Several people have been able to get it to boot by doing F8 during the boot process and choosing the 'last known good configuration'
, although that didn't work for me. Normal mode and all
of the safe modes merely die with the same LSASS error, and even the XP install > repair didn't work.
Try the 'last known good', it's worth a shot!
I'm on a bug hunt myself with the same error message. I got a lot farther by moving all of the random-character named stuff out of the %windows%\system32 directory that'd been written in since the machine was infected, emptying the Temporary Internet Files and moving a couple of suspicious files out of the Temp directory. I got it to boot after I'd cleaned all of that up and run the XP install > repair again.
Best guess: we both got an infection and AVG (or whatever your antivirus is) deleted SOME of it but not ALL of it. I've seen it happen twice now, where the antivirus left the box in a totally wedged state.
Note that it's LSASS.EXE
(all lower case) in the error message and absolutely NOT Iass.exe
as you're showing... it's easy to get the two confused with a sans-serif font. lsass.exe is part of the 'Local Security Authority' (the login process), but Isass.exe
is a virus. I'm gonna guess it's just a common typo.
BTW, if you look around, some clueless-but-trying-to-be-helpful
people will point you at the Sasser worm page. That's not what you have, in all likelihood. You'd have to be running a raw unpatched WinXP or Win2K with no service packs to be susceptible to Sasser or MSBlast.
The computer I'm fixing had around 10 or 15 different flavors of the Vundo trojan, Win32.Netsky.Q (aka Trojan.FakeAlert), a couple of malignant BHOs and some other nasty stuff that I've already forgotten. I'd lay dollars to donuts that you have a handful of the Vundo trojans and that's what's messed up the Windows login. Looks like I had around 50 or 60 different pieces of trojan on this box. Malwarebytes cleaned up a lot of it, but it also missed 4 different versions of the Vundo trojan that AVG caught, both with the latest updates.
Edited by Stirred, 21 December 2008 - 02:30 AM.