Lsass.exe

rikkkki · June 19, 2005

Boy, you got it :!: I'm right now trying to get a clean copy of Paul's fix into an email and send it to MS. Some of the symbols are changing in the translation so I think I'll just send them the link so they can read it for themselves. :haha: I hope I don't have to show them how to do that :D :D

cak46 · June 19, 2005

Boy, you got it :!: I'm right now trying to get a clean copy of Paul's fix into an email and send it to MS. Some of the symbols are changing in the translation so I think I'll just send them the link so they can read it for themselves. :haha: I hope I don't have to show them how to do that :D :D

:haha:

Sounds like a plan! (you may have to show them by the sounds of the tech you're dealin' with.......)

BTW: Did you find that .dll.dll.dll file on your hard drive?

rikkkki · June 19, 2005

Yes, I just cleared the last registry key a minute ago. This was the one thing that MS told me to do. That dll entry thing is gone. :D

cak46 · June 19, 2005

Yes, I just cleared the last registry key a minute ago. This was the one thing that MS told me to do. That dll entry thing is gone. :D

Good. But did you search your hard drive for the file? Even though the entry is gone from your registry, the file will still exist on your hard drive. If you want, do a seach for it and see if it's there. If it is, do another post and attach it. I'd like to take a look at it.

rikkkki · June 19, 2005

Well I cleaned the system earlier today with HJT and selected FIX and it went away. For some reason it did not save to backup :!: Wait a minute. I might be able to find it in a log file and select and paste it in the search box although I think I did this already but forgot. I shall try and see......................

Back again. I did try it before. No dice. "Not a valid file",,,,,,,,,,,,,,,,,,,

cholla · June 19, 2005

69 RAT Glad the i L wasn't the problem like I posted it was probably for ME & older/But it didn't hurt to check.I guess MS worked out the i L bug with XP.Aparently XP uses an i beam type i thats how it always should have been.On a system where they look identical it would hide it pretty well.

rikkkki · June 19, 2005

Ya dead end there.

resijs · June 21, 2005

That's funny, I get over 36,000 results with isass.exe and 338,000 with Lsass.exe, top pick for isass.exe was some information on a virus. There's also another virus called mydoom that is Lsass.exe.

http://www.auditmypc.com/process/lsass.asp

Update : I found that it is indeed an L.

http://www.liutilities.com/products/wintaskspro/processlibrary/lsass/

Also, here is your exact problem on another forums, you must sign up for it though, and it costs $10 a month just to view. =(

http://www.experts-exchange.com/Operating_Systems/WinXP/Q_20958211.html

Here we go! Sasser worm, I'm sure you've heard of it and it must be manually uninstalled.

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

Use that and see if it gets rid of it!

IMPORTANT : You must make sure you are fully updated with Windows or else it'll keep on coming back!

More information here.

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html

and

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.worm.html

And lastly, and most importantly.

http://www.ozzu.com/ftopic24247.html

I hope this all helps, if not... Then I'm stumped!

make sure to turn "off" system restore.

Also, if "that" didn't work... Then disable RPC.

1- start-programs-administrative tools-services

2- locate the: Remote Procedure Call (RPC) and open it

3- choose recovery botton then select -Take No Action- for the three pulldown menus

Hope this helps.

rikkkki · June 21, 2005

Hi all :!: Well I just ran Paul Ramsey's "fix" twice and it didn't work :cry: For those of you are not familiar with this, the link is on page three about half way down.I typed it in exactly as written but no results. I tried disabeling one of the rpc's in my services, one that looked suspicious, and that got rid of it (the error) and my task tray and 90% of my services stopped working as well :!: So back to square one. I'm very sure it's not a virus, I do not get the 60 second countdown and I can still do all of my puter needs and after a few I can just delete the error and it goes away,,,,,,,,,, till next boot. I now have XP Pro. It started when I had Home the day before I updated to Pro. No word from MS today but yesterday they told me ( believe this or not) to go ahead and RUN Paul Ramsey's fix :!: and see if it helps :!: Hummmmmmmmmmmm. I wonder if they have anything else up their sleeve? Except the dreaded " Well, we suggest that we make a clean install" :lol:

resijs · June 21, 2005

You didn't check for the sasser? DO IT

cholla · June 21, 2005

69 RATit looks like resi3js did a lot of research & spent some time on the Lsass.exe You should check out his links & try them. I don't have the Lsass.exe problem but I am going to look at the links.

cak46 · June 21, 2005

Wow!!!! So much info!!!! Thank you all!!!!!!! A little recap- I do have the latest S-t-i-n-g-e-r from McAfee and no virus, I have run all virus removal tools from McAfee and no virus. I ran a full system scan in safe mode-nothing. The weird thing is that this started on Saturday when I had XP Home and was still there on Sunday AFTER installing XP Pro!!!!! I also have a great utility called TUT (The Ultimate Troubleshooter) from Answers That Work.com, I think that's the URL. Anyhow, this program explains almost all tasks and services and startups that you have going on at any given time. It then suggests what to do, like delete or disable or don't touch, etc. I can't live without it!!!!!!!!!!!!!!! You do not need to go to Msconfig when you have this. There are tons of other things you can do from this utility. Check it out. In the meantime, I will keep everybody informed as I have just started a case right now with Microsoft on this Lsass.exe issue and they will getting back to me within 24 hrs. PS: Boot INI files, aw, no thanks not a place for me to go!!!!!!!!!!!!!!! :!: Cak46-I checked and I do not have Avserve2.exe, not in windows or my registry : :)

Resi3js: He already did

Edit: 69Rat: This is going to kind of be a pain in the lsass, but you can set Dr. Watson to run on startup. This program is a little known debugger that may expose what object is not being found by lsass. It won't do anything to your system, just log errors as they occur. I'll look up the setup for boot and get back to you.......

Edit2 Go to Start>search>files or folders and enter drwtsn32.exe searching the c: drive. Once you find it, make a shortcut to it onto your desktop (Drag and drop it with your right mouse button to the desktop, then select "create a shortcut" from the pop up menu). Now, go to "My Computer" through Start menu (or however you normally do it) and double click on c: (Drive) . Find the directory named Documents and settings, double click on it, then double on All Users. Now, double on Start menu, then Programs, then Start Up. Now, drag the shortcut you created earlier for Dr. Watson and drop it into the Startup folder. Close all windows, then reboot. When it comes back up, force it to exhibit the bad behavior with lsass. Reboot, then wait the time for the error not to occur and let me know. We'll need you to post the log file from Dr.Watson after you're done.

rikkkki · June 22, 2005

Oh ya, and then some. I ran both versons of stinger, all 5 McAfee virus removal tools, twice ran Symantec's removal tool, a complete virus scan in safe mode and I even ran the old Klez removal tool. When I was in safe mode the other day, it popped up. Today, it did not pop up in safe mode at all. Also today it didn't pop up at all until I started clicking on different icons. Paul Ramsey said it would pop up when I was in "safe mode with com prompt" and it didn't. Course his "fix" didn't work either :!: The saga continues,,,,,,,,,,,,,,,,,,,,,,,,,,

Sorry guys, I just now saw your posts, my email link took me to page four instead of five. :!: I will try Dr. Watson,,,,,,,,,,,,,,,,,,,

rikkkki · June 22, 2005

Cholla, I did look at all sites and tried Symantecs removal tool with no results. One of the sites talked about the 60 second doom and that's not my problem right now.

Cak46, I tried drwtsn.exe and it works fine except it comes up way before the error pops up :!: Therefore it can't "catch" the error cause it's already run boo hoo :( The error isn't coming up now until I click on a few icons. I think my memory banks are good enough now to explain how this all came about. When I tried to install Silent Hunter III it wouldn't cause it kept getting 'interrupted' So I mailed to support and they said to end all processes in task manager except sys tray and explorer. Well, one or two went away and then several came up and said 'cannot delete'. Well then came Lsass.exe and I clicked on that to end process and got the 60 second doom window and my system shut down :!: After that everything was fine (for awhile) At that point I started 'studying online' everything I could find out about lsass. I ran my clean-up utilities and finally went back to experiment with lsass and clicked on it to 'end process' and guess what? It now came up with 'cannot delete this,,,,,,,,,,' No 60 sec doom :!: :!:So I now thought everything was fine. But that same weekend( I think it was Saturday) all of a sudden the lsass error started popping up on my screen :!: It's weird cause when you get the 60 sec doom it just keeps coming back till you fix it. It only happened to me once. The next day (Sun) I installed XP Pro but the error stayed :( As far as I can tell I have a clean system and it is a legitimate system error. The lsass file path is is just as it supposed to be. I'm sending info to MS today and see what they say. (again) Cheers, the saga continues some more,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

cak46 · June 23, 2005

I think if you just minimize watson, it will monitor your system until you turn watson off. A little icon that looks like a doctor should appear in your systray, if I remember correctly. Did you get Silent Hunter in successfully? If you did, might want to consider uninstalling it to see if that is somehow causing the object 'not found error'. Are the icons that cause the error consistent eg: whenever you click on MSWord, it happens, but if you click on MSExcel, it never happens?

rikkkki · June 23, 2005

Good questions Cak46 I did get Silent Hunter installed on Sunday after I installed XP Pro. Unfortunately, the error problem started on Sat., when I still had XP Home

resijs · June 23, 2005

Yeah man, anyone at this point would suggest for you to backup and reformat.

rikkkki · June 24, 2005

resi3js. I think you nailed it right on the head. So far, MS has not mailed me for two days now :!: It's a puzzle alright, I mean, everything works just fine, all I do is wait a few and click OK and it's gone without any problems. And to be present in two OS's , Home and Pro, tells me that the "faulty" file was there and not removed after I installed Pro. This was an upgrade only so all my files and settings were saved. Sooooooooooooo, I have several formatted cd's, UDF style, that I can use as floppy discs with 539Mb's each and I can start the old transfering process. :cry: :cry: The sad thing is, that if I do this, we will never really learn how to fix it in a more basic way. I went to some of your link suggestions and many others and this is a big problem but a "simple" solution doesn't seem to exist. There are forums all over the place talking about lsass.exe. If nothing comes up by the weekend, I'll go ahead and do the clean install.

cak46 · June 24, 2005

Good questions Cak46 I did get Silent Hunter installed on Sunday after I installed XP Pro. Unfortunately, the error problem started on Sat., when I still had XP Home BUT I will uninstall it just because............. On Watson, it came up first and then maybe 3 minutes later the error popped up but nothing came up on Watson's screen. This time it came up without me clicking on anything!!!!!!!! Now yesterday, it seemed like it was popping up everytime I tried to enable my firewall which was weird cause my firewall is conf'd to start on boot but it has not been starting on boot :!: Hummmmmmmm, uninstall my firewall?????? I wonder. Later in the eve, it didn't matter what icon I clicked on, it just seemed to come up whenever it felt like it :!: No word from MS, they are probably pulling their hair out by now,,,,,getting ready to "suggest" that "we make a clean install" :!: :( I will take out Silent Hunter right now

update: Silent Hunter is gone with no results. Watson doesn't come up in my task tray. It comes up on my screen and there's no way to config it. But again it didn't show anything when the error popped up. Still, lots of trouble getting my firewall to get started so I will remove it now,,,,,,,,,,,,,,stay tuned

update X 2: there's no way to minimize the Watson window that I can find,,,,,,,,,,,,,,,,,,,,,,,,,,,

OK..... The next time that it the "Object not found" occurs note the time and then go into Start>settings>control Panel>Administrative Tools>Event Viewer. Look thru each of the logs and note any activity in the logs for that time , + or - 5 minutes. Especially, look for errors and Security activity in the logs then post them. I can't believe that this is happening and no error records are being created. I can understand it with Watson, to a degree, because that is primarily used for Exception error debugging.

If you are at the point of reformat and have had enough, you may want to consider this Final Last Resort: start uninstalling programs but do it Last in First out, meaning uninstall the most recently installed program first, then next most recent second....Etc. and reboot between each, giving it time after the reboot to error out on you with the "object not found". If it does error out, do the next program. Include service Packs, Updates, etc. to the operating system as well (Maybe one of those messed something up). I do not like to lose, especially to a machine, but it's your call...............

BTW: To stop execution of Watson, since it is not helping, go into Start>Programs>Startup and right moues click once on the watson entry, then click Delete on the popup menu that appears.

rikkkki · June 24, 2005

cak46 just read your note, I will look at the logs right now,,,,,,,,,,,,,,,,,,,,stay tuned

rikkkki · June 24, 2005

Details

Product: Windows Operating System

ID: 26

Source: Application Popup

Version: 5.2

Symbolic Name: STATUS_LOG_HARD_ERROR

Message: Application popup: %1 : %2

Explanation

The program could not load a driver because the program user doesn't have sufficient privileges to access the driver or because the drive is missing or corrupt.

User Action

To correct this problem:

Ensure that the program user has sufficient privileges to access the directory in which the driver is installed.

Reinstall the program to restore the driver to the correct location.

If these solutions do not work, contact Product Support Services.

Version: 5.0

Symbolic Name: status_log_hard_error

Message: Unable to Load Device Driver : device driver could not be loaded.

Explanation

The program could not load a driver because the program user doesn't have sufficient privileges to access the driver or because the drive is missing or corrupt.

User Action

To correct this problem:

Reinstall the program to restore the driver to the correct location.

If these solutions do not work, contact Product Support Services.

-------------------------------------------------------------------------------This is what I get when I click on the App Popup entry. I'm still trying to figure out how to send you some of these warnings so that they are in English................this is the "object name not found"

cak46 · June 24, 2005

Looks like we may be getting somewhere. If you want, do a print screen of the information you want to post (print Scrn key on the keyboard, then paste it into mspaint, then save it and do a post and attach the file.

Edit: goin' to do some research.... back soon.....

Edit: Looks like a driver issue or a permissions issue, maybe. Did you update or install Anything that day it started happening, including hardware drivers?

Another thing to check: Go to start>settings>Control Panel>Users and Passwords and check to make sure your Login id is in the administrators group

Here is some info: http://www.microsoft.com/technet/support/ee/result.aspx?EvtSrc=Application+Popup&EvtID=26&ProdName=Windows+Operating+System&LCID=1033&ProdVer=5.2

http://www.microsoft.com/technet/support/ee/result.aspx?EvtSrc=Application+Popup&EvtID=26&ProdName=Windows+Operating+System&LCID=1033&ProdVer=5.0

rikkkki · June 24, 2005

Details

Product: Windows Operating System

ID: 615

Source: Security

Version: 5.0

Component: Security Event Log

Symbolic Name: SE_AUDITID_IPSEC_POLICY_CHANGED

Message: IPSec policy agent changed: %1

PolicySource: %2

%3

--------------------------------------------------------------------------------

Sign In

Lsass.exe

Recommended Posts

Link to comment

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation