What is LSASS.EXE and

[Sir_Winston54]

Try a registry repair program like Registry First Aid or Registry Mechanic

One of these should help because it's an .exe file you're trying to fix.

Umm... how do I do that when I can't get the computer to boot? (I'm using a friend's computer to post here.) It goes from the computer manufacturer's "splash" screen to Windows XP Pro start screen, but the load indicator doesn't even start up before it bounces to the blue screen "Windows has been shut down ... Unmountable Boot Volume...."

And no, I don't have a boot disk - for some reason I've never been able to create one that would work w/ that abortion of a computer (eMachine), nor can I even find my XP Pro install CD to reinstall the OS and start all over again, which I am hoping I won't have to do, because it would create a myriad of problems with my work.

 

[h_i_s]

And no, I don't have a boot disk -

You can download the files need for the boot disk for XP at http://www.softwarepatch.com/windows/winxpboot.html , be sure to have 6 floopy disks ready, and then follow the instructions provided there.

Have you tried to go back to an earlier restore point? i don't know whether you are running the XP Pro or the XP Home version, but i do know that they are not exactly the same regarding restore points.

Windows XP automatically creates a Restore Point when any of the following occurs:

An unsigned device driver is installed
A new application is installed (if the installation program is compatible with System Restore
Windows Update is used to update your system
A Restore Point from earlier is restored
A backup using the Backup Utility is restored

Perhaps you can use the boot disks, and then use a previously created restore point to buy some time to clean up the LSASS.EXE.

i don't know what you have used to clean out LSASS.exe on your PC so far , and symantec offers step by step, complete instructions with their LSASS.EXE cleaner called FXSASSER.EXE right here : http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

Good luck Sir_Winston .. i've had LSASS, helped others with cleaning LSASS .... and sometimes it can be quite frustrating, to say the least.

 

[Curtis71]

I just wanted to say thanks for this thread, I followed all the steps listed up above and downloaded FF. I like it better and my machine is running faster than ever!

BTW, nice forum you have going over here, this is my first visit, I'm a gber.

 

[shy slave]

Thanks, AA - working on getting rid of the problem (probably Sasser or a variant) now... <sigh> what a pita.

Major Hijack of Thread

Ok Sir_W did not make a spelling error apparently 'pita' means 'pain in the ass'.

I mean how is a good British girl meant to know THAT!!!

I hate it when Americans break it all down to acronyms

I am upset now, I was so happy thinking that I had spotted a rare Sir_W mistake.

After all, he has made the odd comment or six when I make the occasional error

LOL

 

[Guest]

Much to learn have you, young padawan.

First lesson. Never pull your light saber unless you plan to use it.

And as an absolute hijack ...

You might be a REDNECK JEDI if ...

• You ever heard the phrase, "May the force be with y'all."
• Your Jedi robe is camouflage.
• You have ever used your light saber to open a bottle of Bud Light.
• At least one wing of your X-Wings is primer colored.
• You can easily describe the taste of an Ewok.
• You have ever had a land-speeder up on blocks in your yard.
• The worst part of spending time on Dagobah is the dadgum skeeters.
• Wookies are offended by your B.O.
• You have ever used the force to get yourself another beer so you didn't have to wait for a commercial.
• You have ever used the force in conjunction with fishing/bowling.
• Your father has ever said to you, "Shoot, son come on over to the dark side...it'll be a hoot."
• You have ever had your R-2 unit use its self-defense electro-shock thingy to get the barbecue grill to light.
• If you use R-2 to "light up" an SO's day, you're just DVS.
• You have a confederate flag painted on the hood of your land-speeder.
• You ever fantasized about Princess Leah wearing Daisy Duke shorts.
• You have the doors of your X-wing welded shut and you have to get in through the window.
• Although you'da had to kill him, you kinda thought that Jabba the Hutt had a pretty good handle on how to treat his women.
• Then again, appreciation for his work puts you in the right forum at Lit.
• You have a cousin who bears a strong resemblance to Chewbacca.
• You suggested that they outfit the Millennium Falcon with a redwood deck.
• If you hear . . . "Luke, I am your father...and your uncle"

Ok...That one deserves it's own thread....

 

[Guest]

Umm... how do I do that when I can't get the computer to boot? (I'm using a friend's computer to post here.) It goes from the computer manufacturer's "splash" screen to Windows XP Pro start screen, but the load indicator doesn't even start up before it bounces to the blue screen "Windows has been shut down ... Unmountable Boot Volume...."

And no, I don't have a boot disk - for some reason I've never been able to create one that would work w/ that abortion of a computer (eMachine), nor can I even find my XP Pro install CD to reinstall the OS and start all over again, which I am hoping I won't have to do, because it would create a myriad of problems with my work.

Also - try Spybot S&D...It's free too... Rip the little fuckers out and stomp on em...

 

[-Ravena-]

some great programs:

Adaware SE
Spybot
HijackThis (don't run this unless you know what you should delete -- it looks for browser hijacks) run with your browser CLOSED
CWShredder

you can get all these at www.majorgeeks.com

 

[AngelicAssassin]

Umm... how do I do that when I can't get the computer to boot? (I'm using a friend's computer to post here.) It goes from the computer manufacturer's "splash" screen to Windows XP Pro start screen, but the load indicator doesn't even start up before it bounces to the blue screen "Windows has been shut down ... Unmountable Boot Volume...."

And no, I don't have a boot disk - for some reason I've never been able to create one that would work w/ that abortion of a computer (eMachine), nor can I even find my XP Pro install CD to reinstall the OS and start all over again, which I am hoping I won't have to do, because it would create a myriad of problems with my work.

Then you need to find the install CD or borrow one. It sounds like your boot.ini has become corrupt. Take a look at the link below. It shows a standard procedure to work around a hosed boot.ini.

http://www.techtips4u.com/kb/sw/SW00014.htm

It also gives you hope if you can't find the install CD, but you'll need a floppy drive. Granted, there's a way around the floppy drive issue as well, but let's fuck this up one step at a time, shall we?

http://techtips4u.com/downloads/

For shits and grins, i've included another link in case you run into another brickwall and i'm not around.

http://www.5starsupport.com/xp-faq/1-7.htm

 

[-Ravena-]

emachines are the devil. You can't use a regular winxp install cd with them. I ended up forcing it into safe mode by a trick a friend showed me by turning the machine off in the middle of that boot screen then turning the machine back on again -- the next boot the machine will boot in safe mode. Not a good thing for it but I was then able to fix what was going on.

Good luck SirWinston!

 

[catalina_francisco]

Then you need to find the install CD or borrow one. It sounds like your boot.ini has become corrupt. T......]

This is great advice and the one I would follow. I was reading the posts starting to write my own little advice when I read AA's.

Once you get your system up, you will have to fight the virus though.
So the first step is to do what AA advises, the second step is to fight the virus.

Do yourself a favour and then follow the link AA gave in his first posting they will tell you how to get rid of it.

http://vil.nai.com/vil/content/v_125007.htm

If you are in the middle of the virus removal process and you need a bit more time and the machine gives you a shutdown warning do the follwing to stop the shutdown.

goto start--->Run
type CMD <enter>
this should open a dos box
type shutdown -a <enter>
this should stop the shutdown.

Once you have finished the cleaning process you will have to reboot.

Francisco.
PS and I get paid about as much as a high class hooker for my virus removal advice so consider yourself to have gotten a freebie from me.

Francisco.

 

[AngelicAssassin]

PS and I get paid about as much as a high class hooker for my virus removal advice so consider yourself to have gotten a freebie from me.

Francisco.

Speaking of which ...

What sysadmin *actually* charges you for

Regular (as it were) Prices:

• Calling me with a question --- $10
• Calling me with a stupid question --- $20
• Calling me with a stupid question you can't quite articulate - $30
• Implying I'm incompetant because I can't interpret your inarticulate problem description - $1000 + punitive damages
• Questions received via phone without first trying help desk - $10
• Questions where answer is in TFM - $10 (this should have been higher)
• Questions during Xpilot session - $20
• Calling me back with the same problem *after* I fix it once - $100
• Insisting that you're not breaking the software, the problem is on my end somehow - $200
• Asking me to walk over to your building to fix the problem - $5/step
• Asking me to drive to another town to fix your problem - $50/mile + gas
• If you interrupt me while I was reading news - $25/hr
• If you interrupt me while I was trying to count all the xroaches on my screen - $35/hr
• If you interrupt me while I was trying to actually fix somebody else's problem - $45/hr
• If you try to hang around and get me to fix it now - $50/hr
• If you expect me to tell you how I fixed it - $60/hr
• If you've come to ask me why something isn't working that I'm currently working on - $70/hr
• If you're asking me to fix something I fixed for you yesterday - $75/hr
• If you're asking me to fix something I told you I fixed yesterday, but never did fix - $85/hr
• If you're asking me to fix a quick patch that I made that didn't work - $95/hr
• If you're bugging me while there's another admin in the room who could have done it for you - $150/hr
• Making me trek to your office to fix your problem then leaving immediately after hanging up the phone - $1500
• Calling up with a problem which "everybody" in the office is having and which is "stopping all work." Not being there when I rush over to look at it and nobody else in the office knows anything about it. - $1700
• Explaining a problem for 1/2 hour over the phone BEFORE mentioning it's your personal machine at home - $500
• Self-diagnosing your problem and informing me what to do - $150
• Having me bail you out when you perform your own repairs I told you not to do - $300
• The price for not telling all of your co-workers about it - $850
• Explaining that you can't log in to some server because you don't have an account there - $10
• Explaining that you don't have an account on the machine you used to have an account on because you used it to try to break into the above server - $500
• Forgetting your password after it was tattooed on your index finger - $25
• Changing disk partitions without informing me first - $50
• Each time you call and start out by saying "I was fooling around on my computer when ..." - $50 + $ 10/hr to fix the problem + $ 30/hr to clean up after you.
• Installing programs without informing me/getting permission first - $100 per program
• Technical support for the above programs - $150 per hour (regardless of whether I know the program or not)
• Calling me to tell me that none of the users in your group can log on without telling me that you placed an order to remove applications for those users $25/user
• After I find out that you placed the order to DELETE all of your users $1,000/user (including $4,000 discount for the hilarity factor)
• Leaving files on desktop - $5/file, $10/day the file is left unclaimed
• Bringing in your own copy of the original Norton Utilities v1.0 to fix a brand new machine - $2000
• Putting feet up next to workstation after ten mile jog through downtown streets - $50
• Spending 30 minutes of my time trying to figure out what your problem is, and another 5 explaining how to verify and fix it, only to hear you say... "So that's what the little box that popped up on my screen was telling me to do!" - $40
• Dealing with tech support requests for obviously pirated software - $25
• Dealing with "How can I get another copy of [obviously pirated software]? Mine just died" requests - $45
• Having to use the "We're really not the best people to talk to about that; why don't you try calling the number on the box in which you bought it?" line - $55
• Actually needing to explain copyright law to you after you failed to get the hint in the previous response - $95 (includes instructions for getting freeware replacements from the public file server)
• Having to point out anything that's on the wall in a typeface larger than 18 points - $15
• If I wrote the sign - $45
• If it's in a 144 point font and taped to the side of the monitor facing the door - $75
• Reporting slow connection by passenger pigeon packets to MPEG archive in Outer Slobavia as a Mosaic/Netscape/Gopher/FTP client problem - $250
• Reporting it more than once - $500
• Reporting it more than once and implying slothfullness on tech support's inability to solve problem - $5000
• Having to show the location of the Start button on any Windows O/S after 1995 more than once - Bend over and kiss your ass goodbye

"Hardware Problem" Prices:

• Figuring out you mean floppy drive when you say hard drive - $50
• AFTER I order your replacement hard drive - $250
• Telling me that you don't have a hard drive - $50
• Spending 15 minutes to find out the size of your hard drive (includes walking you through the process) - $100
• Telling me that you don't save anything to the any of the drives, you "just push a button and it goes off into computer land." $50
• Fixing your "broken" mouse with a mousepad - $25
• Fixing your "broken" optical mouse by rotating the mousepad 90 degrees - $35
• Fixing your "broken" optical mouse by taking off the post-it note someone has put on the bottom. - $50
• Fixing a "broken" mouse by cleaning the rollers - $50
• Fixing your "broken" printer with an ink/toner cartridge - $35
• Fixing your "broken" ANYTHING with the power button - $250
• Fixing the "crashed" system by plugging in the cable for the external disk - $200
• Fixing the "hung" systemby plugging in the ethernet transciver after your bigfoot knocked it out of the wall - $375
• Fixing the crashed nameserver by plugging back in the SCSI cord someone accidentially yanked out on Friday afternoon when the 'real' sysadmin has just left for a two week vacation - $400
• Visiting your old university and fixing the broken PC by plugging in the monitor power cable - $50
• Spilling coke on keyboard - $25 plus cost of keyboard
• Spilling coke on monitor - $50 plus cost of monitor
• Spilling coke on CPU - $200 plus cost of motherboard swap plus hourly rate of $150 per hour spent re-installing the system
• Cleaning the mouse with spit and sleeve - $50 plus cost of sleeve plus cost of therapy
• Chewing on the end of the graphic tablet stylus - $25
• Listening to your network troubles, suggesting that you check to see if you are plugged into the network jack, hearing yes, trying five other things, asking you to identify your plug type, listening to you drag furniture, and hearing a sheepish, "Oops. Never mind." - $35 (including discount for polite apology)

Beeper Prices:

• Beeping me when I'm out with the significant other - $50
• Beeping me when I'm out of town and I took pains to insure that help files were left all over and that diagnostics had been run on all machines before I left - $100
• Beeping me more than once to tell me that the printer's offline and the fix is to press the On Line button - $200
• Beeping me more than once while I'm asleep - $50/beep
• Beeping me and not identifying yourself within the first 5 seconds - $25
• Beeping me, then changing your story/denying you placed the call/hoped I would forget who caused the problem - $500

Special Rates:

• Dealing with user body odor - $25/hour
• Dealing with user not familiar with the primary language spoken at site - $50/hour
• Dealing with user not familiar with the primary language spoken at site and doesn't keep track of the current exchange rate to his/her country - $75/hour
• Dealing with user who is (self-proclaimed) smarter than you are, but still calls every other day for help - $100/hour
• Dealing with computer hobbiests - $125/hour
• Questioning the other prices - Your ass couldn't handle it

 

[jasonlf]

Thanks all for the comments and thank yous.

Most everything I've read has been moderately accurate.

I can't speak toward Yahoo Anti-Spy, as I've always been an Adaware/spybot guy. I know that Adaware usually grabs the most stuff, with the least chance of breaking things. Sometimes spybot gets more, but is more likely to break a program.

That's why I reccomend ad-aware to a more general audience.

 

[Sir_Winston54]

Then you need to find the install CD or borrow one. It sounds like your boot.ini has become corrupt. Take a look at the link below. It shows a standard procedure to work around a hosed boot.ini.

http://www.techtips4u.com/kb/sw/SW00014.htm

It also gives you hope if you can't find the install CD, but you'll need a floppy drive. Granted, there's a way around the floppy drive issue as well, but let's fuck this up one step at a time, shall we?

http://techtips4u.com/downloads/

For shits and grins, i've included another link in case you run into another brickwall and i'm not around.

http://www.5starsupport.com/xp-faq/1-7.htm

Downloaded the boot disk install program from the site you provided, but when I tried to run it, it says the system file (I guess on this computer, the one I'm using while trying to fix mine) is not suitable to run Windows and DOS, something or other - choose "Close" to quit.

 

[AngelicAssassin]

Downloaded the boot disk install program from the site you provided, but when I tried to run it, it says the system file (I guess on this computer, the one I'm using while trying to fix mine) is not suitable to run Windows and DOS, something or other - choose "Close" to quit.

If i'm understanding you correctly, the download copied a system file from the workable computer incompatible with the inop machine? Do you remember the service pack level your (inoperative) machine had attained before the infection, i.e. XP Pro, Service Pack 1, Service Pack 1a, Service Pack 2? If so, PM me an email address, and i'll see if i can get you the right system file to use on your doorstop.

 

[Sir_Winston54]

If i'm understanding you correctly, the download copied a system file from the workable computer incompatible with the inop machine? Do you remember the service pack level your (inoperative) machine had attained before the infection, i.e. XP Pro, Service Pack 1, Service Pack 1a, Service Pack 2? If so, PM me an email address, and i'll see if i can get you the right system file to use on your doorstop.

Nope - I was unclear. I downloaded WIN_EN_PRO_BF to the working computer. However, when I attempt to create a boot disk (on 6 floppies, as stated on the website) by opening the _BF .exe, it opens a DOS window w/ a header something about a 16-bit error, and tells me "the system file is not suitable to run MS-DOS or Microsoft Windows applications. Choose 'Close' to terminate the application."

I can't get *anything* to run on the non-working computer. It never gets far enough into the boot sequence, and if I use F8 to get to safe mode, etc., start procedures, it bounces to the UNMOUNTABLE_BOOT_VOLUME screen on any of them I try.

 

[AngelicAssassin]

Nope - I was unclear. I downloaded WIN_EN_PRO_BF to the working computer. However, when I attempt to create a boot disk (on 6 floppies, as stated on the website) by opening the _BF .exe, it opens a DOS window w/ a header something about a 16-bit error, and tells me "the system file is not suitable to run MS-DOS or Microsoft Windows applications. Choose 'Close' to terminate the application."

Downloading the exe now to see if i can build the six diskettes. i'll let you know in a bit.

 

[AngelicAssassin]

i just finished diskette #6 without issue.

Out of curiosity, what O/S is installed on the current machine from which you post?

Start

Run

Type "cmd" without the quotes and a DOS box should pop up with writing across the top.

 

[Sir_Winston54]

i just finished diskette #6 without issue.

Out of curiosity, what O/S is installed on the current machine from which you post?

Start

Run

Type "cmd" without the quotes and a DOS box should pop up with writing across the top.

XP Home (Windows XP [Version 5.1.2600])

 

[Sir_Winston54]

i just finished diskette #6 without issue.

I just ordered downloadable XP Pro, can d/l it tomorrow morning or so (damn 24-hour wait! and they don't tell you about it until you've already given them the credit card # and confirmed the order ) Now, I'm gonna try to get my HD and slave it into another desktop, see if I can offload the files from it that I really would like to keep... just got to make sure the other desktop works before I slave my HD into it... and worry a little that if the problem is virus-created whether it will move onto the one I'm trying to offload files to. (Yes, that's bad grammar and construction, but I'm in a hurry. Report me to the Language Nazis, lol!)

 

[AngelicAssassin]

XP Home (Windows XP [Version 5.1.2600])

i'll try making the home edition diskettes on my Pro machine for the sake of curiosity, but knowing MS it won't be an issue.

I just ordered downloadable XP Pro, can d/l it tomorrow morning or so (damn 24-hour wait! and they don't tell you about it until you've already given them the credit card # and confirmed the order ) Now, I'm gonna try to get my HD and slave it into another desktop, see if I can offload the files from it that I really would like to keep... just got to make sure the other desktop works before I slave my HD into it... and worry a little that if the problem is virus-created whether it will move onto the one I'm trying to offload files to. (Yes, that's bad grammar and construction, but I'm in a hurry. Report me to the Language Nazis, lol!)

Probably your best bet considering the issues with x-platform diskette creation. Whatever you do, make sure to create a CD of the download and keep track of it to avoid this problem in the future. Be sure to do a thorough virus/worm scan on that slaved drive before you copy anything from it to another drive. Sasser, or the variant wants access to your system files, so as long as you strike first, you should be ok. Sorry we couldn't get this done a faster/cheaper way. As for the grammar/construction issues, i'll attribute that to bastardization of your input by the XP with training wheels version from which you currently post.

Best of luck, and enjoy the upgrade/update cycle to XP SP2 if the download starts from the initial release. i always plan on watching a good movie to when i rebuild my machine. If i ever get off my lazy ass, i'll ask for the "free" SP2 CD from MS.

 

[Sir_Winston54]

i'll try making the home edition diskettes on my Pro machine for the sake of curiosity, but knowing MS it won't be an issue.Probably your best bet considering the issues with x-platform diskette creation. Whatever you do, make sure to create a CD of the download and keep track of it to avoid this problem in the future.

I've always been pretty good about keeping track of my software CDs, but the move at the end of September was very quick and very disorganized, and I think my ex inadvertently packed my XP Pro install CD, plus two others I need for work, with her stuff, though she says she can't find them anywhere in her stuff... <sigh>

Be sure to do a thorough virus/worm scan on that slaved drive before you copy anything from it to another drive. Sasser, or the variant wants access to your system files, so as long as you strike first, you should be ok. Sorry we couldn't get this done a faster/cheaper way.

Since I posted the comment about copying from my HD to another, I've found that there isn't a desktop available to do that, so I'll just end up losing a bunch of stuff that's not critical, but that I would have liked to have. Some I'll replace; some will just go by the wayside. As far as being sorry we couldn't get it done faster/easier/cheaper, brings to mind that old saying: "If it were easy, anyone could do it."

As for the grammar/construction issues, i'll attribute that to bastardization of your input by the XP with training wheels version from which you currently post.

Best of luck, and enjoy the upgrade/update cycle to XP SP2 if the download starts from the initial release. i always plan on watching a good movie to when i rebuild my machine. If i ever get off my lazy ass, i'll ask for the "free" SP2 CD from MS.

Yeah, that's it - XP Home messed up what I wrote. Thanks for the good wishes... the Pro I'll be d/l'ing tomorrow is SP1, and I've heard so many horror stories about SP2 I'm not sure I'll ever want to install it.... let us know how that goes for you, so I'll know whether or not to do it.

 

[jasonlf]

Easiest way to rid yourself of Sasser is to go to a friend's house, burn a CD with the sasser patch and a "sasser fix" executable from a virus company. Boot into safe mode, run them both (fix, then patch).

 

[AngelicAssassin]

Boot into safe mode, run them both (fix, then patch).

Boot what into safe mode? If you refer to his current doorstop, scroll back and read the part about BSoD coming out of the BIOS read. He can't get to the disk. You did, however, bring up one interesting point. If he weren't in a rush, and had access to another machine to slave the drive, i might take a crack at rewriting his boot.ini file.

Winston, the ini file is actually a write protected and "hidden" file located usually at the root of the boot partition, and you can edit the file. The contents of one boot.ini appears below.

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

As long as you have access to the attrib command, we might be able to do something about this yet ...