Serious Issue Lsass.exe

Hi I am new to the forums and have a serious issue. I have BitDefender Total Security 2009, I purchased it a week or two ago. I tried out the evaluation version a couple months ago, and after evaluating a few others, decided to go back to BitDefender. I havent had any serious problems since then...a few trojans were discovered and removed, and one that couldn't be removed I took care of by turning System Restore off and on. That was probably a few days ago, and I haven't had any problems since then. Today though, my girlfriend was on it and she says she shut it down and walked away, and when she came back it still hadnt shut down and an application was not responding. She ended the program now and shut down the computer. When she rebooted it Windows began to load but then a window came up with an lssass.exe error, and asks to terminate or debug the program. When either option is chosen, nothing happens. It sits on a black screen. I still have my laptop luckily, and read something on the net that suggested a sasser worm. Is this the cause of this? I have no idea how to go about fixing this. I am hoping that the contents of my hard drive are safe. I just paid 80 bucks for security...I'm kinda regretting it now. If anybody could give me some help with this, I would appreciate it very much. Thank you in advance.

Comments

  • Dear user,


    You wrote lsass.exe in the subject and lssass.exe in the topic. If the name is lsass.exe, the problem might not be related to malware.


    Are you still able to access Safe Mode or Safe Mode command prompt only? At the black screen are you able to use ctrl+alt+delete to access the task manager?

  • It is "lsass.exe" sorry about the typo.


    Something about referenced memory not being able to be "written."


    Click OK to Terminate CANCEL to debug...neither does anything.


    Anyways ctrl-alt-del doesent do anything I have to press the power button to turn off the computer.


    It does the same thing in safe mode. Even if I try to use command prompt only. Same thing every time, no matter what I do.


    Thank you for responding to my post...I'm just about sick over this.


    Also, I didn't post this in the Malware category originally, it was moved here sometime last night.


    Thanks again.

  • csalgau
    csalgau ✭✭
    edited December 2008

    Dear user,


    The lsass.exe file is the Local Security Authentication Server service. While this may, to some degree, be related to malware, the only thing that comes to my mind right now is a corrupt user logon database. I see no good reason for any piece of malware to go to the trouble of injecting lsass.exe at boot to crash it. This may, although, happen if the lsass service hanged for some reason on shutdown.


    The alternative to this, if we were to assume the computer is infected with something, would be that the malware has incorrectly injected the lsass.exe process and has altered the execution thread by mistake due to unknown file version or something like that.


    In any event, solutions would be to try and select "last known good working configuration" on boot - there might be a copy of the needed files there if they are corrupted. If that fails, you will probably have to do a repair install using your Windows installation CD.


    Please note that the Sasser worm and its variants exploited a vulnerability in Windows 2000 and XP. The crashes experienced by users infected with the worm were not intentional and were due to defective coding in the worms injection process. They ended in timed reboots at random moments, not at boot time.


    The worm appeared after Microsoft fixed the problem but users failed to update. An antivirus/firewall solution is not a drop-in replacement for a properly updated operating system.

  • It seems I was able to restore everything to the last known good configuration. I'm still kind of confused about what actually happened. I've never had this issue before, so I was pretty clueless. Anyways, thanks for all your help.

  • Do you have Windows updated ? (XP SP3 or Vista SP1 ? )