rerwi
asked on
lsass.exe error, status code 1073741819, and whistler professional
Ok, here's my problem. After getting online I get this.
This system is shutting down. please save all work in progress and logg off. any unsaved changes will be lost. This shutdown was initiated by NT Authority/system.
MESSAGE
the system process 'C:\windows/system32\lsass .exe' terminated unexpectedly with status code -1073741819 the system will now shutdown and restart.
then it gives me 60 secs till it shutsdown
Ok, I'm trying to fix this computer for a friend. It's an HP pavilion 510n. I have reformatted the hard drive, reinstalled windows Xp Home and still get this message. Also, upon booting, it gives me the choice of Window Xp Home edition or Whistler professional. Now, I used my Windows disk but used his password. I've never seen anything like this or the lsass error. All the checking I've found is something concerning the sasser virus. I thought, ok, but I reformatted, and why would it still be there? I went into services and disabled messenger service, ran Avg,spybot,stinger,among others and no sasser is popping up. Any help at all would be greatly appreciated. I've tried reading all the FAQs about this on this and other sites, and no help as of yet so I thought I'd post this question. Thanks in advance!
This system is shutting down. please save all work in progress and logg off. any unsaved changes will be lost. This shutdown was initiated by NT Authority/system.
MESSAGE
the system process 'C:\windows/system32\lsass
then it gives me 60 secs till it shutsdown
Ok, I'm trying to fix this computer for a friend. It's an HP pavilion 510n. I have reformatted the hard drive, reinstalled windows Xp Home and still get this message. Also, upon booting, it gives me the choice of Window Xp Home edition or Whistler professional. Now, I used my Windows disk but used his password. I've never seen anything like this or the lsass error. All the checking I've found is something concerning the sasser virus. I thought, ok, but I reformatted, and why would it still be there? I went into services and disabled messenger service, ran Avg,spybot,stinger,among others and no sasser is popping up. Any help at all would be greatly appreciated. I've tried reading all the FAQs about this on this and other sites, and no help as of yet so I thought I'd post this question. Thanks in advance!
ASKER
Ran stinger, says it's fine. I did all the updates as well. I'll be able to tell more about it tomorrow, but does anyone know why the whistler professional comes up at bootup as an option? Never had it happen before, didn't know if it was just HP crap or something deeper. Any help would be greatly appreciated. Thanks for the quick reply as well.
Well, Whistler Professional was the code name for the XP Pro beta version. My guess is that someone tried to load that, and it was unsuccessful. I presume there was no second partition on this computer? You can get rid of the option for Whistler by editing the hidden Boot.ini file, as explained in this MS article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;289022
HOW TO: Edit the Boot.ini File in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;289022
HOW TO: Edit the Boot.ini File in Windows XP
ASKER
Well, i went into the notepad file, deleted the 2nd one which was whistler. It makes no sense, I deleted all partitions, did a Long reformat and it had still came up. After doing what you said, I rebooted, and it now it goes straight to xp home, thanks so much for that. Only other thing now, as I'm not online with that system, is when it's booted now, it says in a box that pops up:
LSA Shell (Export Version)
LSA Shell(Export Version) encountered a problem and needed to close. This error occurred on 5/9/2005 at 10:33:19 PM.
Please tell microsoft about this problem. etc,etc,etc
Ok, today was the first day I seen this, and it's the 10th and at 2:59 Pm. It has did it the last 3 times on reboot. First time, when I clicked don't send, it would just keep popping back up, 2nd time, it closed with one click, this time it took 3 clicks. Any idea what could be causing this, is it related to the lsass problem I had before. Again, Thanks for your expertise in this matter, it is GREATLY appreciated!
LSA Shell (Export Version)
LSA Shell(Export Version) encountered a problem and needed to close. This error occurred on 5/9/2005 at 10:33:19 PM.
Please tell microsoft about this problem. etc,etc,etc
Ok, today was the first day I seen this, and it's the 10th and at 2:59 Pm. It has did it the last 3 times on reboot. First time, when I clicked don't send, it would just keep popping back up, 2nd time, it closed with one click, this time it took 3 clicks. Any idea what could be causing this, is it related to the lsass problem I had before. Again, Thanks for your expertise in this matter, it is GREATLY appreciated!
There's a similar question over in the Windows Security topic area. According to that, it still has to do with the Sasser worm:
https://www.experts-exchange.com/questions/20975585/LSA-Shell-Export-Version.html
LSA Shell (Export Version)
https://www.experts-exchange.com/questions/20975585/LSA-Shell-Export-Version.html
LSA Shell (Export Version)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hey, thanks for the help. It was greatly appreciated. It wasn't the sasser. I actually found 7 worms on bootup scan, got rid of those, and it still did it. So I went into safe mode, and found a beagle virus. I had already did a scan in safe mode before with no luck, so it must've been something new. Anyway, I was just waiting to see if it did it anymore, and the guy says it's working good. So thank you so much!
http://www.microsoft.com/security/incident/sasser.mspx
What You Should Know About Sasser
You can download this free tool called Stinger to get rid of it:
http://vil.nai.com/vil/stinger/
And be sure to go to Windows Update and download all the necessary patches.