[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

lsass.exe - Not Enough Quota

Posted on 2007-08-02
14
Medium Priority
?
1,531 Views
Last Modified: 2012-08-13
Ok I am going to try to be as clear as possible but I may leave something out so just ask me as many questions as needed. I was recently downloading some files off of the interenet that aren't necessarily trusted and I was dumb enough to leave my virus protection off. I'm already beating myself up over that so I don't need any lectures. :) Anyway, When I rebooted I got the following error that appeared before the CTRL + ALT + DELETE Login screen:

Title Bar: lsass.exe - Not Enough Quota

Not enough virtual memory or paging file quota is available to complete the specified operation.\

Button: Ok

As soon as I click ok, the pc reboots. Now I can get in to safe mode fine, and I have tried doing a system restore to no avail. I have messed around with the virtual memory settings as well with no avail. I really need some help ASAP. This is a video editing machine and I have videos to edit that need to be done by this weekend.

Please Help, I gave this one 500 points because it is SOOOO urgent. Help me experts you're my only hope.
0
Comment
Question by:jeremy092288
  • 6
  • 3
  • 2
  • +1
13 Comments
 
LVL 24

Assisted Solution

by:purplepomegranite
purplepomegranite earned 660 total points
ID: 19621910
This sounds like it could be SmitFraud or another rootkit - I have seen similar.

Download Blacklight: http://www.f-secure.com/blacklight/try_blacklight.html

Run it in safe mode and post back if it finds anything.
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 660 total points
ID: 19622465
Hijackthis scan would be a good start, if the culprit is not hidden.
http://danborg.org/spy/hjt/alternativ.exe
Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet and show us the log.
0
 

Author Comment

by:jeremy092288
ID: 19622479
Nope, I ran that backlight and it didn't fix find anything, I will run hijack this next.

Is it at all possible I have a bad stick of ram? It only gives me this error on a warm boot.

If I turn off the computer and turn it back on it seems to run fine.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 19622486
You could also run this tool and show us the log please.
Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Oh btw, Blacklight only runs in Normal Mode.
0
 

Author Comment

by:jeremy092288
ID: 19622517
Oh btw, Blacklight only runs in Normal Mode.

Meaning it won't work in safe mode?

Cause I ran it in normal.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 19622619
That's right!
Blacklight will not run in Safe Mode.
0
 
LVL 3

Accepted Solution

by:
baptistbloke earned 680 total points
ID: 19624640
I have experianced this problem before and it was a pain to figure out... but here it is :-D  (Worked for moi)

If the file that is being mentioned was Lsass.exe with a capitol L that's fine. It's legit. However.... as its lsass.exe with a lower case L then it is a RATSU.B VIRUS!

Also Known As: Trojan.BAT.Passer.a [Kaspersky], IRC/Flood.bat [McAfee], BAT_RATSOU.B [Trend], W32/IRCFLood -G [Sophos]
Type: Trojan Horse
Infection Length: various
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows ME
Adds the registry values:
"HID.EXE"="%System%\HID.EXE"
"lsass"="%Windir%\Debug\UserMode\lsass.exe"

To remove it go to the symantec website linked below and follow the instructions
http://www.symantec.com/security_response/writeup.jsp?docid=2003-051918-1128-99&tabid=3

Hope that helps :-)

Let us know how you got on
0
 

Author Comment

by:jeremy092288
ID: 19624713
ComboFix Log:

***Log removed by rpggamergirl, Zone Advisor***
0
 

Author Comment

by:jeremy092288
ID: 19624724
Hijack This Log:

***log removed by rpggamergirl, Zone Advisor***
0
 

Author Comment

by:jeremy092288
ID: 19624797
Just to let you guys know I took two 512 stick out of my machine that I had added a few months ago. It hasn't done it since, but I am still skeptical. If I had bad memory this whole time, why could I get into safe mode? Or is it just a coincidence?
0
 
LVL 3

Expert Comment

by:baptistbloke
ID: 19716812
has this problem been resolved?  

no comments in 9 days now?
0
 

Author Comment

by:jeremy092288
ID: 19716960
It isn't doing it anymore but the OS still seems to be corrupt somehow
0
 
LVL 24

Expert Comment

by:purplepomegranite
ID: 19718496
If you were running for any length of time with bad memory, the OS could be corrupt - at any time it could have saved changes to hard-drive that had been corrupted by being in bad memory.

Any particular symptoms of corrupt OS?!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question