scanner with current definations.

There are other more drastic things that can be done, including a standalone antivirus CD (needs to be made up special to get the current definations) and cleaning the drive while attached to another machine.

PS: Details, like what OS and what brand of anti-virus could be helpful...

 

[Willing and Unsure]

thanks for the advice. And sorry I left that stuff out. It's been such a headache for no reason at all.

That part of my computer is running Windows 2000 with SP4. The antivirus, I installed a new one yesterday to make sure it wasnt corrupted or anything and that one is McAfee VirusScan Enterprise 7.1.0. It updated successfully and showed nothing.

When I say that part of my computer, I have 3 partitions because of hardware issues with two operating systems on the first two and the third one for storage. I know this is looked down upon, but it works for me since I like my win2k even though some of the things that came with my computer wont work in it (like my burner and dvd player), which is why I have the partitions set up and everything. Right now, I'm running off of a different partition in Windows 98SE with everything up to date here and no problems.

 

[SnoopDog]

Sorry, I have no clue about computers at all....
....but you got a cute smile

Snoopy, flirting randomly again

 

[ReadyOne]

thanks for the advice. And sorry I left that stuff out. It's been such a headache for no reason at all.

That part of my computer is running Windows 2000 with SP4. The antivirus, I installed a new one yesterday to make sure it wasnt corrupted or anything and that one is McAfee VirusScan Enterprise 7.1.0. It updated successfully and showed nothing.

When I say that part of my computer, I have 3 partitions because of hardware issues with two operating systems on the first two and the third one for storage. I know this is looked down upon, but it works for me since I like my win2k even though some of the things that came with my computer wont work in it (like my burner and dvd player), which is why I have the partitions set up and everything. Right now, I'm running off of a different partition in Windows 98SE with everything up to date here and no problems.

You're a techie after my own heart. I've got 1 of almost everything except my 2K system is down at the moment.

Lsass.exe aka SamSs is the Security Accounts Manager and is absolutely required -- so much that is it unrecoverable and any failure will result in a system shutdown being initialted.

I don't hold weel for prospects of getting back up since you can't even see the log messages long enough to look for a specific error code.

That is, unless this doen't happen until you do something specific lke open a network connection or something that would require validation of your user and access rights. Working in a domain is especially hostile -- if you are using the domain name field at logon try it without out. (local logon).

Look for some sort of message; any message. There are lots of hits on lsass.exe+Win2K in the M$ data base.

Sorry I can't find anything specific for you.

 

[Spenser41]

thanks for the advice. And sorry I left that stuff out. It's been such a headache for no reason at all.

That part of my computer is running Windows 2000 with SP4. The antivirus, I installed a new one yesterday to make sure it wasnt corrupted or anything and that one is McAfee VirusScan Enterprise 7.1.0. It updated successfully and showed nothing.

When I say that part of my computer, I have 3 partitions because of hardware issues with two operating systems on the first two and the third one for storage. I know this is looked down upon, but it works for me since I like my win2k even though some of the things that came with my computer wont work in it (like my burner and dvd player), which is why I have the partitions set up and everything. Right now, I'm running off of a different partition in Windows 98SE with everything up to date here and no problems.

No different partitions and OS are not frown down on, because most techs I know have more then one OS with many partitions.
I have ME, which came with the system and only way to get the DVD to work, XP and partition just for programs and one for data and one for MP3 files. I have a rather large drive. Well two to be exact. A 120GB and a 60GB.
As far as your error is concerned, it seems a worm has disabled you system. You might want to call McAfee for tech support. If not, since you have your data already saved on another partition, maybe reformat the OS area and reinstall. But that is the last thing I would do if you have no success with anything else.

 

[Willing and Unsure]

No different partitions and OS are not frown down on, because most techs I know have more then one OS with many partitions.
I have ME, which came with the system and only way to get the DVD to work, XP and partition just for programs and one for data and one for MP3 files. I have a rather large drive. Well two to be exact. A 120GB and a 60GB.
As far as your error is concerned, it seems a worm has disabled you system. You might want to call McAfee for tech support. If not, since you have your data already saved on another partition, maybe reformat the OS area and reinstall. But that is the last thing I would do if you have no success with anything else.

First off, I want to thank everyone for their advice so far. I'd love more if there is any.

Secondly, the reformat may be what's coming, and this weekend. Finals week is starting on monday and I just dont have the patience or the free time to deal with this right now. And then when I get home, there's no way I can really work with anything that has to deal with the internet then..... I'm on a pretty slow dialup then (and that's a major change from here). I've got a friend right now that's really confused about what's going on with this and wants to fix it up for me since I dont want to. I'm considering getting a new hard drive anyways since this one is full, saving the stuff I want saved and then reformatting the one I have in it's entirety. Seems like a waste, but it's just downright annoying.



ReadyOne.....

The weird thing is that every time I have 2k up, it doesnt shut down right away. I am on a network since I'm on a college campus. The strange thing is that I got home yesterday, was checking my email when it did this. Up to that point, the thing was on about 4 days without any problems, errors, anything. And since then it's like randomly picking times to have the program end. I got through most of a virus scan after installing McAfee (I had something else before) yesterday on it before it shut down and it hadnt found anything (it was in the program files which is the last thing it scans). This whole deal took about 45 minutes. After I brought it back up from that, it shut down again after about 15 minutes. The next time, 25 minutes. Today when I tried it, 5 minutes. A little box pops up and says "An unexpected error has occured and lsass.exe has unexpectedly been terminated. Your computer will be restarted in 1 minute. Please close all running programs and save all work." And it counts down that minute.

 

[Willing and Unsure]

You're a techie after my own heart.

I'm just curious.... why does every male techie say this? *smiles*

 

[knight88]

WORM

It sounds like your puter has been infected with a worm called blaster, get to another puter, go to microsoft and download the "blaster" fix, that should cure your problem, just be sure to get the correct fix MS does give you choices.. Good luck

 

[MagicFingers]

I agree with him.

I'm just curious.... why does every male techie say this? *smiles*

Anyone who is brave enough to put W2K and '98SE on the same disk is pretty cool!
A agree that it sounds like a worm. Some of those delete themselves after a certain date, so it might have done its damage, deleted itself, and that's why Norton wouldn't find it?
Anyhow, it's a good idea to run the removal tool because it will try to correct all the problems and fix the registry, which was probably corrupted.?!

Question: How do you run W2K Pro and '98SE on the same disk and get them to boot? Are you running W2K as FAT32?
I thought you could not boot FAT OS's on the same disk as NT OS's, unless you had a special boot program. Just wondering.
(Oh, and I have 3 removable disks, 2 '98SE, and one with W2K server (2 versions), W2K pro, and XP Pro; so I know how cool it is! )

 

[Willing and Unsure]

Re: WORM

It sounds like your puter has been infected with a worm called blaster, get to another puter, go to microsoft and download the "blaster" fix, that should cure your problem, just be sure to get the correct fix MS does give you choices.. Good luck

I just did this.... not found anywhere on my computer.

 

[Willing and Unsure]

Re: I agree with him.

Anyone who is brave enough to put W2K and '98SE on the same disk is pretty cool!

cool. I never thought of that. someone else thinks I'm cool now YAY!!!!

A agree that it sounds like a worm. Some of those delete themselves after a certain date, so it might have done its damage, deleted itself, and that's why Norton wouldn't find it?
Anyhow, it's a good idea to run the removal tool because it will try to correct all the problems and fix the registry, which was probably corrupted.?!

I ran the removal tool for the blaster worm, like was suggested and it didnt find anything. I dont have norton, I have mcafee now, but had something else before that. I've scanned from both OS's and found nothing.

I'm back in it right now and it's seemingly okay, I'm just waiting for it to die again. The only other thing I've done is run scan disk while in 98.

Question: How do you run W2K Pro and '98SE on the same disk and get them to boot? Are you running W2K as FAT32?
I thought you could not boot FAT OS's on the same disk as NT OS's, unless you had a special boot program. Just wondering.
(Oh, and I have 3 removable disks, 2 '98SE, and one with W2K server (2 versions), W2K pro, and XP Pro; so I know how cool it is! )

I run them on the same disk with them both as FAT32. I asked some people at another site about installing win2k as ntfs and someone told me that if you do that, you'll have a fun time if you ever have to reformat. So I'm kinda sticking with the FAT32 for awhile. at least until this piece of crap finishes irritating the hell out of me.

 

[ReadyOne]

1. We say that because we wish you were pursuing after our heart, or at lease our bod...

2. It isn't blaster because blaster doesn't involve lsass.exe, and it gives a different warning before shutting you down.

3. Get into the management console (right click My Computer) and look at Computer Management / System Tools / Event Viewer and see what is logged for the lsass.exe error.

If you get something, go to http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO and see what you can find.

4. Think again about what you might be doing that would require user credential checking which could trigger the event.

5. There are packages that will let Windoze read NTFS (free) http://www.google.com/url?sa=U&star...ernals.com/ntw2k/freeware/ntfsdos.shtml&e=747 and write NTFS (payfor) http://www.mount-everything.com/home/ntfsw/index.htm

Good luck, especially for finals.

 

[Willing and Unsure]

Okay, so the problem is still happening, just not as often now. I really dont get it.


ReadyOne, I tried what you had said and I found something that I supposed received a warning or info about from the computer but never did see but did not see anything about lsass.exe anywhere in there. I'm hating this stupid piece of crap more and more as time goes on.

Anyways, the warning was something about a file called Agobot.NN.A and I have looked everywhere trying to find this file, including on my computer (it's not there), and cannot find it to try to figure out what it is.

Anybody have any clues on this one?

 

[ReadyOne]

AgoBot aka gaobot is the name of a fairly nasty/difficult worm. There are many variants; here's one http://vil.nai.com/vil/content/v_101100.htm description.

You do have all the m$ security fixes on, as in Windows Update http://www.microsoft.com/windowsupdate ?

And while looking at the logs, you have to use you imagination some times; M$ almost never describes a problem in meaningful terms, and frequently doesn't even give a modules name of error code to help diagnose. In many cases, it's a matter of throwing out all the entires that one recognizes as normal and investigating all the rest.

You many be where you need to court what ever guru the IT group takes it's hard stuff to.

You can also try an upgrade in place before you actually reformat. Look up M$ KB article 306952 and 292175.

 

[Willing and Unsure]

okay, I looked through all of the registry keys listed and the stuff that the worm would have put there isnt there, and I mean anywhere.


And yes, everything on this thing is completely up to date as far as security fixes and everything goes. I made sure of it. I have even installed patches for things whether or not I needed them just in case and because I thought they might help. My friend found something for me, but I ahve to get through to MS support, and I cant get there because my product number has supposedly used their support too much. go figure... I've never talked to them.

I'm seriously leaning towards a complete reformat right about now with a new hard drive. This thing is almost full as it is.

 

[ReadyOne]

What did your friend find? What are the details s/he/you would tell M$ support?

 

[Willing and Unsure]

http://support.microsoft.com/default.aspx?scid=kb;en-us;828297

That's the thing my friend sent me. It sounds a lot like what's going on. The only problem is that MS Support wont talk to me because my product number has been used too many times for free support. I've never freaking talked to them. So I have no clue what to do right now except go for the reformat with the new drive.

What I would tell support.....
What it's been doing, that I did nothing except look at it (the monitor) when it started doing this. And then everything I've tried since to make it better.

And then there's the amount of virus scans. I have scanned this stupid machine in every mode I can possibly think of and nothign comes up. It's a new antivirus software that's been installed in the last 3 days and it is entirely up to date. I have scanned from both OS's, in safe mode of both, and everything else I can think of. And still nothing.

Like I said before, everything is up to date. And I ahve installed patches for things that I dont even know what they are.

 

[MagicFingers]

Lsass.exe - Sasser Worm

I went to those 2 web sites, McAfee and Norton and it looks like exacly the problem I have/ or had!?
McAfee has good pics that match identically what I had. But I use Norton, so I went there and followed their instructions.
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=125007
and the Norton version:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html#protection

Important point: After reading this thread, I had downloaded the latest virus defs at 2 pm and ran a scan - nothing found, then I had the problems a couple of hours later.
The 2 sites say that McAfee discovered and fixed it Friday and Norton got their fix Sat, 5/1!!!

So, get the latest defs and rescan if you have "Old" ones.

I got the latest 5ea. MS critical updates Friday after seeing this problem, + some Windows updates.
Got the latest Norton files Sat night, scanned my entire system Sunday, AND, NOTHING was found! No AVserve2.exe or xxx_up.exe, or no registry problems, and no Sasser worm.

Wonder where it went? I suspect the MS updates somehow deleted and fixed my problems??? You think so?

 

[Willing and Unsure]

I had all that stuff and the problem still happened. I think my problem is in the link that I had last posted. only now it's a bit different since that part of my drive is gone now.

 

[MagicFingers]

Maybe no worm?

I had all that stuff and the problem still happened. I think my problem is in the link that I had last posted. only now it's a bit different since that part of my drive is gone now.

Yes, this could be the problem/fix. A problem caused and fixed by microsoft. I used to never install updates when I ran Win 98.
Now, with XP, I HAVE to install them weekly, it seems.