Solved

Windows XP Pro.  Ntldr missing and wont boot. Also Lsass.exe issues

Posted on 2004-09-26
6
15,588 Views
Last Modified: 2008-01-09
Symptoms were:

On Power on Boot the blue XP bar kept cycling and after 3 mins there was no boot.
Powered off and the result was Ntldr missing.

Computer was a brand new Toshiba Tecra Notebook and had been running perfectly in an office environment for a week.  Standard Ghost image and this was about the 400th Notebook released to an employee.. NTFS partition,  Fully up to date with patches except SP2, protected by Sophos AV and TrendMicro firewall on the Wan.

On examination there were no bootable partitions available and suspected corrupted hard disc.. Ran Spinrite V6 at level 2, passed perfectly, then the higher level again passed perfectly. Assumed no hard disc failure.

Then booted Windows XP Recovery Console from CD.  and found no directories on the C: drive.. Then executed Fixboot and Fixmbr to the  boot record from Recovery Console, exited and rebooted... Windows XP started to reboot but failed with the message "Lsass.exe Componets missing".  in Safemode the same message.

At this point I was suspecting Sasser virus so I trawled the Web and then using Recovery Console again could not find any of the suggested Virus exe files... but all of the known folders were now present..

So I expanded (copied) the Lsass.exe file from the Recovery console.  Still no further advanced. Same error

Then I booted again off the CD and ran Repair disc..  It finally stopped when it attempted to boot/start at the 39min mark with the same error "lsass.exe" missing, the same with Safe mode.. but would not allow me to continue because the setup had failed. When the Lsass.exe reports as missing and you click OK the system re-boots and keeps cycling through the same issues, setup attempts to restart at the 39 min mark.

I then put the hard disc into the cradle of our Master Imaging computer and chkdsk came up with scattered groups of 4 segment errors immediately.  Again suspected corrupted disc.. and because I had run Spinrite earlier I assumed the hard disc was physically OK but had been corrupted.

Because there was no data recovery involved I gave up on my quest to attempt tio find the cause and GHOST re-imaged the Notebook with our latest Win XP Pro image and all is now working perfectly.

After browsing the web this "mysterious" Lsass.exe issue with possibly no virus activity is common and the only fix is to reformat or re-image as in our case..

Lets hope there are some comments from the community...

Colin Martin (Australia)
 


0
Comment
Question by:colinm39
6 Comments
 
LVL 15

Expert Comment

by:Cyber-Dude
ID: 12154442
Being through all of that, theres no chance it is a floppy, right?

;)

Cyber
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 12154482
Check out the hotfix for XP in this article:

http://support.microsoft.com/default.aspx?scid=kb;en-us;815319&Product=winxp

I would disconnect any devices you do not need to load in this machine first, and perhaps disable all USB devices in the BIOS until you get the system booting normally.

FE
0
 
LVL 11

Expert Comment

by:huntersvcs
ID: 12155062
It sounds as if the original image was OFFSET - meaning that instead of starting to write at first sector it had been shifted 4 bits.  That's probably the reason why at first no folders were visible.  Repairing the MBR corrected this so you could see them, but some windows files cannot be moved - they are specifically addressed.  That would explain the NTLDR and  Lsass.exe problems (even though they were there, Windows was looking in the wrong place based on the new address).  Reimaging evidently produced a correct transfer starting in the first sector!
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 11

Accepted Solution

by:
Paul S earned 250 total points
ID: 12155809
did you run "chkdsk /r" from recovery console. you can also run chkdsk and other cool tools from BartPE. read about it here:

http://www.paulscomputerservice.net/index.php?body=./software/bartPE.php
0
 
LVL 3

Expert Comment

by:wolfteeth
ID: 12167501
Yes, I think it is a MBR record problem. may you use format /mbr to fix it?
0
 

Expert Comment

by:balbatdj
ID: 12372738
To save a lot of time just reformat the hard drive
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
System Restore 5 48
Problem to LibreOffice 24 75
Administrator Tools 2 65
good comptia a+ teacher? 4 75
As the title indicates, I have done this before. It chills me everytime I update the OS on my phone, (http://www.experts-exchange.com/articles/18084/Upgrading-to-Android-5-0-Lollipop.html) because one time I did this and I essentially had a bricked …
Sometimes a user will call me frantically, explaining that something has gone wrong and they have tried everything (read - they have messed it up more and now need someone to clean up) and it still does no good, can I help them?!  Usually the standa…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now