rikkkki Posted June 16, 2005 Author CID Share Posted June 16, 2005 Hey guys. Ya answersthatwork.com is the program that I was talking about. I have it and it is VERY helpful with MANY different things. It's called TUT ( The Ultimate Troubleshooter) I was also VERY suspicious about my entry that had all those dlls tagged on the end. Highjack This says that generally Trojan types use this Quote Link to comment Share on other sites More sharing options...
rikkkki Posted June 16, 2005 Author CID Share Posted June 16, 2005 Just a note: TUT says that if you have lsass.exe in your startups then you have a virus. Mine runs right where it's supposed to, in the tasks and the path is correct............... Quote Link to comment Share on other sites More sharing options...
cak46 Posted June 16, 2005 CID Share Posted June 16, 2005 Just a note: TUT says that if you have lsass.exe in your startups then you have a virus. Mine runs right where it's supposed to, in the tasks and the path is correct............... Agreed. You can disable the funky registry entry in msconfig without deleting it. It would be a good idea to backup your registry first if you decide to do this.. Quote Link to comment Share on other sites More sharing options...
rikkkki Posted June 16, 2005 Author CID Share Posted June 16, 2005 Well, at least I have never found lsass.exe in my startups anywhere. I'm composing a letter to MS right now and I copied and pasted that goofy looking dll dlll...... thing in there to give them something to think about Quote Link to comment Share on other sites More sharing options...
rikkkki Posted June 17, 2005 Author CID Share Posted June 17, 2005 Well-update, maybe. I told Microsoft yesterday that I had run an HT scan and that it had a suspicious multiple dll listing in the log. Well, they wrote me back and said to go ahead and download HT and run a scan/log and send it to them :!: :!: Ah, HELLO, Microsoft, how did I run the scan if I didn't have HT in the first place>??? :haha: After I got done laughing I went ahead and sent them the same thing that I posted here in this forum. Sometimes I think that I am a day ahead of them :!: :!: ;) Quote Link to comment Share on other sites More sharing options...
cak46 Posted June 17, 2005 CID Share Posted June 17, 2005 Microsoft is just takin' credit for the work you've done 69Rat "Oh, thats a good idea, why don't you download HJT, run it, then send the log........" Leave it to Microsoft....... It is good to be ahead of them, though Quote Link to comment Share on other sites More sharing options...
rikkkki Posted June 17, 2005 Author CID Share Posted June 17, 2005 Well Cak46 I hope that they can get ahead of me somewhere along the line so that we can be on the same page :!: I seriously feel that I do not have a virus. I think it's something like a true system error like the little box says, cause it will not reboot if I wait about ten minutes before I click OK. I mean, it's not the famous "60 second countdown" :!: Quote Link to comment Share on other sites More sharing options...
cak46 Posted June 17, 2005 CID Share Posted June 17, 2005 Yeah, but by the same token, the process that is executing (possibly a virus or other errant action) may not like to be interrupted until it is done doing whatever it was written to do....... Did you actually find the file with that funky name on your hd? Quote Link to comment Share on other sites More sharing options...
rikkkki Posted June 17, 2005 Author CID Share Posted June 17, 2005 HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs Value: 9vs7sxtxnn585u.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll Here is the actual path in my registry and the value is from the properties and I think that's as far as I can go with it :icon_study: Unless there is another way to try. Quote Link to comment Share on other sites More sharing options...
cak46 Posted June 17, 2005 CID Share Posted June 17, 2005 Haven't used the search feature too much with XP so I got this from here: http://www.cyberwalker.net/columns/aug03/find-file.html You can just copy and paste the filename from here 9vs7sxtxnn585u.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll ***************** However here's the detailed search instructions for Windows XP owners. First click the START button (bottom left of your screen) then "Search", then select "For Files or Folders". A window will pop up with a details box on the left hand side that looks like this: Search box from Windows XP Next, click on the green arrow next to "All files and folders" unless you know specifically what type on file you have lost. If you have downloaded a picture, a music file or video or a document such as a Word file or PDF then click on the specific search option item that relates to that kind of file. A new box will pop open. Next type in all or part of the filename in the top field that says: "All or part of the file name". If the file was called "paintprogram.zip" then type it in. If you don't remember, type in part of the name such as "paint". However the less specific you are, the more likely that you'll find all kinds of files like that that are already on your system. If the file was a document you could also type in a few words from the document (maybe you know the title or topic?) into the second box titled: "A word or phrase in the file". Search Windows XP Finally, in the "Look in:" field leave your "C drive" selected unless you know for certain that you downloaded the file to another computer drive. If you want to search the all the drives including CD drives and floppy drive (if you have one) click the drop down box and select "My Computer". Next click the Search button. All the files that match your search criteria will appear on the right side of the Search window. *********************** Don't click on it, just note the location. Most likely that will be ms's next question. Quote Link to comment Share on other sites More sharing options...
rikkkki Posted June 17, 2005 Author CID Share Posted June 17, 2005 I had already tried a search with the registry but of course that's not a file. Then I just now tried a search of the value and came up with nothing. The funny thing is this started on Saturday when I was right in middle of researching lsass.exe and when I was " ending process" on task manager. When I clicked on lsass a window came up and told me that this cannot be deleted, so I clicked OK. and that was that. I was having trouble installing a new game, support told me delete everything except explorer and system tray. Well with XP that cannot be done. Later in the afternoon the window started popping up :!: Quote Link to comment Share on other sites More sharing options...
rikkkki Posted June 17, 2005 Author CID Share Posted June 17, 2005 New info :!: May have solution. No time to xplain now, will post tomorrow after I try it :icon_study: Quote Link to comment Share on other sites More sharing options...
rikkkki Posted June 18, 2005 Author CID Share Posted June 18, 2005 Hi out there :!: This time I'm not going to be a "hero" and try this myself without some feedback from you guys :o try this link and read what Paul Ramsey has to say about how he go rid of the lsass.exe problem. About half way down. Quote Link to comment Share on other sites More sharing options...
cholla Posted June 18, 2005 CID Share Posted June 18, 2005 69 RAT I 'm just editing this instead of double posting the link works for me now.I don't know whether the fix will work or not.I will let someone with more knowlege on using that type of fix help you with it. Quote Link to comment Share on other sites More sharing options...
rikkkki Posted June 18, 2005 Author CID Share Posted June 18, 2005 OK good idea, I shall keep an eye out for any replies. I hope it's not something that's "too good to be true" It is something that I can do although I don't want something else to " pop up" when I get done doing it :!: Quote Link to comment Share on other sites More sharing options...
cak46 Posted June 19, 2005 CID Share Posted June 19, 2005 I had already tried a search with the registry but of course that's not a file. Then I just now tried a search of the value and came up with nothing. The funny thing is this started on Saturday when I was right in middle of researching lsass.exe and when I was " ending process" on task manager. When I clicked on lsass a window came up and told me that this cannot be deleted, so I clicked OK. and that was that. I was having trouble installing a new game, support told me delete everything except explorer and system tray. Well with XP that cannot be done. Later in the afternoon the window started popping up No, search your hard drive, not the registry, for the file. Has to be somewhere or it has been removed and the entry, which may be in win.ini, or one of the other ini files, is a dead call. Pauls fix: Looks like he is changing the attribute of the file but not absolutely sure. If all those files are supposed to use shared then it may function correctly. Don't know enough about writing batches for command line in XP to say whether it will do what it is supposed to do or not. Also, I did not see a post in the other forum saying that it had worked for someone either. If you're at the end of your rope and plan on doing a full blown reinstall anyway, I would try it at that point. Further down in the other forum it spoke of copying the files back from the xp cd, which might be a good idea as well heres a link to the search suggested in the other forum: http://support.microsoft.com/search/default.aspx?qu=lsass+error I guess it comes down to that in the worst case scenerio you'll need to format your HD, or at least delete the windows directory, and do a full blown re-install but if the batch file works, you're golden. I would like a copy of the that funky file if you can find it on your hard drive. Like to kick the tires on it, so to speak. Quote Link to comment Share on other sites More sharing options...
rikkkki Posted June 19, 2005 Author CID Share Posted June 19, 2005 HI cak46 I guess I was mixing two things with one. I searched the registry for the multiple dll thing and the hard drive for the lsass.exe. Microsoft finally came out of their shell and told me to go ahead and delete the dll entry/no results. I now have two entries on HD for lsass, one is right where it's supposed to be and has no virus and the other is in the Windows/software distribution/download file. Looks legit. They also had me turn off all services except MS and all startups/ no results. I just sent them a screenshot of my screen with the error on it. Still waiting for a word about that. I also noticed that Paul's fix was never replied to :icon_scratch: Hummmm, I can do what he says, but I'm not sure I could undo it :!: Quote Link to comment Share on other sites More sharing options...
cak46 Posted June 19, 2005 CID Share Posted June 19, 2005 You could cut and paste the batch file information and send it to ms for a quick once over. From looking at the search on MS, they have had a good number of problems with lsass. Edit: Yeah, thats why I'd only do it as a last resort to prevent the computer from mysteriously going out thru the nearest window . Quote Link to comment Share on other sites More sharing options...
rikkkki Posted June 19, 2005 Author CID Share Posted June 19, 2005 If you mean a copy of Pauls "fix" I can do that. I just put the whole thing in notepad and can email it to MS :haha: I sure hope it doesn't come to tossing it out the window. Last resort is clean install :cry: Get this, MS told me to make a screen shot of the error and then open mspaint and do some clicking around and then save to an email. Well no matter how you cut it, it ends up an attachment. Well they told me not to send it as an attachment cause it will be lost :!: So I took matters into my own hands (long story short) I opened a new email and went to insert and selected picture went to browse and selected screenshot and clicked OK and guess what? Picture is IN email :!: :icon_scratch: It seems that is what they should have a guy do in the first place Quote Link to comment Share on other sites More sharing options...
cholla Posted June 19, 2005 CID Share Posted June 19, 2005 69 RAT: I don't think this is a problem you are having with XP but here is something I found while looking about the problem with 98.98SE & ME aparently the capital I in these OS's looks just like the small L. Some hackers were hiding a virus this way I'm going to post examples of how it looks since I have ME I don't know if it will look that way on an XP OS. Ilsass.exe this one has a capital i for the first letter llsass.exe this one has 2 small L's On my PC they look identical. Quote Link to comment Share on other sites More sharing options...
cak46 Posted June 19, 2005 CID Share Posted June 19, 2005 If you mean a copy of Pauls "fix" I can do that. I just put the whole thing in notepad and can email it to MS Couldn't hurt.... Sounds likeMS is a bit baffled with this one. Maybe you'll be helping them out. That would be a hoot. You contact MS and find the fix for them, instead of them fixing it for you..... I just find that kinda ironic. Quote Link to comment Share on other sites More sharing options...
rikkkki Posted June 19, 2005 Author CID Share Posted June 19, 2005 Very interesting I just did a system search using a capitol L and came up with same results. BUT I have noticed that on different forums/sites that it is spelled the two different ways and I'm wondering if somewhere there might be a difference. When I type capital L and small l It's two different things as you can see. :icon_scratch: Hold it. The capitol I is the same as the small l . The mystery continues Quote Link to comment Share on other sites More sharing options...
cholla Posted June 19, 2005 CID Share Posted June 19, 2005 69 RAT: what I was saying is the capital I (i) looks like the small l (L) . This is a capital I (i) This is a small l (L) Quote Link to comment Share on other sites More sharing options...
rikkkki Posted June 19, 2005 Author CID Share Posted June 19, 2005 You're right Cholla, they look identical. I caught it myself and edited my previous post. I wonder if our systems could misread this : Naaaa do ya think? I'm going to try it right now with another system search using Isass.exe (I just typed that with a cap i :icon_study: Update: didn't work, when I typed in a cap i the actual type that showed was a typical i ya know like an i beam. Got no results at all :!:I'm going to go ahead and send MS this batch file change and see what they say. Quote Link to comment Share on other sites More sharing options...
cak46 Posted June 19, 2005 CID Share Posted June 19, 2005 If you mean a copy of Pauls "fix" I can do that. I just put the whole thing in notepad and can email it to MS :haha: I sure hope it doesn't come to tossing it out the window. Last resort is clean install :cry: Get this, MS told me to make a screen shot of the error and then open mspaint and do some clicking around and then save to an email. Well no matter how you cut it, it ends up an attachment. Well they told me not to send it as an attachment cause it will be lost :!: So I took matters into my own hands (long story short) I opened a new email and went to insert and selected picture went to browse and selected screenshot and clicked OK and guess what? Picture is IN email :!: :icon_scratch: It seems that is what they should have a guy do in the first place That kind of thing really builds your confidence in MS support doesn't it... You're right. Thats what they should have recommended. A little surprising that ms doesn't take attachments though... Must not have much confidence in the security of their OS products either... :haha: Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.