Dave, I am runnng Windows XP, I have performed system restore and now when I start up I get the error message, “lsass.exe. system error”. in the box it says when trying to update this return status indicates that the value provided as the current password is not correct.
It then closes down and starts up again and I get the message and it will not start up!! it keeps going round and round. It does the same in safe mode. I have tried to press f8 and install windows from the discs but this does not work. My XP is on a partition. I have no floppy drive on my other pc. What do I do??
There’s a strong possibility that this is a virus, unfortunately. The LSASS process manages user logins, and as such is a common target for infections on PCs running various versions of Windows.
Here’s a description of this virus from Trend Micro:
“This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. To propagate, it scans the network for vulnerable systems. When it finds a vulnerable system, this malware sends a specially crafted packet to produce a buffer overflow on LSASS.EXE. This worm can cause LSASS to crash and force Windows to restart.”
Microsoft indicates in a security bulletin entitled Windows XP Users: What to do if your computer has been infected by Sasser that you should:
- Disconnect from the Internet
- Stop the shutdown cycle
- Mitigate the vulnerability
- Improve system performance
- Enable a firewall
- Reconnect to the Internet
- Install the required OS update
- Check for and remove Sasser
The exact steps are outlined on Microsoft’s site, and they also link to a malware remover too, the Microsoft Windows Malicious Software Removal Tool.
In general, I strongly recommend that everyone running Windows have both a robust antivirus and antispyware application running. On my systems, I use Symantec’s Norton Antivirus for antivirus, and Webroot’s Spy Sweeper for stopping spyware, malware, and other infections. So far, so good.
Also, make sure you’re completely up-to-date with your system updates from Microsoft. I have my systems configured to automatically check for updates from Microsoft and apply them if they’re critical security fixes. Ya can’t be too safe.
Good luck with this situation!!
Had os windows for a long time,. 2yrs ago I switched to OS:10 and will never personally have to deal with these issues at home again. I havent delt with virisus and pop ups in 2yrs But I thank everyone for the great info for me to solve my fun families computer problems 🙂
Matthew Cremore deserves a million thanks. I had the lsass.exe application error which seemed like certain death for my computer (and for me). In any case, couldn’t get to to the Registry Tool fix but through the UBCD4WIN solution I was able to use the Parted Magic interface and grab all of my files and back them up. Thanks.
Technical information on sasser:
http://www.symantec.com/security_response/writeup.jsp?docid=2004-050116-1831-99&tabid=3
Removal tool: http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FxSasser.exe
To prevent the shut down, do the following:
Disconnect the computer from the network/Internet connection. (Disconnect the cable if necessary.)
Restart the computer.
As soon as Windows opens and you see the Windows desktop, click Start > Run.
Type:
cmd
and press Enter.
Type:
shutdown -i
and press Enter.
In the Remote Shutdown Dialog that opens, do the following:
Click Add, type your computer name into the Add Computers dialog box, and then click OK.
In the “Display warning for” field, type 9999.
Type the following text in the Comment box:
Delay Lsass.exe shutdown.
Click OK.
Reconnect the network/Internet connection.
Notes:
You may have to try this several times, as you only have about 20 seconds to do steps 3 to 6.
This will not work on Windows 2000.
I coppied this from symantec’s removal site.This may help you guys delay shut down made by sasser and help to download a fix
After weeks of antivirus scans and searching the internet, I was close to reinstalling Windows XP.
This MS site solved the problem straight off.
http://support.microsoft.com/kb/883268
Hope it helps someone else.
Ok I have an acer aspire one notebook, therefore there is no spot for a cd. Ive tried most options above, pressed f8 and tried every option…. It still won’t get past the error message; “insufficient system resources…”
When i start my computer it only gets past the ‘Windows XP loading’ then a box comes up titles “Isass.exe” and i click ok then it just stays a black screen and doesn’t change, What should i do? i haven’t had my laptop for long
I was infected with the Lsas virus/trojan/whatever,every time I booted up it was there waiting for me to tell me I had 39 viruses, trojans/ malware etc, and I needed to buy their Antivirus to remove it,I tried downloading various removers from Kaspersky, Malwares Antimalware, AVG all to no avail, these removers would start downloading but as soon as they began to install the Lsas would block them from installing, The scam is to get you to part with your Bank Details so be warned, it will try and exasperate you into doing something rash but whatever you do dont put in your Bank Details.
Here`s what to do, Shut down your PC, then start it up again in Safe Mode by pressing the F8 Key, and choosing Safe Mode, when the normal screen comes up press Start then Accessories then System Tools then System Restore,….Restore your PC to an Earlier Restore Point, if your Restore Date only goes back a few days, click Create a Restore Point and go back 4 weeks, choose a date and press Restore, leave your PC to go through the Restore cycle, it should take about 15 minutes to restore, you shouldn`t lose any programmes, photos etc, and you should be free from that pernicious Malware, once it has finished, download and run the Free Advanced Systemcare programme to tidy up your PC and all should be well. Hope this helps.
I was getting a problem of copy paste on my comnputer so i thought to restart it and lo it never did so. it started showing up the message “lsass.exe – application error” The application has failed to initialize properly (0xc0000005). Click OK to terminate the application. On clicking OK the screen remains blank only the cursor of the mouse is seen moving. I have lots of data on my laptop, please advise how to solve the problem. Thanks.
Thanks a LOT Matthew Cremore !!
is there any way to fix this with out restarting the
computer im afraid that if i restart the comp will have the same problems as before and it took hours of restarting before it randomly booted up and all the solutions ive seen involved running programs at the system boot i can rename the security files because its in use please help thank you
i want to use the fixes listed but i cant get past renaming the security file how do i get past that it says the files in use cant rename what do i do help please im a student who need his comp to run smoothly thank you all!!!!
ubcd4win solution is o.k. I have it ready to go but the only registry backup is from a year ago. A year to the day as a matter of fact. I don’t want to lose all of the added changes from the entire year.
Has anyone found the actual registry key problem so that we could use ubcd4win to edit the registry instead of just wiping it wholesale with a previous version?
I had same lsass.exe error on a client’s sbs 2003 box tried all the rescue repair disk – nothing solved it. Copied System32 files and replaced them – did not solved my problem. Until i used chris & elliot’s tip – it solved my problem – after 3 days of headache. Recommend to anybody who has encountered lsass.exe system error causing server to continuosly reboot.
– Boot with your Windows system CD
– Go into the repair console
– Now change directory to the C:\windows\system32\config (cd blah blah)
– type: rename security security.bak
– enter
– type: copy c:\windows\repair\security .
– enter
– type: exit
– enter
– or reset the computer manually
thanks again chris & elliot.
Hedam. L 17-12-09
If you r running CELERON D….
1)Goto da bios
2)Goto H/Q Monitor
3)Disable… all fan setups
4)Disable CPU shutdown temperature
U wont get lsass problem den.. high temperature often causes dis error
This is so far the best solution I have found, it had my PC up and running within minutes.
Scroll down to the bottom of the page and see the solution provided by adambeazley
http://www.freeimagebrowser.com/archive/t-5073.html
care with this virus…….my pc have this virus…after that, i decide to reformat my pc and backup my data using pendrive..after reformat,the virus when back to the pc again…..omg!!!
I tried Matthew Cremore’s advice on retripping the registry and rolling back and it worked.
They need to make a national saints day Saint Cremore!!!
Thank you.
Oh and I used hiren’s boot CD V10
After reading dozens of solutions on various sites, I ended up here. I also suffered lsass.exe error because I stupidly installed a malware scanner (spyware doctor from pctools, do not ever install this!) that screwed up my system. Did all the things mentioned here at the top, copied the security, as well as the software files, but that only make things worse.
But many many thanks to Matthews solution using ubcd4win. Indeed it was a simple matter of a corrupt registry, going back to a previous one solved the error.
As a note to all the readers, never ever copy a systemfile over another, without making a backup of it first (as is suggested a few entries before). Luckily I could backout to the normal version of security and software, otherwise I probably would not be writing this with a smile upon my face. 😀
What a great site. I hope you’ll be able to help me.
All of a sudden I began to get a memory exception (memory cannot be read) at startup on LSASS.EXE. It gives me the choice to accept and the bootup continues, and after several warning popups, everything is normal. Then while trying to run other programs (Photoshop or Dreamweaver) I get similar warning memory exception messages, which I ignore, although it takes 2 or 3 tries to get them to run properly.
I have Windows XP SP3 and I have checked for viruses and spyware with no results. The system restore option is disabled in this system so I cannot go back to a previous working status..
Any ideas? Thanks in advance
All of the advice given above is good except for one point…with my daughter’s computer we can’t get beyond the error screen. We have tried to reinstall windows from the OEM cd’s but it’s as if they will not even read. Just wondering if this would change by disconnecting the internet…that is a stretch I’m sure…but hey…
Take a complete registry backup using ERUNT
http://www.winxptutor.com/regback.htm
Oh, and the computer is running Windows XP SP2. I have no disk, i created a boto disk to access to recovery console. And the slave HD used to be the Mater HD on a different computer also runign XP SP2 so it has the os loaded onto it.
Okay, I made a major mistake. Today I connected an old HD as a slave to my computer so I can take the files off the HD. My master has a virus that won’t allow me to access anti virus sties to get rid of it. I tried a system restore but upon restarting I got the message ‘lsass.exe – System Error
An I/O operation initiated by the Registry failed unrecoverably. The Registry could not read in, or write out, or flush, one of the files that contain the system’s image of the Registry.’
I couldn’t get past this message, it kept rebooting so I tried to take the drive out. I managed to boot succesfully.
This was my mistake. i then followed Jon Morris’ advice, BUT WITH THE FAULTY HD REMOVED. Now whenever I boot the Master HD and try to log on, it says I need to register my windows with Microsoft. Anyone know what the hell I’ve done and how I can fix it? Please help. Thanks.
I have windows 2000 server that giving me the same problem. NO VIRUS on it. Full scan from 3 different types of applications from UBCD and Hiren 9.9
At boot up…waiting for the login/pass and i get this box saying it will reboot because of the LSASS.exe error code 128.
I tried to boot up from ERD commander 2005 no problem and I tried this method of going the repair folder. I dont have that system32/repair folder at all. Do have the config folder but that it.
Is there any other way to fix this damn thing?
I’ve also had similar problem yesterday evening to my Dell AMD64 X2 PC.
Try the copy files from /system32/config from other PC that have same spec/model but got “dumping physical memory to disk”..
after restart same result..
This has been by far the most helpful site I have found regarding this problem. I am making the assumption that the issue I have is indeed one and the same (if not it is very close), but I do have a variation.
Even when I boot using UBCD4Win and go to load the OS it still shuts down on me. I do not get a chance to use any of the recovery methods mentioned above. About the only thing I have access to is the offline registry editor.
I have been off the air for 2 days now and am frustrated as hell. Hopefully there are more words of wisdom out there.
I had a problem wit hXP similar to the one described above – lsass.exe / administrator password / looping boot cycle.
Eventualy did what Matthew Cremore suggested:
“I had this problem and managed to fix it without a reinstall.
Create the disc at http://www.ubcd4win.com on a good pc and boot off of it on the bad one. Once in go to Start, Programs, Registry Tools, Registry Restore Wizard. Tell it where Windows is installed (C:\Windows usually). Then pick the date that you want to roll back to. I chose the one closest to todays date and it recovered it fine. Reboot and bingo! It’s back. (Well it was for me…!)
Hope this helps someone!”
Worked a treat.
Comments – You really need to read instructions for setting up the boot disk; can be time consuming, but saves all the aggro of a clean install.
From my above post I would like to continue about my machine.
I just got back my ThinkPad T61 from the service centre yesterday and today I got the error, before my laptop broke down there wasn’t this error.
I was having distorted display and the engineer said that the motherboard was encountering problems so he changed the whole motherboard in my laptop and was running fine when I was inspecting it at the collection point.
The problem arised when I reached home.
I had the same problem as most of the above.
Even after a normal shutdown I have to wait 5-10mins to boot it back to windows, or else the lsass.exe error window will appear for less than 1 second then my system will shutdown.
Sometimes when I’m in windows, I’m running several processes and games and it will shutdown on itselfs instantanously, giving me no time to react and cancel it’s shutdown.
I can’t get to safe mode too it crashes once it finishing booting it’s processes.
I guess the only way to resolve it is to reinstall windows.
I would like to thank everyone here, I was working on this problem all day tried alot of your solutions. First thing I did was take the drive out and run it as a slave drive and backed everything up was getting ready to wipe it clean, I also copied the sam and security file from the repair folder to the config folder, had no affect. Once the drive was back in tried Recovery Console pressing “r” didn’t work for me had to press F10 I didn’t backup the files but w/e I copied the sam, security, default,software and system files from the repair folder to the config folder had a problem with the system one wouldn’t copy so I deleted it :/ still wouldn’t copy so I copied the system.bak file then tried renaming it didn’t work after restart it gave security file missing or corrupt error. I tried copying it again but kept giving error I realize now there wasn’t a file to copy and I deleted it without backing it up somehow the problem fix it self or maybe I did something not sure either way restarted a couple times. And the error was gone no more missing file no more lsass.exe error. But instead it would freeze at the xp logo screen not the load one but the screen after that one. By this point I had given up all hope had one more thing to try.
While I was doing all of this I was also burning the UBCD4Win cd finally after it was done took forever. Was my last hope really and it worked :p Was so easy and quick wish I had tried it first. Just did as Matthew Cremore said “Once in go to Start, Programs, Registry Tools, Registry Restore Wizard.” Restored to earliest date and it works my wife was very happy to have her pc back. Backed up 7 Dvd’s worth of data for nothing 🙂 Oh well
Again thx everyone and Matthew Cremore for your post about http://www.ubcd4win.com
Hey, I have the same problem that on starting up the Lsass.exe:System error And I can’t try what’s suggested as my CD drive is corrupt and I am unable to use it. What would I have to do for either my CD drive to work (as I’m a student and never have any cash) or another option to get rid of the error? Lauren
I started getting the “lsass.exe. system error” message at start-up after a clean install of Windows XP Pro on a laptop that is 2 years old. I did a repair install with the Windows disc and that worked.
The problem is that once I was able to boot up the laptop I started getting SMART warnings for a HD Failure as well as other stop errors. I came to the conclusion that my HD was going bad and that’s what had caused the LSASS error in the first place. I verified this by running a full scan of Malwarebytes as well as Stinger and neither found any infection, which you wouldn’t have thought as it was a clean install.
So I bought a new HD and reinstalled XP and the laptop has been running like a brand new PC again. Moral of the story is sometimes what looks like a software issue is really a hardware issue.
tried the UBCD4Win method but this software is a little shady. during install my working comp antivirus sent up a red flag for one of the exe files it tries to copy…it was runhide.exe…i was wondering if it was still safe to use?
So This problem has plagued me for a week or more. I have tried everything on these posts excpet for the auto repair as i didnt want to do that and lose settings. So two things i had read on other posts were.. /3gb switch might have an effect and i was using it. and the System Managed swap file option… I had tried the swap file already and it did not work but i did both of them and after trying everything else it just booted… no problems. Just in case that helps someone else.
while installing windows xp in laptop that time am getting lsass.exe error how can i overcome this situvation
I had the same problem with my Acer Aspire One laptop…fresh outta the box, but I fixed it! On the boot screen…there’s an option you can use that’s hidden. Press ALT + F10 and it will take you to Acer eRecovery Management. There I simply restored it to the factory default. It took about 5-7 minutes to restore it, and after it was done, the computer worked like a charm! Yay! No more merry go round and round and round lsass.exe error!
I have an Acer Aspire One laptop running Windows XP. I cannot log on at all.. It just keeps reloading the system startup screen and then the error… lsass.exe – system error comes up saying my system resources are too low to initialize. Then I click OK and it retarts. It is a big circle. I cannot get onto windows at all even through Safe mode. Can you help..!
Hey, like few other people, it just wont start at all, keeps going to this errori. I even put the XP disc in to reinstall and it wont read the cd. I know one of the F keys take you to that ‘start in safe mode’ thing, is there any prompts to make it read the cd or to get into the system registry or anything??? Not that i would know what to do when i get there but i cant see to get it to do anything beyond that safe mode screen which also takes me the error screen, then just black screen with floating arrow from the mouse…
the http://www.ubcd4win.com method worked for me.
thank you!
This post is pertaining to the “lsass.exe error”. The error could be “invalid parameter passed” or suspected infection of “Sasser.Worm “.
The scenario being “The user is stuck in a position where he/she does not have the access to get past the restarting cycle.Effectively not able to do any changes or modifications suggested.”
To have checklist(before attempting to troubleshoot)
Access to another computer with internet connectivity with CD burner.
WINXP BOOT CD.
Ultra ISO installed on the computer with access to Internet.
————————————————–
The process.
Log on to the other computer.
open the the below link in the browser.
http://www.avast.com/eng/avast_bart_cd.html
Request for an evaluation copy by way of email.
If you receive the BART CD link fine.
Else Google for creating a Bart CD which is pretty simple.
“Assumption the user has received BART CD IMAGE file download link”
Download the image file.
Visit the below link and download the Sasser worm removal tool.
http://www.symantec.com/security_response/writeup.jsp?docid=2004-050116-1831-99
Open the image file with ultraiso.
Using the add file option add the sasser worm removal tool.
Burn the image file to a CD.
——————————-
Trouble shooting.
Power on the system which has to be repaired.
Get into the bios settings an set the boot priority to “BOOT FROM CD/DVD”.
Save the settings.
Restart the system and boot with the BART CD.
Run a full scan of your system using the virus scanner.
This would ensure in eliminating if your system has been compromised by other malwares.
You can skip the above option based on your discretion.
Now run the Worm removal tool on the CD.
This would ensure the removal of sasser worm in the event of your system being infected.
Once the worm removal tool is through with it’s scan,restart the system booting from the XP CD
Select the option of full install.
Press F8 to accept the EULA.
The existing installed path would be displayed with options of repair,install and exit.
Select the option of Repair.(Do not select the option of fresh or full install).
You can see the drivers and other files being installed which are relevant to your system.
In the process of the repair there is a fair possibility of you encounter the same error.
Press OK at the error message and the system would restart.
Boot the system with BART CD and use the “Servant Salamander” option.
This would give you full privilege to the files on the system and has user friendly navigation.
Next Browse C:\windows\repair.
Use CTRL and left click mouse to select the following files.
System
default
SAM
Software
Security
Right click the mouse and use the copy option to copy the selected files.
Paste(overwrite) the selected files at
C:\Windows\System32\Config
Restart the system
You would find the windows screen displaying “Applying settings” or something similar.
Subsequent to a restart,Windows installation would resume similar to a normal installation.
Your system would have been restored clean.
If you had run an Anti virus Scan or did a registry clean using the BART CD, you might have to reinstall the audio video drivers (remote chances).
Important:
The first process you need to implement after the restoration is have the latest updates installed from Microsoft website.
This post of mine has been compiled to the relevancy from postings from various forums and quite a bit of Google.
I have tested this on couple of machines and works fine.
This Post has been compiled after testing for the benefit of end users who are not comfortable with
Technical Jargons and machine level workarounds.
I’ve had a similar problem of the Lass.exe operation. When i try to log into my computer, my account is there, and i can click on it and access it perfectly fine. When i get into my account, i have my blue screen with my cursor (which can move around freely) but no icons, no start menu, no nothing. I tried opening up task manager, and everything seemed to be okay, except the CPU usage was spiking up and down a lot, and so was my network connection. I tried restarting it, shutting it down, and it still came back to the blue screen. I even tried safe mode, and it froze on a black screen with all of the “safe mode” annotations around the sides. My cursor, however, can still move and i could still access taskmanager. No avail. Please help ASAP, as i have not been able to work on it for the past few days.
Quoted Above: “I had this problem and managed to fix it without a reinstall.
Create the disc at http://www.ubcd4win.com on a good pc and boot off of it on the bad one. Once in go to Start, Programs, Registry Tools, Registry Restore Wizard. Tell it where Windows is installed (C:\Windows usually). Then pick the date that you want to roll back to. I chose the one closest to todays date and it recovered it fine. Reboot and bingo! It’s back. (Well it was for me…!)
Hope this helps someone!”
Thanks Matthew for this nice suggestion, i think i saved my desktop to live for another day… it almost took me 2hours to burn the .iso but i dont know why… it’s easy to use… burn .iso —> boot–> registry restore —> restart and ur computer is same as before being attacked by lsass.exe
Except one or two odd all are out of track.
Problem is window is still in installation process.
Most of the discussion is for installed OS.
Is there any real solution.
I also facing the same problem while try to reinstalled from restore CD of my daughter laptop purchased with the machine in UK. – Toshiba Satellite M50-130 with window XP home.
Laptop purchased around three years back.
AFAQ
Hey Dave .. It’s A Great Site .. It’s WONDERFUL !!!!! Keep Up The Good Job ;)!
I Have A Problem Hope You Can Help Me To Fix It ..
I Have An Ecellent Connection * But * I Can’t Enter Facebook !! I Mean It’s too slow
It wasn’t like this before !! I Can’t Even Enter The Homepage !
OTHER WEBSITES ARE GREAT .. BUT I HAVE PROBLEMS ONLY ON http://www.facebook.com
Please Help Me 🙁 And Thanks A Lot ♥
Best Dave Everr ;)! Haha
is there a default admin password for windows? Coz my admin password was reset when i run recovery console (to recover system32) it did boot up but the LSASS.exe keeps rebooting the pc. and now when i return to recovery console it asks for admin password. Is there a default password for this =(
I have been battling this system 32 error for over a month at least. I have Formatted and reinstalled XP at least 10 times and now can’t even install it anymore. Now am using Windows 2000 and am having problems with that too. My computer reboots and I have seen so many errors and blue screens I just laugh. To whoever lost their disc, hopefully you have your key, that is what you need the most. You can always get a copy of the CD.
I was burning a song on my floppy drive.I started getting an error I/O no disk . The it starting effecting both of my floppy drives. then it starting effecting my a drive. Now when I boot my computor all I get is a black screen saying I/O error no disk. Can’t get past this.
I have a hard drive with this issue. I have other functional computers. Can I put this corrupted hard drive into a working computer as a secondary or slave drive and then clean it up and then put it back into the computer the drive is in now?
You have to run the UBCD4Win program from a working computer and then it will create an ISO to burn to a CD. Stick it in and reboot your PC.