Solved

WINDOWS SHUTDOWN "lsass.exe terminated, system will shutdown"

Posted on 2004-05-02
72
491,333 Views
Last Modified: 2013-11-21
Hello on my other computer i've been getting this message:

This system is shutting down. please save all work in progress and logg off. any unsaved changes will be lost. This shutdown was initiated by NT Authority/system.

MESSAGE
the system process 'C:\windows/system32\lsass.exe' terminated unexpectedly with status code -1073741819 the system will now shutdown and restart.

then it gives me 60 secs till it shutsdown



please help me!!!! its verrry annoying now
are there any patches or somethin?
0
Comment
Question by:wesida
72 Comments
 
LVL 2

Expert Comment

by:eric888
Comment Utility
this is for w2k server:

http://support.microsoft.com/default.aspx?scid=kb;en-us;300038

it says install the latest service pack.  which one are you running?  can you do any work at all before this message appears?  go to windowsupdate.microsoft.com and install all critical updates.  this problem was supposedly fixed in w2k sp3.
0
 

Author Comment

by:wesida
Comment Utility
i downloaded that b4 and it didn't work. will a firewall work?
0
 
LVL 32

Accepted Solution

by:
_ earned 200 total points
Comment Utility
If you're having problems with LSASS.EXE then please read the informations about the worm "W32/Sasser":
http://vil.nai.com/vil/content/v_125007.htm
In this context you could find avserve.exe on your system, too!
0
 
LVL 32

Expert Comment

by:_
Comment Utility
>>> will a firewall work? <<<   Some. I would go with a good antivirus and a good spy/malware remover also


Free Anti virus
http://www.grisoft.com/html/us_downl.html

adaware
http://www.lavasoftusa.com/support/download/      

here is the link for spybot
http://spybot.safer-networking.de/
http://www.safer-networking.org/

more spyware links
http://security.kolla.de/
http://www.tomcoyote.org/hjt/#introduction

HiJack This:

http://www.spywareinfo.com/downloads.php#det
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

CWShredder
http://www.spychecker.com/program/cwshredder.html


You also can look at

www.cexx.org
has detailed info for removal of the malware
has also links to download
adaware
spybot
highjackthis

Online Virus scan:       ( from CrazyOne )

Norton Web Services  
Go to this page and click on Scan for Viruses
http://security.symantec.com/ssc/vc_about.asp?j=1&langid=us&venid=sym&plfid=22&pkj=REODSKVYRMHCGVRVRMN

It needs to download a few file so as to activate the scan so you may see a message like this.

"The Scan for Viruses uses an ActiveX program to scan your computer. The download is approximately 1.5MB and can take about 10 minutes over a 28.8 modem.

The scan can take more than 20 minutes depending on the speed of your computer and the number of files that you have. Please do not browse away from this page unless you intend to abort the scan.
 
Downloading Scan for Viruses controls. Please wait...
 
During the download, you might see one or more messages asking if it is OK to download and run these programs. Click Yes when these messages appear.

Note: Scan for Viruses does not scan compressed files"
======================
Trend Micro HouseCall      
www.housecall.antivirus.com
"Trend Micro's free online virus scanner
In order to better serve our customers, we ask HouseCall users to register before scanning their computer.  By registering, you will receive virus alerts from our team of Virus Doctors. You will be able to unsubscribe when you receive your first email. You can also scan without registering"
http://housecall.antivirus.com/housecall/start_corp.asp
======================

PC Pitstop Virus Scan
Our free Web-based virus scan uses Panda Software's award-winning technology and virus list. We're checking against the "wildlist," the roughly 200 viruses that are most prevalent in the world in a given month
http://www.pcpitstop.com/antivirus/default.asp  

Housecall Online Scan
http://housecall.antivirus.com
or
Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym


Spyware/Adware removal tools:    ( from Sunray )
 
------------------------------

Trojan Remover :http://www.simplysup.com/

KL-Detector  :http://www.webattack.com/download/dlkldetector.shtml

X-Cleaner Free  :http://www.webattack.com/download/dlxcleaner.shtml

SpywareBlaster  :http://www.webattack.com/download/dlspywareblaster.shtml

SpywareGuard :http://www.webattack.com/download/dlspywareguard.shtml

SpySites  :http://www.webattack.com/download/dlspysites.shtml

Keylogger Hunter :http://www.webattack.com/download/dlklhunter.shtml

Spycop: http://www.spycop.com/

Goodbye Spy http://www.topshareware.com/GoodBye-Spy-download-2012.ht


0
 
LVL 7

Expert Comment

by:magus123
Comment Utility
a firewall will not help much on already infected sysem if it is indeed infected , will it protect you later
yes
0
 
LVL 7

Expert Comment

by:magus123
Comment Utility
also

1. disable dcom

2. disable netbios in tcpip

3. stop messenger service

4. disable task scheduler
0
 

Author Comment

by:wesida
Comment Utility
Ok Thanks alot guyz
0
 
LVL 32

Expert Comment

by:_
Comment Utility
Thank you much.    : )
0
 

Expert Comment

by:05011981
Comment Utility
try downloading the virus removal for the sasser worm on the following link

http://securityresponse.symantec.com/avcenter/FxSasser.exe.

then go to microsoft and download the pach depending on the operating system yu are using.

http://www.microsoft.com/security/incident/sasser.asp
0
 

Expert Comment

by:glstokes
Comment Utility
The 1st reply from you did not help.      window xp+isass.exe+system error+password incorrect? Could not find answer. system continues to reboot. Windows will not load.
0
 

Expert Comment

by:gbelsey
Comment Utility
I'm trying to fix an XP PC that got hit with SASSER, then someone ran a removal tool which removed LSASS.EXE altogether.  The PC would hang during boot.

I pulled the hard drive, set the jumpers to slave, and hooked it up on another PC (so it became the D: drive).  I copied lsass.exe from the latest service pack folder, back into the %windir%.  Now the PC boots up properly.

Next Problem, which I'm not sure is related to SASSER removal, or the Microsoft patch I ran (as per Microsofts cleanup instructions...).  Internet Explorer fails....it starts to load the default webpage, then goes to a download dialog box, trying to save the htm file.  Outlook Express also can't find it's default folders etc.  So, I plan to reinstall IE 6.0, which hopefully will salove this problem and get the browser and email working again.  

For your problem, try replacing lsass.exe.  If anyone has any comments on my IE issue, great.

Gord
0
 
LVL 1

Expert Comment

by:chow8400
Comment Utility
surprisingly i had a similar problem....it took place once or twice and never did again....but it was around a new installation on w2k server and i did not do any updates as yet....but for sure when i did the updates for w2ksrv and my virus software never saw the countdown dialog box again....now lsass is running under the processes like  a charm!
0
 
LVL 2

Expert Comment

by:rogerperkins
Comment Utility
Are you using Microsoft Services for Unix?
0
 
LVL 1

Expert Comment

by:chow8400
Comment Utility
if your questions is stated for me...the answer is no...
0
 

Expert Comment

by:msnia
Comment Utility
i want to know that how can i remove default icons from the system tray using vbscript in html.i use this script to creat the object on my system tray
<script>
function MsngrCreateObj() {
MsngrObj=new ActiveXObject("MSNMessenger.HotmailControl");
</script>
<SCRIPT event=onload for=window language=vbscript>
on error resume next
dim MsngrObj
set MsngrObj = CreateObject("the name")
If Err.Number <> 0 Then

Else
MsngrCreateObj
ExecuteGlobal "MIR"
End if
</SCRIPT>

but i want to remove or delete the icon.any icon of my choice so plz help me send me the source which can i use in my web page thanx
0
 
LVL 1

Expert Comment

by:chow8400
Comment Utility
those icons you see on the system tray (taskbar) are there because they are startup process or we could say applications that run during startup of windows...you could prevent them from starting up and in doing so you would remove their icons being advertised...in windows 2000 you should run poledit.exe from the command prompt and follow those instructions:

file>open registry>local computer(double click)>system>run (show)>applications.

check out which ones you want to remove by looking at the value(states the path the application is running from) select the application and select the remove tab. close everything by selecting ok and on you way out (closing poledit.exe) it will ask you to save the changes...select yes...the do your restart...you're good to go.

if you are running xp type msconfig in the run prompt and go to the startup tab....its basically the same procedure as the one above....just be careful which processes you prevent from starting up....cool...xp also has a hide unused icons option in the properties of the task bar you can use to hide those icons...check it out...

enjoy!
0
 
LVL 32

Expert Comment

by:_
Comment Utility
Ok guys, this question has been closed already, if you want to ask questions, please start a new one.
Thanks.
0
 

Expert Comment

by:Roger_Dodger
Comment Utility
I have a small Sasser related problem that I was wondering if anyone has seen. I don’t see anything on BB or at the MS or Norton sites.

I had an infection of Sasser on my other machine (Windows XP) because of a missing Microsoft patch and had all the normal Sasser problems.

I first used a stinger program from McAfee and it indicated I had 20+ instances of infection. And I thought it had cleaned it up. But it remained.

Using the Run/ CMD command shutdown.exe –a I was able to halt the shutdown process when the virus tried to do its tricks. I was able to go to MS and get the patch…I also then enabled my firewall, and cleaned out AVSERVE.EXE from the Windows directory and (With system Restore turned OFF) I rebooted the machine.

I go the latest updates from Norton (as of this morning and which includes fixes for Sasser) and ran it several times to clean out anything I may have missed.

Now everything runs fine and I don’t get shutdown anymore. But here is the problem I am writing about.

When I boot up, I still get the LSA Shell (Export Version) warning message on my desktop just as I had before with the infection. Looking in Task Manager, I do not see any processes running that should not be.

 If I select Send Error Report- the system logs on the net, appears to compile a report and seems to send it and then thanks me for taking the time to report. The LSA Shell then disappears from my desktop. And won’t reappear again until the next boot up.

If I was to select the “Don’t Send” Option when the LSA Shell pops up – the warning keeps re-appearing immediately.

Is there some debris in my registers someplace that is causing this to hang around? Repeated scans with the latest Norton do not find anything.

0
 
LVL 1

Expert Comment

by:wdtrap
Comment Utility
What's funny is that all of you are describing an EXACT match to a problem I had a couple times about 9 months ago (before SASSER became public).  Was SASSER around that long ago?  I know that the kid who made it had several iterations of it.  Somehow my PC had problems with lsass.exe and it showed the same symptoms as described above.
0
 

Expert Comment

by:Gandalf1954
Comment Utility
If you have been infected with the Sasser worm variant are A to E Symantec has a good virus detection patch, but you must not only delete any avserve.exe(s), but the may be avserve2.exe(s) instead and you will need to delete the registry entry in HotKet_LocalMachine in the window run area. I would be exact on the location, but I am finishing myfifth 18 hour stint and getting pretty punchy. The registry issue is documented at Symantec and I believe some poss are at microsoft now to as I know I posted my fixes to them. Most important make sure that if you are Win2K that you service packs are all the way up to date and that all!!! secutity patches have been done. This goes for 2003. My Web server on Enterprise 2003 were, and no variant has dinged them at all.
0
 

Expert Comment

by:gbelsey
Comment Utility
On the LSASS issue, my understanding is tha SASSER doesn't actually attack/append itself to LSASS.  There is an error in the code that causes LSASS to fail when it tries to execute the code.  The result is that LSASS dies, which cuases a system reboot. (you can make this happen by killing the LSASS process in task manager....it's just what the system does when LSASS dies).

So, seeing the symptoms related to LSASS just means you had some sort of issue that was apparently killing the LSASS process.  Any number of things can cause this, and even BLASTER had a similar issue.  Again, the system reboot/LSASS failure is just a side effect of SASSER and what it is trying to do with your PC.

That's my understanding, anyway.  In my own case, I'm not sure what cleanup tool was used on the PC before I got involved, but it was very early on, just when variant A or B were in the wild.  It apparently removed LSASS.EXE altogether, and seems to have whacked permissions on the main User account.  I have some more things to try when I can get to the PC.
0
 

Expert Comment

by:vadlapatis
Comment Utility
This worm spreads by internet exploiting MS Windows LSASS service vulnerability described in MS Security Bulletin MS04-011. This worm has some new variants from the saturday first catch.

hey guy follow these steps

go to this link

http://www.grisoft.com/us/us_ts_removers.php
i-worm/sasser removal tool download vcleaner.exe file .

http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
download security patch

 switch to safe mode then execute this file after that
restart computer load patch file provided by microsoft and then ur computer will be alright
0
 

Expert Comment

by:vvsingh
Comment Utility
Another good idea during the shutdown process in WIndows XP might be to type:
 shutdown -a (in Windows XP)
at the command prompt to bypass the shutdown process and then download the microsoft patch
0
 

Expert Comment

by:expert-ad
Comment Utility
Virus I have the patch if you want me to e-mail it to you? get a firewall to prevent it happening again.
0
 

Expert Comment

by:Roger_Dodger
Comment Utility
Thank you for the feedback...but I think the question at this point is this....

Why, after having installed the MS Patch, set up the firewall, run virus checkers which have found and (I assume) removed the Sasser virus (Versions A through F)....why do I still get a LSA Shell on my desktop when I power up and only when I power up?

If I tell it to send a report, it appears to send something as it logs on the internet, crunches away and then says it has sent a report, thank you......at which point the LSA shell warning will then go away until the next time I power up.

If I elect not to send the report, the LSA Shell warning will not go away from my desktop.

Is there something still hanging around in my registers casuing this?

I have gone to the \windows directory and confirmed that the various files typically created by sasser have been removed. I have looked - using regedit- at the Run folder and seen nothing written there to indicate the virus has created new instructions....yet the LSA Shell warning still comes up.   The system doe not shut down at all anymore....just this strange and constant warning on boot up.

Any Ideas?
0
 
LVL 1

Expert Comment

by:smphil
Comment Utility
The only way I was able to deal with the problem was get the fix on my other computer then disk it and zap the virus from the disk
0
 

Expert Comment

by:gbelsey
Comment Utility
AnnieMod:

Point well taken.  However, if you read my post again, you'll notice that A) I was responding to the original question with whatI considered relevant information to the subject, and B) I didn't ask a question.  In what way could my post be considered spamming the list???  I may not be worthy of any points, but I feel my post was appropriate.  If there's something in it that you feel is inappropriate, please explain.

Thanks and have a fantastic day!
0
 

Expert Comment

by:Roger_Dodger
Comment Utility
AnnieMod, I also would like to know how I slammed the experts? If I did it was not intentional.

The original question from Wesida begins asking for comments for the LSA Shell shutdown messages. As we know, a problem caused by sasser.

My questions (both of which are basically the same) asks if anyone has seen the situation I describe AFTER doing all the expert recommended steps for clearing sasser.

There was no area where I indicated the prior recomendations were wrong nor did I try to correct something said.

If you read something into my question other than this, please let me know.
0
 

Expert Comment

by:jimburdick
Comment Utility
I have had to fix this and similar problems before. It's become obvious when an infection occurs because of these weird things happening.

To fully fix a problem like this one needs to disconnect from the internet and any network altogether. Then you need to use spyhunter or just about any regcleaner. Look for files that were mentioned and anomolous entries for search pages, home pages and so on. Also, msconfig/start you need to stop anomolous programs from starting. Don't worryif you stop something that's needed, you can start it again later.

It takes about 4 millionths of a second to get infected, and about four hours to manually remove everything that gets installed as the infection.

The only other way to prevent any of this re-occurring is to stay away from the internet.

jim
0
 
LVL 32

Expert Comment

by:_
Comment Utility
In my 2nd post above this one, Dated 05/03/2004 08:26PM, with the comment "Thank you much.    : )", this question was Closed. All post after this, if not in direct violation of EE rules ( some are ), are very close to it.

New members are allowed a little leeway for "late answers", till they can get used to the site, and the way it works.  All of us were new at one time, and have made booboo's.

Enjoy and see you on the boards.
0
 

Expert Comment

by:kladow
Comment Utility
Another easy way to get your machine up to date is to go to Start, run, type: shutdown -i
Adjust the time to 9999 so that you have enough time to go to the windows update site and download all the critical updates.
0
 

Expert Comment

by:damagecase
Comment Utility
The easiest way is to get hold of the lastest STINGER program, Its free. http://us.mcafee.com/virusInfo/default.asp?id=stinger
also get a copy of adware 6 with the updates. run stinger first in safe mode, which will destoy all known worms and trojans, then clean up with adware.
0
 

Expert Comment

by:gisvpn
Comment Utility
Just thought i would let you know, if you wanted to cancel the shutdown simply click start > run and type in SHUTDOWN -a and this will cancel the shutdown.... if the restart box appears alot simply put that into a batch file and double click on the batch file each time it appears

This is what i did and i was able to clean off the virus...

Just thought i would let you know..

Thanks

GISVPN
0
 

Expert Comment

by:DuncFitz
Comment Utility
Don't get too carried away with it being the Sasser worm - we are having exactly the same problem with a brand new W2003 server. I have run all of the sasser removale tools (Inc. stinger etc) and none of them have found anything to do with sasser.

The current position is that Microsoft have just issued me with two hot fixes to apply (123932_ENU_i386_zip and 172240_ENU_i386_zip), plus a change required in the registry.

I am doing this today, so fingers crossed....

Cheers

Duncan
0
 

Expert Comment

by:Eng_Smart
Comment Utility
This is cause by W32/Sasser.worm. a see http://vil.nai.com/vil/content/v_125007.htm for details.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Expert Comment

by:msnia
Comment Utility
HELLO EXPERTS,
I WANT TO KNOW HOW CAN I REMOVE SMALL INTERNET EXPLORER ICON AND THE "WEB DIALOG BOX" TITLE FROM THE MODAL DIAOG BOX OR ANY OTHER TYPE OF DIALOG BOX.

I SEE THE AUTOCOMPLETE ADVERTISEMENT OF THE DIALOG BOX WHICH DO NOT CONTAIN ANY ICON ON IT WHEN I BROWSE GOOGLE.COM.

PLEASE ANSWER MY QUESTION AND SEND THE SCRIPT OF THE DIALOG BOX WHICH DO NOT CONTAIN ANY ICON ON THE TOP LEFT CORNER SITE...
0
 

Expert Comment

by:Scott659
Comment Utility
yeah it is either a virus, adware or you need to patch it.


Scott Wiseman
<advertizing removed per http:help.jsp#hi106>
0
 

Expert Comment

by:DuncFitz
Comment Utility
Dear All,

Thanks for all the comments. It turns out it was my anti virus software that was causing the problem. Sort of ironic really.

I phoned the AV company out of sheer desparation and they said "Oh yeah, it's a known fault with our software running on a machine with dual Xeon processors.'

They sent me a fix and all seems OK now.

Oh well, we live and learn.

Cheers.
0
 
LVL 4

Expert Comment

by:darth_wannabe
Comment Utility
I am experiencing the same trouble...what AV software were you using? I am on Symantec Anti-Virus Corp Ed.
0
 

Expert Comment

by:DuncFitz
Comment Utility
We are using a system called NOD32. It's excellent (apart from this glitch obviously), and now the patch has been installed everything is working fine.

Cheers,

Duncan
0
 

Expert Comment

by:attachenz
Comment Utility
Can anyone point me at the NOD32 update?
0
 

Expert Comment

by:DuncFitz
Comment Utility
The NOD32 update for this problem is not available from the web site - you have to contact them directly.

Look for contact details on the NOD32 web site (www.nod32.com) and email / phone them.

Cheers,

Duncan
0
 

Expert Comment

by:attachenz
Comment Utility
Thanks Duncan

I emailed them here in NZ and was sent an update!!! At last after 4 months of pain my servers are stable again ....
0
 

Expert Comment

by:bdixon1
Comment Utility
If you are getting the message box stating states your system will reboot and a timer countdown you can use the following command to abort the shutdown from the run box.

 

Shutdown –a

 

This will not fix anything but stops the current shutdown so you can work on the PC.

Based on the previous posts.. regarding SASSER, they seem to be on track. I had this problem on a network of about 10,000 users. Everytime someone pulled out a laptop out of a closet somewhere, the help desk would start getting calls.

Just remember... the Microsoft patches will patch down  a machine and make symtptoms disappear, but that doesnt mean the machine still isnt infecting OTHER PCs. Make sure you run virus scan and remove worm. Spy Bot is a good tool to use in conjunction with antivirus to keep issues like this from recurring, or even occurring.

Good luck!!
0
 

Expert Comment

by:gbelsey
Comment Utility
Dear AnnieMod:

Back in May you posted the following to this thread:

glstokes, gbelsey, chow8400, msnia, Roger_Dodger, everyone else I had missed,

The idea of EE is "You ask a question, promise points, experts help you". Using the questions of other people to ask your own question violates two rules:
1. this way you spam the thread and the experts that had participated
2. basically this is misuse of the points system.

So - please stop spamming the experts and please start using this site in the proper way.

Thank you
AnnieMod
Experts-Exchange Admin

At the time, I disagreed that I was spamming the thread.  However, months later, after looking at the original post, I've changed my mind, and I heartily agree with you.  There are STILL regular updates to this thread, on a subject that really has nothing at all to do with the original post.  So, you're absolutely correct.  Perhaps in the next up date to EE, they'll fix it so you CAN'T update a closed thread....

Have a fantastic day, and maybe, just maybe, this will be the LAST post to this DEAD THREAD!  we'll see........

gbelsey
0
 
LVL 32

Expert Comment

by:_
Comment Utility
LOL   Welcome to the club.   : D  < don't reply, PLEASE >
0
 

Expert Comment

by:poobear_wsm
Comment Utility
a quick reminder to the folks deling with this is also shut off your restore and when you get it cleaned up restart it or if you go back and restore in the future you will get it agian Poobear
0
 
LVL 1

Expert Comment

by:chillinlong
Comment Utility
Boot up in normal mode.

This is a known problem. Microsoft has knowledge log on this sasser virus and you should be able to find instructions on what to do.

Very straightforward.



0
 

Expert Comment

by:joelmbryant
Comment Utility
the following, which was posted earlier was absolutely correct.  Here's another nice tidbit to help.  When lsass gives you that 60 seconds, hit the windows key to bring up the start menu, hit 'r' to bring up the run menu and type "shutdown -a" without the quotation marks.  That will abort the 60 second countdown.

try downloading the virus removal for the sasser worm on the following link

http://securityresponse.symantec.com/avcenter/FxSasser.exe.

then go to microsoft and download the pach depending on the operating system yu are using.

http://www.microsoft.com/security/incident/sasser.asp
0
 

Expert Comment

by:poobear_wsm
Comment Utility
thanks for the tip I will do that when I get it hooked back up the funny thing is  I have all the symptions but none of the online scans show it.
0
 

Expert Comment

by:davidkramarchuk
Comment Utility
I just rebuilt a pc then installed most windows update files i had on disk, then went to win update site to get the rest of the updates and within 5 secs got the same error.  after searching ms knowledge base i got to download this fix that cures this problem  http://www.microsoft.com/downloads/details.aspx?FamilyId=3549EA9E-DA3F-43B9-A4F1-AF243B6168F3&displaylang=en
0
 
LVL 1

Expert Comment

by:losgadas
Comment Utility
In my opinion, this link is BETTER than the accepted answer:

http://www.microsoft.com/security/incident/sasser.mspx
0
 
LVL 7

Expert Comment

by:pegasys
Comment Utility
Wow, this is a nasty problem. But easy to fix :-) Shove your original, licenced to you, copy of Windows 2k in the machine. And perform an UPGRADE on it.

When you upgrade from and to the same operating system, it restores the files to what they should be (i.e. in working order LOL), and retains the settings that you had.

Nifty of MS huh.

regards

pgx();
0
 

Expert Comment

by:mgrvinod
Comment Utility
hi,

u can abort the shutdown by using the command "shutdown -a "

This is because of blaster worm. Run blaster worm removal tool.

for more information reg. this message go thru the site:

www.blackviper.com

Gopi.
0
 

Expert Comment

by:Alan_Morrison
Comment Utility
This is the sasser virus (sass)  to disable the count down to let you access the Internet go...
start>run>services.msc  There will be 2 listings of remote procedure...(call), double click the top one and then click the recovery tab.  Change the 3 opt's saying "Restart The Computer" to read "Take No Action".  Click OK.
Then go to www.microsoft.com/downloads and download 18, 4 and 10...........if you dont download 18 first the virus will attack again before you install the patches.  Ensure your firewall is enabled as well start>all programs>accessories>communications>network connections  right click your isp and left click properties...click the advanced tab...put tick in "enable internet connection firewall" and click ok.  
0
 

Expert Comment

by:edrees_kakar
Comment Utility
dear friends
most of the times my pc reboots both in windows 2000 and xp and it gives me 1 minutes (60 second) times , i wanted to know if there is any ways to disable this process from the computer management , once of my friend told me that it is possible in Administrative tools >services  but he did not know the exact name of that to disable , any ways it really makes me into problems , please help me .
thanks
regards
edrees
0
 

Expert Comment

by:Alan_Morrison
Comment Utility
In my instructions......start>run>services.msc  There will be 2 listings of remote procedure...(call), double click the top one and then click the recovery tab.  Change the 3 opt's saying "Restart The Computer" to read "Take No Action".  Click OK.
This stops the countdown timer...
0
 

Expert Comment

by:ryk_sdk
Comment Utility
when i start the winxp "LSA SHELL(EXPORT VERSION ) ENCOUNTERED A PROBLEM AND NEEDDED TO CLOSE" message displays everytime,and when i try to connect my msn it does not connects ,and not saves my password and username,plz tell me how i can fix these problems
0
 

Expert Comment

by:ryk_sdk
Comment Utility
sorry to all,i asked the problem at wrong side
0
 

Expert Comment

by:cakirfatih
Comment Utility
What worked for me with the LSASS problem:

1. Install Antivirus software (ideally before connecting to the Internet, if possible)
2. Restart windows in "Safe mode with networking".  
3. Install the critical update patches from windowsupdate.  
4. Restart in normal mode.

If you try to do updates in normal mode instead of Safe Mode it will keep interrupting your install by rebooting.  It is not necessary to install a worm removal tool, etc.  You will see the problem will disappear after you install all of the Windows patches.

0
 

Expert Comment

by:grantoakley
Comment Utility
If you Recieve the Message:

The system process LSASS.EXE terminated unexpectedly with status code -1073741571. The system will now shut down and restart.

If you restart in Safe Mode, you may receive a message similar to:

Svchost.exe has generated errors and will be closed by Windows. You will need to restart the program. An error log will be created.

This behavior is symptomatic of a corrupted Winsock2 registry key.

To fix the problem:

1. Open a CMD prompt.

2. using REG.EXE on Windows 2000, from the Windows 2000 Support Tools,
or REG.EXE built into Windows XP, Copy / Paste each of the following lines into the CMD Window and execute it:

REG DELETE HKLM\SYSTEM\CurrentControlSet\Services\WinSock2 /f

REG DELETE HKLM\SYSTEM\ControlSet001\Services\WinSock2 /f

REG DELETE HKLM\SYSTEM\ControlSet002\Services\WinSock2 /f

REG DELETE HKLM\SYSTEM\ControlSet003\Services\WinSock2 /f

NOTE: You may receive a 'not found' error on one or more of these commands.

3. Shutdown and restart your computer.

To Find out Information go to:
http://www.jsiinc.com/SUBK/tip5400/rh5456.htm
0
 

Expert Comment

by:ugnius2
Comment Utility
Its clear infection of Sasser or eblaster worm. You should run antivirus and antispyware programs.
some info to read about lsass.exe:
http://www.2-spyware.com/file-lsass-exe.html
0
 

Expert Comment

by:originalrobby
Comment Utility
when you get that in the run command from start menu
type

shutdown -a

then update to sp2
0
 

Expert Comment

by:raydenryu
Comment Utility
Folks,
As per Microsoft, to fix the problem all you have to do is install Windows Patch MS04-011, MS04-007 and MS05-019.

that should take care of the problem after removing the virus.
0
 

Expert Comment

by:umeshdaya
Comment Utility
go to the microsoft site, do a search for the Sasser patch, load the patch for your operating system. this will work.

Note that the file will have to be reloaded if the system if formatted and re installed
0
 

Expert Comment

by:kthn
Comment Utility
I can't enter my computer to fix the windows reboot error.  I have entered the F8 screen and tried in safe mode, retart w/o shutting down, etc.  I have put in the Windows XP disk but nothing works.  In all modes the computer goes to the blue Windows "Click on user" area and then I get the error "windows\system32\lsass.exe" with the status code of -1073741819.  Any help?
0
 

Expert Comment

by:arpitbhargava
Comment Utility
Hey


We had the similar problem of lsass.exe. Almost every 4 days our server was rebooting with lsass error system should be rebooted and it reboots. But with the secur32.dll file being corrupted. There was some permission errors within this file. We  got the hotfix from Microsoft which was released in June 2005, really helped us and now it is not rebooting since last 10 days.

So if you want that hotfix do let me know arpitbhargava@gmail.com.

but make sure yiou have lsass.exe error with secure32.dll file getting corrupted.

Thanks
Arpit
0
 
LVL 3

Expert Comment

by:Raver87
Comment Utility
If you get 60 seconds before the computer shuts down you might have enough time to open the cmd
and type "shutdown -a" without the "".

There are some smaler viruses that uses the shutdown command in windows, and these can't be found with Nod32 for example.

So if it's just a virus/spyware typing shutdown -a in cmd will help.
0
 

Expert Comment

by:srinut31
Comment Utility
hey go to  run type command shutdown -a command it will stay .
 after that open taskmgr wirte down list of process
goto run type msconfig you get one wizard in one "startup" tab is there click on that uncheck all close it it will
ask to reboot . dont reboot the system .

go to run type "temp " and select all and  shift +del
go to run type %temp% and select all and shift+del
change the system volume infomation permisson to everyone .Remove sub folders all drives .
now restart the system
when system boot press F8 . go to safe mode .

Copy a lsass.exe file form onther system copy in to your system it will work  
 
0
 
LVL 5

Expert Comment

by:Feroz Ahmed
Comment Utility
Hi,
This problem persists when Lsass.exe service recovery fails so to overcome this you should look for lsass.exe service and goto properties and recovery and there you will find restart computer which will automatically restart the computer so change it to restart service and click ok and you can overcome the error.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
This video discusses moving either the default database or any database to a new volume.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now