Help! Cannot Load Windows Desktop! lsass.exe - System Error

[FirefoxRocks 0]

I found out about this error as I got home and discovered that no one used the computer because they couldn't get into Windows!When I boot into Windows, the Welcome screen does not show up and instead shows an error that says:lsass.exe - System ErrorClick OK to terminate.Click Cancel to debug.No matter what you click, it will go away and leave a blank screen. Pressing CTRL+ALT+DEL or CTRL+SHIFT+ESC will not do anything and at that point you must restart.Initially I went into Safe Mode and Windows loaded there (I'm still in Safe Mode). I tried a System Restore to yesterday's restore point and it didn't help. Since it started in Safe Mode, I assume it is a startup problem so I tried disabling various startup applications but all of them are disabled and it still doesn't work.I tried using the Windows XP CD to "repair" the operating system, but I don't know what I can do at the command prompt other than1. Change directory2. Restore the MBR (wipe out Ubuntu Linux)I tried booting into Ubuntu but it fails to mount the Windows partition because I have to do a hard shutdown to turn off/restart the PC. I did some research on this file on the Microsoft site but nothing seemed to match what I am looking for. I am in safe mode right now running ClamWin on my flash drive to see if it is a virus.Anyone know how to fix this issue without reinstalling Windows?

[jimmy89 0]

According to some websites that I found - it looks like you have a virus.

 

The reason you cannot login at all is because

This is the local security authentication server, and it generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.

Source: https://www.microsoft.com/de-de

 

According to Trend Micro

This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. To propagate, it scans the network for vulnerable systems. When it finds a vulnerable system, this malware sends a specially crafted packet to produce a buffer overflow on LSASS.EXE. This worm can cause LSASS to crash and force Windows to restart.

Source: http://www.trendmicro.de/

 

Firstly, go to http://www.microsoft.com/technet/security/n/MS04-011.mspx and download the patch for your system and install it.

Secondly, Scan your computer for any other virus's.

 

Also, try and not use the Internet, bit hard now that you have posted this - but the virus allows hackers to remotely access your computer while it is connected to the internet. See If this helps. Also, have a look at http://www.askdavetaylor.com/, you should be able to follow those steps to fix your problem also.

 

Good Luck,

-jimmy

 

EDIT: ALWAYS keep your Anti-Virus, Firewalls and Anti-Spyware up-to-date!

Edited November 27, 2007 by Jimmy89 (see edit history)

[xboxrulz1405241485 0]

Try system reinstall via your disc. It shouldn't kill your files but only your system files. I recommend you to have Knoppix or another Live CD ready to back up before you try my suggestion. Having your lsass.exe is a pain in the neck. Bumped into that problem before because the system went corrupted.xboxrulz

[Sten 0]

not the worst virus you could ever get, though its pretty bad by the sound of it.i once got a "spider virus" last year. at least you could get on the computer! i couldnt even load the computer. after the acer screen all i got was a black screen with a smily face. it was a boot sector problem aparantly.anyway, would a partial reformat get rid of it? or u could just go on a live cd and delete lsass.exe from wherever it is.

[jimmy89 0]

you cannot delete lsass.exe because Windows requires it, along with msgina.dll to allow users to login. Without either of them, you would not be able to login to your computer.

[Ronel 0]

A got a solution!

If the error appears as:

CONSOLE

System error: Lsass.exe
When trying to update a password the return status indicates that the value provided as the current password is not correct.

Try my 1st tutorial: Registry Configuration Files And The Corruption Problem

Why?
Maybe it is because the SAM or SAM Registry has been corrupted.

[FirefoxRocks 0]

I tried extracting a new copy of lsass.exe from the Windows 98 installation disc but the problem persists. I got really scared when I booted into Ubuntu and couldn't boot into safe mode! But now I am in safe mode again, trying to transfer the data as fast as possible.For some reason, Ubuntu won't mount the NTFS partition, saying that it is "in use". Therefore I can't recover my files, but I hope that files on the shared partition won't be wiped.Is there any way to reinstall windows without wiping my documents? I don't have enough external devices to backup 16GB of data, and that includes my iPod nano.

[jimmy89 0]

I am assuming you have attempted to 'repair' windows using the Windows XP Install CD? Try this tutorial which tells you how to reinstall windows without loosing your documents at http://search.about.com/?q=pcworld.

 

If you need help on how to use the recovery console, have a look at this KB article from MS > https://support.microsoft.com/en-us/help/17101/windows-7-system-recovery-options