Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

LSASS.EXE error


  • Please log in to reply
1 reply to this topic

#1 lilstarhead

lilstarhead

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 13 December 2008 - 06:29 PM

Everytime I start my computer this comes up:

Isass.exe - Application Error
The instruction at "0x00401082" referenced memory at "0x00000000." The memory could not be "written".
Click on OK to terminate the program.
Click on CANCEL to debug the program.


I tried both and for each option, the screen goes blank. I can't do anything. What can I do to fix this? Is this a virus or is something wrong with my computer? Thanks so much!

BC AdBot (Login to Remove)

 


#2 Stirred

Stirred

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 20 December 2008 - 03:49 PM

Several people have been able to get it to boot by doing F8 during the boot process and choosing the 'last known good configuration', although that didn't work for me. Normal mode and all of the safe modes merely die with the same LSASS error, and even the XP install > repair didn't work.

Try the 'last known good', it's worth a shot!

I'm on a bug hunt myself with the same error message. I got a lot farther by moving all of the random-character named stuff out of the %windows%\system32 directory that'd been written in since the machine was infected, emptying the Temporary Internet Files and moving a couple of suspicious files out of the Temp directory. I got it to boot after I'd cleaned all of that up and run the XP install > repair again.

Best guess: we both got an infection and AVG (or whatever your antivirus is) deleted SOME of it but not ALL of it. I've seen it happen twice now, where the antivirus left the box in a totally wedged state.

Note that it's LSASS.EXE (all lower case) in the error message and absolutely NOT Iass.exe as you're showing... it's easy to get the two confused with a sans-serif font. lsass.exe is part of the 'Local Security Authority' (the login process), but Isass.exe is a virus. I'm gonna guess it's just a common typo.

BTW, if you look around, some clueless-but-trying-to-be-helpful people will point you at the Sasser worm page. That's not what you have, in all likelihood. You'd have to be running a raw unpatched WinXP or Win2K with no service packs to be susceptible to Sasser or MSBlast.

edit:
The computer I'm fixing had around 10 or 15 different flavors of the Vundo trojan, Win32.Netsky.Q (aka Trojan.FakeAlert), a couple of malignant BHOs and some other nasty stuff that I've already forgotten. I'd lay dollars to donuts that you have a handful of the Vundo trojans and that's what's messed up the Windows login. Looks like I had around 50 or 60 different pieces of trojan on this box. Malwarebytes cleaned up a lot of it, but it also missed 4 different versions of the Vundo trojan that AVG caught, both with the latest updates.

Edited by Stirred, 21 December 2008 - 02:30 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users