Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

lsass.exe (lower case L)


  • Please log in to reply
7 replies to this topic

#1 tut2734

tut2734

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:36 AM

Posted 23 May 2009 - 09:05 PM

hello~

I start up my computer and after the windows logo loads a message pop ups that says: lsass.exe system error- an invalid parameter was passed to a service or function. I am not sure how to fix this since I can't log into windows in either normal or safe modes. any help to solve this would be greatly appreciated.

Seth

BC AdBot (Login to Remove)

 


#2 possumbarnes

possumbarnes

  • Members
  • 333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee, USA
  • Local time:02:36 AM

Posted 24 May 2009 - 12:13 AM

If it's "lsass.exe" with a lower case "L", then it is a virus in the Sasser family, most likely. You'll need to scan it with a good antivirus either by using a boot CD with an antivirus on it or take your drive out and hook it up as a secondary drive in another computer. That should get you back up and running. You may have to do a repair installation of Windows after you've scanned it.
What's more irrational--a guy who believes in a God he cannot see or a guy who is offended by a God he doesn't believe in?

#3 WillyanGCaetano

WillyanGCaetano

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minas Gerais, Brazil
  • Local time:03:36 AM

Posted 24 May 2009 - 12:44 AM

Hello tut2734 !!

Check the file path lsass.exe.O correct location should be the path "C: \ WINDOWS \ SYSTEM32". Maybe a malware may be causing Why Sasser worm, described by our friend possumbarnes has the following symptoms:
* PC absurdly slow
* Unable to open pages on the Internet
* Error with lsass.exe counter for 1 minute
* Error LSA Shell (Export Version)
* Error saying "The memory could not be" read "to start Windows;
Perhaps it is also the system (WINDOWS). So, do this as a test. Open the start menu> run> type without quotes "cmd" [ENTER]> then type "chkdsk / f / r Unit used: (eg C:)" [ENTER]. The system asks you to schedule a check for next reboot. Restart the pc and let the process happen.
Also try: Insert the Windows CD that corresponds to your version and from the start menu> run> type without quotes "sfc / scannow". Wait until the process terminates.


If you have errors in spelling I apologize. I'm still learning the English! (Brazilian!)

:thumbsup:
WillyanGCaetano
Visit Linha Defensiva in Brazil !

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:36 AM

Posted 24 May 2009 - 01:39 AM

If it's "lsass.exe" with a lower case "L", then it is a virus in the Sasser family, most likely.


Not necessarily so. It could very well be legitimate.

Here is the correct file path: C:\\WINDOWS\system32\lsass.exe

"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server. It generates the process responsible for authenticating users for the Winlogon service.


If it's in a different location, then it is not legitimate.

From: http://www.neuber.com/taskmanager/process/lsass.exe.html

However, if it is spelled with a capital letter I (pronounced "eye"), then it is something no-good.

http://www.softwarepatch.com/tips/isass.html

Given that tut2734 is unable to get into either Normal mode or Safe mode, the file path at this point is moot, and it seems as though something is corrupted.

@ tut2734, have you tried to use "Last Known Good Configuration"? You can find how to do that here: http://support.microsoft.com/kb/307852

I've had to do that before when something I was installing did NOT agree with my computer at all and it would not boot in either safe or normal modes, but I was able to get back in by using "Last Known Good Configuration".

Let us know if that worked.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 24 May 2009 - 01:44 AM.
Left something out. ~ OB

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:36 AM

Posted 24 May 2009 - 01:43 AM

I believe that the sasser worm variant is with an upper case i, not lower case L.

The lsass on my system is with a lower case L and it is locate where it should be, windows/system32 and I fully believe it is the legit version.

Mine is 13 kb and has a date of 08/03/04

LOL, I was typing this up, and checking out my facts while doing it, about the time that Orange posted her post, had I waited a minute or two I would have seen hers and not posted this.

Edited by Stang777, 24 May 2009 - 01:49 AM.


#6 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:02:36 AM

Posted 24 May 2009 - 11:59 AM

Upper/lower case has nothing to do with it
As OB points out it is the location that is important
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#7 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:36 AM

Posted 24 May 2009 - 01:11 PM

It wasn't the case of the letter that was being pointed out, it was the letter itself, as in whether or not the name was Lsass or isass

#8 possumbarnes

possumbarnes

  • Members
  • 333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee, USA
  • Local time:02:36 AM

Posted 24 May 2009 - 02:21 PM

Sorry, guys, but everything that I found on it in a quick search showed that Lsass.exe in the system32 folder is the Local security authentication folder and lsass.exe in the system32 folder is the Sasser worm. If there is an lsass.exe anywhere other than the system32 folder then it is definitely a problem. I didn't think to verify what was on my own system either. I shoulda done that too.
Sorry about that, tut2734. I gave you some bad info.
What's more irrational--a guy who believes in a God he cannot see or a guy who is offended by a God he doesn't believe in?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users