"lsass.exe: System error" every time I boot Windows?

I had a variant of the LSASS worm on my mother's computer. I had tried both Kaspersky AV and AVG Free, both neither could remove the worm. I'm to the point where I will be installing Debian GNU/Linux on her computer the next time I am at her home. The only thing that had stopped me in the past from this was lack of a linux-useable dial-up modem, but now she's on DSL which linux handles perfectly. I recommend Linux to any PC user because of its relative lack of secuirty issues.

Wrong answer. I have the same issue and there's no way its the sasser work (or any other virus). I've restored from a known-good tape system onto new disks and get the same error. In short, I'm screwed.

Hi Dave,

The problem as you clearly mentioned is that the PC doesn't even boot at all! (it doesn't go beyond the "loading windows xp " screen) Hence, there is no way one can log into windows and take the following steps to solve the problem and remove the virus.

I am currently suffering from this and I'll appreciate any immediate solution (or ink to a soultion), please, please, please

Dear Sir,
In my computer I have two Operating systems in C drive and D drive. both are Windows xp Service pack2 Beta versions. initially both are working OK. Now in D drive Operating system is working but in C its not working. while I am trying to booting through c: drive It will take 30 to 40 seconds and without any message it will restart. Still I am trying to go to Safe mode. but it is not possible to me. in this situation what i have to do to boot winodws xp normally and without lossing the data of C drive. Please give me sollution for the above. Thanking you sir.

i'm currently going throught his myself and the only solution to this unfortunate problem isd to reinstall windows

I am having the same problems mentioned most recently (since Oct), running XP home edition. It gets to the splash screen and says lsass.exe system error, object name not found.
The last thing I did was update windows. I have 2 AV, bitdefender, kerio, don't use outlook or any other PC-based email and I sit behind a switch with a private IP. So, I'm wondering if this isn't one of those microsoft worms. Off to find the original windows CD.
Any ideas?

hi,
i have an almost similar problem.my internet speed is teribly slow and the ping results are very high.when i installed a wireless usb device on the pc when i rebooted it after the installation,it gave me a lsass.exe-system Error and said that :an I/O operation initiated by registry failed unrecoverably.The Registry could not read in,or write out, or flush,one of the files that contain the systems's image of the Registry.pls help..what can i do?????

If your computer keeps booting after your get the lsass.exe error, your security registry hive is corrupt.

rename "c:\windows\sytem32\config\security" to security.bak

then copy c:\windows\system32\repair\security to the location above.

that should do it.

My husband's PC just experienced the same error and we can't boot up the PC at all. Nothing worked and I had to reinstall Windows and every application we've ever installed on that PC. We use Norton Anti-virus and Internet Security and we also have Spy Sweeper. We keep up with all updates for both Windows and Norton and Spy Sweeper and still got the worm. Go figure!

Hi

My laptop has come up with this error "when trying to update password, this return status indicates that the value provided as the current password is not correct" Before this it said that C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM was missing or corrupted so I replaced it with one in my back up it now gives me the error at the top how can I fix this would putting the original file that didn't work make it easer to fix?

David

Sounds like the same problem I have. I have been experiencing very poor performance from Office programs on my 3 month old Vaio running XP Home (pre-installed). The problems seemed to be caused by Norton Internet Security (I disconnected my wireless internet connection, disabled Norton and Word and Outlook worked much quicker). I decided to install the OneCare trial. During the install I was forced to remove Norton Internet Security, but apart from that everything went OK. When the machine was shutting down I got an error box saying there was an I/O error and a reference to the registry?

When the machine restarted it hung at the Windows XP logo screen, before the user log in page. I tried to restart in safe mode and it hung a driver (mup.exe). I then restarted again and Chkdsk ran and the machine hung at a black screen with a mouse pointer. I then restarted again and I got the following message box.

lsass.exe - Unable to locate Component

This application failed to start because UxTheme.dll was not found. re-installing the application may fix this problem.

When I click OK the machine hangs at a black screen with the mouse pointer, then reboots itself, runs chkdsk and hangs with the following message box

lsass.exe - Unable to locate Component

This application failed to start because DNSAPI.dll was not found. re-installing the application may fix this problem.

I don't have an XP disk as XP was pre-installed - I know I should have created one. I have a full backup using Norton Ghost on an external hard drive - will there be a XP boot on that and, if so, how do I get to it?

My computer has been down for 3 weeks-still no fix.Win XP Home wont boot.Cant get online to download any fixes.Cant access system to do system restore. Goes to Lsass.exe and quits.Just keeps rebooting.Its not a virus as I was changing accounts and security and must of made an incorrect entry that triggered the Lsass.exe.I don't have a win Xp Home disk as it was preinstalled when I purchased computer.Please help. Thankyou

I have the same problem. My computer's been crashing from an overheating problem lately and yesterday it gave me a 'system file corrupted' error. So i followed the MS kb article about restoring the registry files in the system32/config folder, and now its giving me the exact same error you guys are getting.

I tried replacing the scurity file from the /repair folder but that didn't fix it either.

Someone please help!

I have the same problem - windows won't even load up and I get the lsass.exe - unable to locate component error message

What is the fix? - I don't see it anywhere on this page?

Windows is complete garbage, but unfortunately we are almost required to use it nowadays. What the other people say is true; you will end up having to format your HD and install Windows XP again. I had that error before, as well. What none of the Microsoft Techs, or most other advocates of this horrible OS, will tell you is that there is a way to get the data off that you need.

You use something called a LiveCD / LiveDVD. It is a version of Linux that is booted from the disk itself. You can use it anytime that you would like. Hell, my Windows works fine and I use it my computer occasionally just for kicks. By booting the computer while this disc is in the drive, you can boot into Linux before Windows. This will allow you to use a CD/DVD burner (internal or external) or a flash drive to get all of your data off and onto discs or another computer temporarily. Just be sure that all peripheral devices (including removable media) are plugged in prior to booting into Linux, otherwise Linux may not recognize it.

I had this problem and managed to fix it without a reinstall.
Create the disc at www.ubcd4win.com on a good pc and boot off of it on the bad one. Once in go to Start, Programs, Registry Tools, Registry Restore Wizard. Tell it where Windows is installed (C:\Windows usually). Then pick the date that you want to roll back to. I chose the one closest to todays date and it recovered it fine. Reboot and bingo! It's back. (Well it was for me...!)
Hope this helps someone!

Jon Morris' advice of

"
If your computer keeps booting after your get the lsass.exe error, your security registry hive is corrupt.

rename "c:\windows\sytem32\config\security" to security.bak

then copy c:\windows\system32\repair\security to the location above.

that should do it."

Worked perfectly. You can use your XP disk to boot into recovery mode (recovery mode is just a DOS prompt, there's no reinstallation), or if you don't have an XP CD (and you can't borrow one), you may need to look at a third party tool.

Great advice though, thanks Jon.

I've been getting a diffrent type of lsass.exe error. it tells me "An invalid parameter was passed to a service or function" I tried to repair windows with the XP disk and halfway though the setup it had a crititcal system error and now when it restarts the setup I get the lsass.exe during it. So now for some reason I cant get into the recovery console.

any ideas?

I get "lsass.exe System Error. The specified domain did not exist" then an "OK" button to click. Clicking this button (or the "X" that closes this little window")reboots the computer for another cycle of the same thing. I'm going to try some of the above fixes.

just to quote the following comment

Jon Morris' advice of

"
If your computer keeps booting after your get the lsass.exe error, your security registry hive is corrupt.

rename "c:\windows\sytem32\config\security" to security.bak

then copy c:\windows\system32\repair\security to the location above.

that should do it."

Worked perfectly. You can use your XP disk to boot into recovery mode (recovery mode is just a DOS prompt, there's no reinstallation), or if you don't have an XP CD (and you can't borrow one), you may need to look at a third party tool.

Great advice though, thanks Jon.

the actuall directory of "c:\windows\system32\repair\security" is as follows "c:\windows\repair\security"

Ah yeah, and it's "C:\Windows\System32\Config\Security" not "C:\Windows\Sytem32\Config\Security" as well.

Just before someone finds it doesn't exist.

I went to www.ubcd4win.com (on a good computer) and created a boot CD like one of the posts above mentioned. This boot CD allows you to get into your computer in a psuedo-safe mode so you can at least work on your registry. If you have a CD burner on the bad computer you can also burn files onto a CD to at least recover data if you need to. I couldn't get it to recognize a flash drive though, it would only recognize my installed drives. I found it alot easier than working through the recovery console because you can copy, paste and rename files just like in windows explorer. I was able to change all the files as mentioned in previous posts and my computer was back to normal...for now. =)

i am using xp and it gets corrupted within 20 days of installation . it displays a message that " windows is unable to boot it might have occured due to hardware changes" . infact i never changed any hardware ever and i use my pc normaly. everytime i shutdown properly but this problem persists for last 4 months pls tell me the solution.

rebooted my laptop,
got the message windows cant locate win\sys32\config.sys, may be missing or corrupt,
tried reinstalling the OS
tried fresh install
tried repair install
after setup, chkdsk runs and scans the file system,
scrolling windows startup,
blue screen without logon icons,
error - lsass.exe invalid command was requested.
keeps rebooting and get various lsass.exe error messages.
H E L P !!!

I've downloaded the software.to a system and have burnt it on a cd...
How do I install it when the system cannot log me in?

Instructions would help...

sir,when i boot my win 2003 server pc.it showing lsass.exe file error and sys is nt logging

Hi All

Thank you very much for your advice I had the lsass.exe problem and the comment from jon morris help me fix it. I used Knoppix v5.1 to edit and copy the files on the windows disk it is now being scanned.

Thanks

Kevin

Dear Dave
i have noticed recently that every time i start (boot) my pc it gives the message of updating systme setting. Why it so. Are there any virus which attempt to write in boot area on every boot. How can i correct? Does it need to be corrected?

Hi I,ve tried to repair the security file but I still have the same problem, any suggestions other than re-installing windows?

Pleeeeeze spell it out , exactly, for us dummies.
lsass.exe is killing us.
I can get into the recovery console and rename and copy.
what "above location" are you referring to?
please, type out exactly what to do...thanks

I had this problem with Windows 2003 Server!

- Boot with your Windows system CD
- Go into the repair console
- Now change directory to the C:\windows\system32\config (cd blah blah)
- type: rename security security.bak
- enter
- type: copy c:\windows\repair\security .
- enter
- type: exit
- enter
- or reset the computer manually

Works like a charm, thanks to Jon!! Cheers!!!

Well, I cheered to early.
The first LSASS problem is gone, but on Windows 2003 Server, there will be some pretty hard nuts to crack with regards to the Active directory and SAM.
Without a backup, you can forget about getting Windows 2003 server running properly again.....

I tried the posted solution but now the windows recovery console won't take my administrators password ????

i have win2000 when i on my pc then this take a lot of time to boot. and it is on network and i cheked wire also wire is ok when it boot after a lot of time then i cheked by ping and show reply .
pls tell me how it comes in fast boot.

Just FIXED my problem by following Joh Morris'; advice...Thanks so much Jon.

Requoting Jon Morris' advice of

"
If your computer keeps booting after your get the lsass.exe error, your security registry hive is corrupt.

rename "c:\windows\system32\config\security" to security.bak

then copy c:\windows\system32\repair\security to the location above..."

I have a emachine an it doesn't have "c:\windows\system32\repair folder. Or could I be misreading the instructions. Should I be at the dos prompt or in the windows folder. My computer is doing the same as everyone else and I do not understand the steps. Could someone help me please?

I also can`t even access the computer via safe mode, and a message saying that "there are insufficient system resources available to complete the API"

hi, when i try Jon Morris' advice of

"
If your computer keeps booting after your get the lsass.exe error, your security registry hive is corrupt.

rename "c:\windows\sytem32\config\security" to security.bak

then copy c:\windows\repair\security to the location above."

when i reboot windows the problem continued.
can somebody help me please. can i get step by step instructions. cause nothing is working for me.

Hello

Ive got the lsass.exe problem with the rebooting-cycle thingie..

I tried to do the step by step instructions from above but i havnt got a dir called "c:\windows\system32\repair\ <-" the only "repair" dir ive got is located in the windows directory.. can i use that "security" file?

hi love ur site i am trying to fix a problem
rundll
an exception occured while trying to run
c/windows /system 32 spads .dll derify
also
st trayapp.exe application error
the instruction at 0x10006235 ref memory ox0000003c the memory could not be read

u guys do know that if you start your system on safe mode, and sighn in as administrator instesd of owner, you can run your spyware protection and remove the threat. this worked for me today, i was cought in the issas loop also. ignore the "it is not recogmended to scan in safe mode" warning. after scanning restart your computer. be sure to restart, not shutdown. let your computer boot-up normally and run your virus and spyware protection again. after doing so restart your computer and boot it normaly. doing this worked for me, so it should for you.

I seem to be having a similar problem. My system file became corrupt, and I, knowing how to repair this, did exactly that. Well, it seemed my whole system32 files were corrupt, so I ran the repair console on everything. After repairing the sam file and the security file, the computer reboots itself and gives the error that updating the password was invalid. So, I tried getting into the recovery console again, but then it asked for the Administator password. (There isn't one). I can't even repair the files, any help on this?? Thanks!

GUYs i got the error too it says

isass.exe system error

it says some nmber and a error

i will say tat to u and i\even if i log on safe mode i am not able to get it

I just got this @(#&$* lsass.exe problem.

My computer will not boot up, period! No matter how many options I try from the F8 screen (safe mode, dos prompt, etc.) it always ends up at the lsass.exe error screen (either lsass.exe has passed a function to another program OR the password file is not as expected; or something similar to those words) and the system reboots.
I can never get to a screen in windows OR to a DOS promt to make any file or registry changes to circumvent this nasty B*^tch!

PLEASE HELP ME!!!!

I have tried to boot from the original WIN XP PRO CD, but when I do recovery mode, it asks for a administrator password but leaving "Blank" or putting in my windows administrator password doesn't work, and it crashes after 3 tries.
I tried to do a system restore/repair mode, but when it is finished and re-boots, it returns to the lsass.exe error!!

I have tried booting from a DOS floppy, but even then the when I trie to access "C" drive, it tells me "invalid drive"!!!

I am at my wits end!

PLEASE can anyone help me?

All I want to do is be able to access the C drive to save my data and then I'll reformat the whole thing....

I normally don't respond to these forums but my heart goes out to you fellas.

The reason the administrator password does not work anymore is because when you restore the files from the repair directory, they already have an administrator password associated with them from the OEM (DELL for instance).

Recovery the registry and system files by using www.ubcd4win.com

The correct way to do Jons Tutorial is this

1. Boot into the recovery console using your Windows XP CD.
2. Type: CHDIR sytem32 and press Enter.
3. Type: CHDIR config and press Enter.
4. Type: Rename Security Security.bak and press Enter.
5. Type: Copy C:\Windows\repair\security and press Enter.
6. Type: Exit and press Enter (this will restart your computer).

If all goes well, your PC should work. If not try this:

Quote from above:
"I had this problem and managed to fix it without a reinstall.
Create the disc at www.ubcd4win.com on a good pc and boot off of it on the bad one. Once in go to Start, Programs, Registry Tools, Registry Restore Wizard. Tell it where Windows is installed (C:\Windows usually). Then pick the date that you want to roll back to. I chose the one closest to todays date and it recovered it fine. Reboot and bingo! It's back. (Well it was for me...!)"

Hope this helps someone!

When I change the memory in my e-machines PC (trying to put 1GB, which memory mfg says is below maximum, I get the lsass.exe error that says "endpoint format is invalid", and it will not continue to boot. When I put the old 256MB memory back, it's OK. Any ideas???

I have read some of your suggestions. I am wondering if you could help me. I can't get my laptop to turn on the right way. I went to boot it up and I got this window that said lsass.exe with a message that read application error must terminate application, click OK. Not knowing, I did just that. Now I can't get the laptop on to fix the problem. How can I fix this problem without spending hundreds of dollars?
Thanks.

Dave the time on my pc changes all whenever I restart my pc the time zone and the date remains OK

Iam yet another victim of the lsass.exe error. I have tried most of the advice that I have read and I still have the problem "Unable to locate component LSASRV.dll" along with the black screen and being locked out of safe mode etc...

One thing I haven't been able to figure out though is how to run the UBCD4WIN program. I downloaded it onto CD but I can't get the CD to start up when booting my computer. Any advice? Safe Mode is not an option, since it won't even boot in safe mode.

You have to run the UBCD4Win program from a working computer and then it will create an ISO to burn to a CD. Stick it in and reboot your PC.

I have a hard drive with this issue. I have other functional computers. Can I put this corrupted hard drive into a working computer as a secondary or slave drive and then clean it up and then put it back into the computer the drive is in now?

I was burning a song on my floppy drive.I started getting an error I/O no disk . The it starting effecting both of my floppy drives. then it starting effecting my a drive. Now when I boot my computor all I get is a black screen saying I/O error no disk. Can't get past this.

I have been battling this system 32 error for over a month at least. I have Formatted and reinstalled XP at least 10 times and now can't even install it anymore. Now am using Windows 2000 and am having problems with that too. My computer reboots and I have seen so many errors and blue screens I just laugh. To whoever lost their disc, hopefully you have your key, that is what you need the most. You can always get a copy of the CD.

is there a default admin password for windows? Coz my admin password was reset when i run recovery console (to recover system32) it did boot up but the LSASS.exe keeps rebooting the pc. and now when i return to recovery console it asks for admin password. Is there a default password for this =(

Hey Dave .. It's A Great Site .. It's WONDERFUL !!!!! Keep Up The Good Job ;)!

I Have A Problem Hope You Can Help Me To Fix It ..

I Have An Ecellent Connection * But * I Can't Enter Facebook !! I Mean It's too slow

It wasn't like this before !! I Can't Even Enter The Homepage !
OTHER WEBSITES ARE GREAT .. BUT I HAVE PROBLEMS ONLY ON www.facebook.com

Please Help Me :( And Thanks A Lot ♥
Best Dave Everr ;)! Haha

Except one or two odd all are out of track.

Problem is window is still in installation process.

Most of the discussion is for installed OS.

Is there any real solution.

I also facing the same problem while try to reinstalled from restore CD of my daughter laptop purchased with the machine in UK. - Toshiba Satellite M50-130 with window XP home.

Laptop purchased around three years back.

AFAQ

Quoted Above: "I had this problem and managed to fix it without a reinstall.
Create the disc at www.ubcd4win.com on a good pc and boot off of it on the bad one. Once in go to Start, Programs, Registry Tools, Registry Restore Wizard. Tell it where Windows is installed (C:\Windows usually). Then pick the date that you want to roll back to. I chose the one closest to todays date and it recovered it fine. Reboot and bingo! It's back. (Well it was for me...!)
Hope this helps someone!"

Thanks Matthew for this nice suggestion, i think i saved my desktop to live for another day... it almost took me 2hours to burn the .iso but i dont know why... it's easy to use... burn .iso ---> boot--> registry restore ---> restart and ur computer is same as before being attacked by lsass.exe

I've had a similar problem of the Lass.exe operation. When i try to log into my computer, my account is there, and i can click on it and access it perfectly fine. When i get into my account, i have my blue screen with my cursor (which can move around freely) but no icons, no start menu, no nothing. I tried opening up task manager, and everything seemed to be okay, except the CPU usage was spiking up and down a lot, and so was my network connection. I tried restarting it, shutting it down, and it still came back to the blue screen. I even tried safe mode, and it froze on a black screen with all of the "safe mode" annotations around the sides. My cursor, however, can still move and i could still access taskmanager. No avail. Please help ASAP, as i have not been able to work on it for the past few days.

This post is pertaining to the "lsass.exe error". The error could be "invalid parameter passed" or suspected infection of "Sasser.Worm ".

The scenario being "The user is stuck in a position where he/she does not have the access to get past the restarting cycle.Effectively not able to do any changes or modifications suggested."

To have checklist(before attempting to troubleshoot)
Access to another computer with internet connectivity with CD burner.
WINXP BOOT CD.
Ultra ISO installed on the computer with access to Internet.
--------------------------------------------------
The process.

Log on to the other computer.

open the the below link in the browser.
http://www.avast.com/eng/avast_bart_cd.html

Request for an evaluation copy by way of email.

If you receive the BART CD link fine.

Else Google for creating a Bart CD which is pretty simple.

"Assumption the user has received BART CD IMAGE file download link"

Download the image file.

Visit the below link and download the Sasser worm removal tool.

http://www.symantec.com/security_response/writeup.jsp?docid=2004-050116-1831-99

Open the image file with ultraiso.

Using the add file option add the sasser worm removal tool.

Burn the image file to a CD.
-------------------------------
Trouble shooting.

Power on the system which has to be repaired.

Get into the bios settings an set the boot priority to "BOOT FROM CD/DVD".

Save the settings.

Restart the system and boot with the BART CD.

Run a full scan of your system using the virus scanner.

This would ensure in eliminating if your system has been compromised by other malwares.

You can skip the above option based on your discretion.

Now run the Worm removal tool on the CD.

This would ensure the removal of sasser worm in the event of your system being infected.

Once the worm removal tool is through with it's scan,restart the system booting from the XP CD

Select the option of full install.
Press F8 to accept the EULA.
The existing installed path would be displayed with options of repair,install and exit.

Select the option of Repair.(Do not select the option of fresh or full install).

You can see the drivers and other files being installed which are relevant to your system.

In the process of the repair there is a fair possibility of you encounter the same error.

Press OK at the error message and the system would restart.

Boot the system with BART CD and use the "Servant Salamander" option.

This would give you full privilege to the files on the system and has user friendly navigation.

Next Browse C:\windows\repair.

Use CTRL and left click mouse to select the following files.

System
default
SAM
Software
Security

Right click the mouse and use the copy option to copy the selected files.

Paste(overwrite) the selected files at
C:\Windows\System32\Config

Restart the system

You would find the windows screen displaying "Applying settings" or something similar.

Subsequent to a restart,Windows installation would resume similar to a normal installation.

Your system would have been restored clean.

If you had run an Anti virus Scan or did a registry clean using the BART CD, you might have to reinstall the audio video drivers (remote chances).

Important:
The first process you need to implement after the restoration is have the latest updates installed from Microsoft website.

This post of mine has been compiled to the relevancy from postings from various forums and quite a bit of Google.

I have tested this on couple of machines and works fine.

This Post has been compiled after testing for the benefit of end users who are not comfortable with
Technical Jargons and machine level workarounds.