RE: Lsass.exe System error XP Home SP2



kazzabojangles
07-10-2005, 12:48 AM
Did you manage to solve this problem? I am having exactly the same problem
but this is the first system I have attempted to build. Everything was going
fine then this error message started to appear. It goes on to restart the PC
2 or 3 times then you can get past it and log on to windows ok! I havent got
as far as installing a modem so I am baffled as to the cause. HELP!

"My Toy" wrote:

> I have been receiving the following erroe message on a system I am building
> Lsass.exe-System Error
> "An I/O operation initiated by the Registry failed unrecoverably. The
> Registry could not read in,or write out, or flush, one of the files that
> contain system's image of the Registry"
> To me, this seems to be a software error, or an error generated because of a
> corrupted file when Lsass.exe executes. so I ran fdisk, took out the
> partitions, set them again, reformatted and reinstalled the operating system.
> I have flushed the MB registry several times,still the same message. Any ideas

David H. Lipman
07-10-2005, 12:48 AM
From: "kazzabojangles" <kazzabojangles@discussions.microsoft.com>

| Did you manage to solve this problem? I am having exactly the same problem
| but this is the first system I have attempted to build. Everything was going
| fine then this error message started to appear. It goes on to restart the PC
| 2 or 3 times then you can get past it and log on to windows ok! I havent got
| as far as installing a modem so I am baffled as to the cause. HELP!
|
| "My Toy" wrote:
|


Download the patch (below). Put the patch, Stinger and Sysclean (below) on media (CDROM,
ZIP
Disk, USB Flash drive, etc) disconnect the affected PC from the Internet and install the
patch. Then reboot the PC and perform the following scan of the PC using Stinger and Trend
Sysclean !

Go to; Start --> Run
enter; shutdown -a

This will halt the shutdown and give you a chance to Download the McAfee worm removal tool,
Stinger: http://vil.nai.com/vil/stinger/

Please read the following URL:
http://www.microsoft.com/security/incident/sasser_printxp.mspx

Please install the patch that fixes the Lsass vulnerability that the Sasser and other
infectors exploit --
KB835732
http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en

You also need a FireWall.
If you don't patch the PC and not use a FireWall then you will just be re-infected.

I also suggest the installation of ALL MS Critical Updates ASAP.


Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear

1) Download the TrendMicro Sysclean Front End

Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe


2) Download and install Ad-aware SE
(free personal version v1.06)
http://www.lavasoftusa.com/
Update Ad-aware with the latest definitions and then exit the software.

3) Execute; SYSCLEAN_FE.EXE
Choose; Unzip
Choose; Close


Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
when you get to the menu dhoose [1] so you can boot into Safe Mode.

4) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

5) Reboot your PC into Safe Mode and shutdown as many applications as possible.

6) Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
Choose [2] on the menu and let SYCLEAN.COM scan your computer.
when done, execute Ad-aware SE and perform a full scan of your PC and delete
all objects found.

7) Restart your PC and perform a "final" Full Scan of your platform
Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
Choose [2] on the menu and let SYCLEAN.COM scan your computer.
when done, execute Ad-aware SE and perform a final scan of your PC and delete
all objects found.


8) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),

9) Reboot your PC.

10) Create a new Restore point


* * * Please report back your results * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

kazzabojangles
07-10-2005, 12:48 AM
Thankyou for responding. I can't understand how I could be infected when
this PC has never been connected to the internet. Is it possible that it
could be to do with the fact that I purchased the XP full version disk from a
Computer Fair? Is it possible that this could be the cause of the problem?

"David H. Lipman" wrote:

> From: "kazzabojangles" <kazzabojangles@discussions.microsoft.com>
>
> | Did you manage to solve this problem? I am having exactly the same problem
> | but this is the first system I have attempted to build. Everything was going
> | fine then this error message started to appear. It goes on to restart the PC
> | 2 or 3 times then you can get past it and log on to windows ok! I havent got
> | as far as installing a modem so I am baffled as to the cause. HELP!
> |
> | "My Toy" wrote:
> |
>
>
> Download the patch (below). Put the patch, Stinger and Sysclean (below) on media (CDROM,
> ZIP
> Disk, USB Flash drive, etc) disconnect the affected PC from the Internet and install the
> patch. Then reboot the PC and perform the following scan of the PC using Stinger and Trend
> Sysclean !
>
> Go to; Start --> Run
> enter; shutdown -a
>
> This will halt the shutdown and give you a chance to Download the McAfee worm removal tool,
> Stinger: http://vil.nai.com/vil/stinger/
>
> Please read the following URL:
> http://www.microsoft.com/security/incident/sasser_printxp.mspx
>
> Please install the patch that fixes the Lsass vulnerability that the Sasser and other
> infectors exploit --
> KB835732
> http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en
>
> You also need a FireWall.
> If you don't patch the PC and not use a FireWall then you will just be re-infected.
>
> I also suggest the installation of ALL MS Critical Updates ASAP.
>
>
> Dump the contents of the IE Temporary Internet Folder cache (TIF)
> Start --> Settings --> Control Panel --> Internet Options --> Delete Files
>
> Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
> Tools --> Options --> Privacy --> Cache --> Clear
>
> 1) Download the TrendMicro Sysclean Front End
>
> Download the utility SYSCLEAN_FE at the following URL --
> http://www.ik-cs.com/got-a-virus.htm
> SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
> Direct URL --
> http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe
>
>
> 2) Download and install Ad-aware SE
> (free personal version v1.06)
> http://www.lavasoftusa.com/
> Update Ad-aware with the latest definitions and then exit the software.
>
> 3) Execute; SYSCLEAN_FE.EXE
> Choose; Unzip
> Choose; Close
>
>
> Execute; c:\sysclean\SYSCLEAN_FE.BAT
> { or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
> when you get to the menu dhoose [1] so you can boot into Safe Mode.
>
> 4) Disable System Restore
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
>
> 5) Reboot your PC into Safe Mode and shutdown as many applications as possible.
>
> 6) Execute; c:\sysclean\SYSCLEAN_FE.BAT
> { or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
> Choose [2] on the menu and let SYCLEAN.COM scan your computer.
> when done, execute Ad-aware SE and perform a full scan of your PC and delete
> all objects found.
>
> 7) Restart your PC and perform a "final" Full Scan of your platform
> Execute; c:\sysclean\SYSCLEAN_FE.BAT
> { or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
> Choose [2] on the menu and let SYCLEAN.COM scan your computer.
> when done, execute Ad-aware SE and perform a final scan of your PC and delete
> all objects found.
>
>
> 8) Re-enable System Restore and re-apply any System Restore preferences,
> (e.g. HD space to use suggested 400 ~ 600MB),
>
> 9) Reboot your PC.
>
> 10) Create a new Restore point
>
>
> * * * Please report back your results * * *
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

David H. Lipman
07-10-2005, 12:48 AM
From: "kazzabojangles" <kazzabojangles@discussions.microsoft.com>

| Thankyou for responding. I can't understand how I could be infected when
| this PC has never been connected to the internet. Is it possible that it
| could be to do with the fact that I purchased the XP full version disk from a
| Computer Fair? Is it possible that this could be the cause of the problem?
|

Possible but not probable.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

News
07-10-2005, 12:48 AM
"kazzabojangles" <kazzabojangles@discussions.microsoft.com> wrote in message
news:F79978BC-C57D-4543-A7AC-41D365423B91@microsoft.com...
> Did you manage to solve this problem? I am having exactly the same
> problem
> but this is the first system I have attempted to build. Everything was
> going
> fine then this error message started to appear. It goes on to restart the
> PC
> 2 or 3 times then you can get past it and log on to windows ok! I havent
> got
> as far as installing a modem so I am baffled as to the cause. HELP!
>
> "My Toy" wrote:
>
>> I have been receiving the following erroe message on a system I am
>> building
>> Lsass.exe-System Error
>> "An I/O operation initiated by the Registry failed unrecoverably. The
>> Registry could not read in,or write out, or flush, one of the files that
>> contain system's image of the Registry"
>> To me, this seems to be a software error, or an error generated because
>> of a
>> corrupted file when Lsass.exe executes. so I ran fdisk, took out the
>> partitions, set them again, reformatted and reinstalled the operating
>> system.
>> I have flushed the MB registry several times,still the same message. Any
>> ideas



I had a problem with this and it turned out to be virus kind of activity. I
did a clean installation and it fixed it in the end.


RE: Lsass.exe System error XP Home SP2