Dave, I am runnng Windows XP, I have performed system restore and now when I start up I get the error message, “lsass.exe. system error”. in the box it says when trying to update this return status indicates that the value provided as the current password is not correct.
It then closes down and starts up again and I get the message and it will not start up!! it keeps going round and round. It does the same in safe mode. I have tried to press f8 and install windows from the discs but this does not work. My XP is on a partition. I have no floppy drive on my other pc. What do I do??
There’s a strong possibility that this is a virus, unfortunately. The LSASS process manages user logins, and as such is a common target for infections on PCs running various versions of Windows.
Here’s a description of this virus from Trend Micro:
“This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. To propagate, it scans the network for vulnerable systems. When it finds a vulnerable system, this malware sends a specially crafted packet to produce a buffer overflow on LSASS.EXE. This worm can cause LSASS to crash and force Windows to restart.”
Microsoft indicates in a security bulletin entitled Windows XP Users: What to do if your computer has been infected by Sasser that you should:
- Disconnect from the Internet
- Stop the shutdown cycle
- Mitigate the vulnerability
- Improve system performance
- Enable a firewall
- Reconnect to the Internet
- Install the required OS update
- Check for and remove Sasser
The exact steps are outlined on Microsoft’s site, and they also link to a malware remover too, the Microsoft Windows Malicious Software Removal Tool.
In general, I strongly recommend that everyone running Windows have both a robust antivirus and antispyware application running. On my systems, I use Symantec’s Norton Antivirus for antivirus, and Webroot’s Spy Sweeper for stopping spyware, malware, and other infections. So far, so good.
Also, make sure you’re completely up-to-date with your system updates from Microsoft. I have my systems configured to automatically check for updates from Microsoft and apply them if they’re critical security fixes. Ya can’t be too safe.
Good luck with this situation!!