Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Sasser Worm Maybe?

  • Please log in to reply
2 replies to this topic

#1 svietmeyer


  • Members
  • 1 posts
  • Local time:12:30 AM

Posted 09 September 2008 - 10:06 AM

Yesterday i had an infection on a computer on our network. Was the recently popular XP antivirus 2008 or something along those lines. I removed with Malwarebytes' with no problem but since then have had some odd problems. After removing it i was unable to print. This happened at the end of the day so i decided to wait till morning to deal with it. Upon arriving at the office this morning, the computer will no longer boot to the desktop. Right before the login screen, an error pops up reading:

lsass.exe - Application Error
The instruction at 0x00401000 referenced memory at 0x00401000. The memory could not be written.

Hitting OK to "debug" or Cancel to end doesn't matter. I then attempt to log in as administrator or user and the desktop background will load and that's it. I check the task manager and there is no explorer.exe running. If i try to run it i get an error that it can not be found. I went into the command prompt from the task manager and checked the c:\windows directory and explorer.exe is there.

Ive tried repairing windows by booting off the XP Pro disk to no avail. I got the same problem when booting in Safe Mode. The lsass.exe app error points to a Sasser Worm but explorer.exe not loading is throwing me off so not sure if this is the problem or not. Any help will be appreciated as i am in the office troubleshooting this as we speak. Thanks.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,937 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:30 AM

Posted 10 September 2008 - 10:52 AM

Sasser is an older infection that has not been around in some time so you are dealing with more serious malware.

Ive tried repairing windows by booting off the XP Pro disk to no avail.

If you cannot boot up and cannot repair, then your options are significantly limited.

Some types of malware can result in a system so badly damaged that a Repair Install will NOT help!. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Starting over by wiping your drive, reformatting, and performing a clean install of the OS removes everything and is the safest action.

In case you need help with this, please review "How to partition and format a hard disk in Windows XP".

These links include step by step instructions:
"Clean Install Windows XP".
"Reformat & Clean Install Windows XP or Vista".
"XP Clean Install Interactive Setup".

If you need additional assistance with reformatting, you can start a new topic in the Windows XP Home and Professional forum.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 lostincyberspace


  • Members
  • 2 posts
  • Gender:Female
  • Local time:12:30 AM

Posted 22 September 2008 - 06:06 AM

I got the same message on my computer a while back. Does that specific message necessarily mean I was infected at that time? Thanks in advance.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users