lsass.exe - Not Enough Quota

Ok I am going to try to be as clear as possible but I may leave something out so just ask me as many questions as needed. I was recently downloading some files off of the interenet that aren't necessarily trusted and I was dumb enough to leave my virus protection off. I'm already beating myself up over that so I don't need any lectures. :) Anyway, When I rebooted I got the following error that appeared before the CTRL + ALT + DELETE Login screen:

Title Bar: lsass.exe - Not Enough Quota

Not enough virtual memory or paging file quota is available to complete the specified operation.\

Button: Ok

As soon as I click ok, the pc reboots. Now I can get in to safe mode fine, and I have tried doing a system restore to no avail. I have messed around with the virtual memory settings as well with no avail. I really need some help ASAP. This is a video editing machine and I have videos to edit that need to be done by this weekend.

Please Help, I gave this one 500 points because it is SOOOO urgent. Help me experts you're my only hope.
jeremy092288Asked:
Who is Participating?
 
baptistblokeCommented:
I have experianced this problem before and it was a pain to figure out... but here it is :-D  (Worked for moi)

If the file that is being mentioned was Lsass.exe with a capitol L that's fine. It's legit. However.... as its lsass.exe with a lower case L then it is a RATSU.B VIRUS!

Also Known As: Trojan.BAT.Passer.a [Kaspersky], IRC/Flood.bat [McAfee], BAT_RATSOU.B [Trend], W32/IRCFLood -G [Sophos]
Type: Trojan Horse
Infection Length: various
Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows ME
Adds the registry values:
"HID.EXE"="%System%\HID.EXE"
"lsass"="%Windir%\Debug\UserMode\lsass.exe"

To remove it go to the symantec website linked below and follow the instructions
http://www.symantec.com/security_response/writeup.jsp?docid=2003-051918-1128-99&tabid=3

Hope that helps :-)

Let us know how you got on
0
 
purplepomegraniteCommented:
This sounds like it could be SmitFraud or another rootkit - I have seen similar.

Download Blacklight: http://www.f-secure.com/blacklight/try_blacklight.html

Run it in safe mode and post back if it finds anything.
0
 
rpggamergirlCommented:
Hijackthis scan would be a good start, if the culprit is not hidden.
http://danborg.org/spy/hjt/alternativ.exe
Open Hijackthis, click "Do a system scan and save a logfile" please don't fix anything yet and show us the log.
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

 
jeremy092288Author Commented:
Nope, I ran that backlight and it didn't fix find anything, I will run hijack this next.

Is it at all possible I have a bad stick of ram? It only gives me this error on a warm boot.

If I turn off the computer and turn it back on it seems to run fine.
0
 
rpggamergirlCommented:
You could also run this tool and show us the log please.
Download ComboFix to your Desktop, from either of these locations:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double click "combofix.exe" and follow the prompts.
When finished, it shall produce a log for you.
Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Oh btw, Blacklight only runs in Normal Mode.
0
 
jeremy092288Author Commented:
Oh btw, Blacklight only runs in Normal Mode.

Meaning it won't work in safe mode?

Cause I ran it in normal.
0
 
rpggamergirlCommented:
That's right!
Blacklight will not run in Safe Mode.
0
 
jeremy092288Author Commented:
ComboFix Log:

***Log removed by rpggamergirl, Zone Advisor***
0
 
jeremy092288Author Commented:
Hijack This Log:

***log removed by rpggamergirl, Zone Advisor***
0
 
jeremy092288Author Commented:
Just to let you guys know I took two 512 stick out of my machine that I had added a few months ago. It hasn't done it since, but I am still skeptical. If I had bad memory this whole time, why could I get into safe mode? Or is it just a coincidence?
0
 
baptistblokeCommented:
has this problem been resolved?  

no comments in 9 days now?
0
 
jeremy092288Author Commented:
It isn't doing it anymore but the OS still seems to be corrupt somehow
0
 
purplepomegraniteCommented:
If you were running for any length of time with bad memory, the OS could be corrupt - at any time it could have saved changes to hard-drive that had been corrupted by being in bad memory.

Any particular symptoms of corrupt OS?!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.