lsass.exe password not correct

Most posts are over 6 months old on this one.  I had just added a password to my user account this past weekend and was rewarded with this nasty error.  

Before the logon page I get:

System error: lsass.exe

When trying to update a password a return status indicates that the value provided as the current password is not correct.  

As with others, the machine reboots continuously after this happens with no interaction.  I am unable to get into any safe mode and a repair (not the first one) does nothing.  It has been well documented that it is not related to sasser, although I'm having trouble finding a definitive fix.  In addition, there seems to be a contstant argument over whether or not is can be fixed without a wiping the drive, but no conclusion.  
smksd845Asked:
Who is Participating?
 
JoeCommented:
I had encountered this same problem a few months ago and researched it for a little while and was not able to come up with a solution besided wiping the drive. I had spent more time trying to find the solution to this problem then it took me to slave the drive to another machine and backup the files from the drive and then wipe it.

Joe
0
 
samsmith1968Commented:
If the lsass.exe is spelt with a capital L this is ok...if spelt all lower case this is a virus.

Have a read... http://securityresponse.symantec.com/avcenter/venc/data/backdoor.futro.html
0
 
venom96737Commented:
well sounds like the registry is messed up or the SAM file is messed up this link has helped http://support.microsoft.com/kb/307545  but remember if you have an OEM copy of windows you are going to want to use the come of the files in system volume information under restore and a date before you messed with it.
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
smksd845Author Commented:
Joe,

I haven't done something like that in a while, but I remember right, you can't just toss a drive in a machine without it wanting to format it in order to recoginze it.  I'd like to do that just so I can get a backup.
0
 
JoeCommented:
If this is just a regular IDE HD you should not have a problem doing this. Windows will automatically recognise the drive and assign it a drive letter. In most cases I did not have to touch the jumper settings.
0
 
smksd845Author Commented:
Venom,

I had built this machine myself and did install XP with an oem copy I got with the parts from newe**.c**.  I wanted to confirm that that puts in the OEM category that 307545 calls out.  If so, how do I go about accessing the system volume info you refrerred to.  (skill level = I can change parts and build, not to much o/s knowledge, but comfortable getting around with guidance).
0
 
smksd845Author Commented:
Joe,

It's a serial WD drive.  I don't have another serial MB.  I was hoping I could hook it up IDE since it can go both ways.

0
 
smksd845Author Commented:
Sam,

I'll check again to be sure (machine is not with me right now--I plan to bring it with me to work from lunch).  Most of what I've read in other posts indicate this isn't a virus problem.  I cannot get to the o/s at all.  There is no window that pops up saying the system will reboot as I've read with infected machines.  I imagine the "(I)sass" would show up in a HiJackthis report.
0
 
venom96737Commented:
in recoveryconsole cd c:\system volume infomation
0
 
smksd845Author Commented:
I was mistaken about my serial drive, its the power that goes either way (makes sense).  Anyway, if that's the route I wind up going then do you agree I should be able to put another serial drive in, install XP, and then add the original (bad XP) as a slave in order to get my files off?
0
 
smksd845Author Commented:
Venom,

What do you think the success rate is of 307545?  Someone else on another help board (second opinion) felt there was a 50/50 chance because of all the editing, which may be a result of simply not being careful.  

If I try recovery first and it fails or worsens, does it reduce the chances of slaving the drive and getting my files?
0
 
FriarTukCommented:
try booting from the xp cd into recovery console (command mode)
1) sfc /scannow
2) %systemroot%\system32\restore\rstrui.exe

also try slaving your drive to another computer, booting from that pc's drive in safe mode & running a full AV & spyw scans on your drive
0
 
venom96737Commented:
no smk you are not messing with your files at all you are replacing your registry files with older ones that worked you have no chance of losing you data what so ever.  You will be able to slave and see all the folders as longs as you do not format the drive of course.
0
 
venom96737Commented:
because of alll what editing is my question if you follow the directions and understand what is happening it is a fairly simple project.  I cannot however guarantee any success because lass errors are not easy to correct
0
 
smksd845Author Commented:
I agree venom, it's just a matter of being careful.  What I don't want to do is further reduce the chances of getting the data off the bad o/s drive.  

Since this is the only serial HD machine in my arsenal, I ordered another drive with the intent of setting up XP on it and then slaving the problem drive to get the files off (unless the recovery works completely).  It should arrive R or F.  

Thanks to all for your continued guidance.  I will post an update as this moves along.  
0
 
JoeCommented:
smksd845 ,

There might be another easier way of getting the data off of your machine without having to order another drive. If you have your machines networked together you can throw the bad drive into your machine and try to run Barts PE this will let you boot up into a pre installed environment and select the files you want backed up and send them over the network. Here is a link to the software if you are interested.

http://www.nu2.nu/pebuilder/

Joe
0
 
JoeCommented:
*throw the bad drive into your machine

Sorry, you would not have to throw the drive in any machine you could just run the boot cd on the machine that is causing problems.

Joe
0
 
smksd845Author Commented:
Joe,

I read about Bart's on another help board.  Does it provide networking and allow for static machine IP's and gateway?  
0
 
JoeCommented:
What is BartPE and PE Builder?

Bart's PE Builder helps you build a "BartPE" (Bart Preinstalled Environment) bootable Windows CD-Rom or DVD from the original Windows XP or Windows Server 2003 installation/setup CD, very suitable for PC maintenance tasks.

It will give you a complete Win32 environment with network support, a graphical user interface (800x600) and FAT/NTFS/CDFS filesystem support. Very handy for burn-in testing systems with no OS, rescuing files to a network share, virus scan and so on.

Barts PE Supports networking.

Joe
0
 
FriarTukCommented:
hey smksd, have you tried doing my suggestions?

try booting from the xp cd into recovery console (command mode)
1) sfc /scannow
2) %systemroot%\system32\restore\rstrui.exe

also try slaving your drive to another computer, booting from that pc's drive in safe mode & running a full AV & spyw scans on your drive
0
 
smksd845Author Commented:
Well guys, I wound up slaving the drive and getting my data through the fresh install on the new drive.  I was unable to use Bart's.  I couldn't get past the networking, which I read can be a problem (Keep in mind the clock was ticking and I couldn't drag this out too long).  I was unable to get into the recovery console because it wouldn't let me past the admin password prompt.

I inadvertently made things more difficult by using the same user name on the fresh install, which then locked me out my docs.  I then had to re-establish owner rights to those files, which allowed me to copy them to a networked machine.  I decided to wipe both drives when done and start over again.  All seems to well once again.  

Of all the research I've done on this error, it seems the path from Microsoft relayed by Venom or FriarTuk hedge on getting into the recovery console.  This has been something that has affected some, but not all with this problem.  It seems that for those that cannot get into to recovery console the common answer is what I wound up doing.  

I will add that someone else had mentioned using a USB external HDD dock for SATA drives.  This would have been a cheaper alternative to purchasing a second drive since I could have inserted the bad o/s drive in there and connected to another machine.  Oh well, live and learn.  Thanks for all your help guys.    
0
 
venom96737Commented:
nah smk all you really had to do was boot it up to bart or used the ultimate boot disk or could have even used a linux live cd like klopnix and copied the files that way you do not have to get into recovery console you just have to get something that will read the ntfs and copy the files you need.  Glad you got it going and better luck in the future.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.