Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\windows\system32\lsasrv.dll


  • Please log in to reply
3 replies to this topic

#1 the_tzar

the_tzar

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 18 January 2007 - 01:37 PM

Hey guys and gals. I have a friend in Norway and when he boots up his laptop he gets the message, "unknown picture or software C:\Windows\System32\LSASRV.dll is not a valid windows picture". This is before windows boots up and it halts the boot up process, it even will not boot up in safe mode. Any suggestions on what to do?

Thanks in advance

Phil

BC AdBot (Login to Remove)

 


#2 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:01:10 AM

Posted 18 January 2007 - 02:31 PM

Could be infected with the Sasser worm. Probably came in through an email. See these:

http://www.symantec.com/security_response/...-050114-1706-99
http://vil.nai.com/vil/content/v_125007.htm

Here is a tutorial on it's removal, or you can ask for help:

http://www.bleepingcomputer.com/forums/ind...7&hl=sasser

In that tutorial there is a link to a Microsoft article that you might find helpful.

Edited by Albert Frankenstein, 18 January 2007 - 02:34 PM.

ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#3 jdukze

jdukze

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 18 January 2007 - 06:52 PM

After you have scanned try running this tool it should show up still in the registry in the HKLM or HKCU,
Delete it from there and it will go away for good. :thumbsup:
JDUKZE

The only man who never makes mistakes is the man who never does
anything.

Theodore Roosevelt

#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:11:10 PM

Posted 18 January 2007 - 10:54 PM

Improper changes to the registry could render your computer inoperable.
Remember to backup the registry before making any changes.
Instructions, on how to do that, can be found here:
How to back up, edit, and restore the registry
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users