Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Continuous loop in XP.  LSASS.exe error

Posted on 2011-10-11
13
Medium Priority
?
588 Views
Last Modified: 2012-08-13
Hello Experts

I'm working on a client's machine.  The original symptom was that Windows hang at the splash screen.  I ran some external scans (Norton, MalwareBytes and SuperAntiSpyware) and found a couple trojans.  Removed them but had the same results.
 
I ran a repair install and now it boots, but I get a lsass.exe error.  It says "When trying to update a password this return status indicates that the value provided as the current password is incorrect".  I went to the recovery console to repair the security file, but it asks for the administrator password.  Tried a blank password and that didn’t work.  So I ran my password removal tool, but a blank password still does not work.

An interesting thing about the results with my password removal tool:  The user's account name didn't show up as one of the accounts.  Ordinarily it shows all the account names.

Because it’s a lsass error, I re-scanned using MalwareBytes, but it came up clean.
I’m currently running a virus scan but if I can get some insight while that’s running, I’d appreciate it.

Any ideas?

Thanks

thedslguy
0
Comment
Question by:thedslguy
  • 7
  • 5
13 Comments
 
LVL 66

Accepted Solution

by:
johnb6767 earned 2000 total points
ID: 36949073
See my second comment here

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_22888110.html

For details on how to remove the Password Prompt in the Recovery Console. Personally, I haven't used the RC in ages, as I would use UBCD instead, MUCH more robust....

Assuming Safe Mode behaves the same?
0
 
LVL 30

Expert Comment

by:flubbster
ID: 36949130
Once you are able to get to the recovery console, or is you use an alternate boot system or can boot to a command prompt, you can try replacing just the security registry hive.

ren c:\windows\sytem32\config\security  security.bak

copy c:\windows\repair\security c:\windows\system32\config\security
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36949192
FYI, the one from the CONFIG directory is from the FIRST boot after installation. Use the ones from the Restore Points if available. Else you might have issues logging in. Those details are listed above in my first link......
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 66

Expert Comment

by:johnb6767
ID: 36949195
Not the Config directory, the Repair directory...... Need caffeine.....  :)
0
 
LVL 1

Author Comment

by:thedslguy
ID: 36949649
johnb6767

My copy of UBCD is way outdated.  I'm creating a new one and then I'll run the recovery.

Thanks

tdg
0
 
LVL 1

Author Comment

by:thedslguy
ID: 36953816
I just replaced teh securith hive.  No change.  It still gave me the lsass error:

"When trying to update a password this return status indicates that the value provided as the current password is incorrect".

Sure woule like to fix this without a clean install.

Also:  Sure do like the new UBCD!

tdg
0
 
LVL 1

Author Comment

by:thedslguy
ID: 36953825
Also, when I try to boot from the Windwos CD and go to RC it still says a blank password is not valid.

tdg
0
 
LVL 1

Author Comment

by:thedslguy
ID: 36953910
Typo there.:  Securith hive = security hive.

I also created a new SAM file with the same results.

In other words, it stilll gives the same error (LSALL error: "When trying to update a password this return status indicates that the value provided as the current password is incorrect"

And it' sstill in the restart loop.

tdg
0
 
LVL 1

Author Comment

by:thedslguy
ID: 36956851
johnb6767

One more thing:

I just saw that in the post you had me look at, you said to load the hive.  Well, that option is greyed out.  

I'm going to try it with Bart PE

tdg
0
 
LVL 1

Author Comment

by:thedslguy
ID: 36962464
Does anyone know of a way to view and edit hives when accessing the drive externally?

I made a clond of this drive before I started and when looking at teh original I find the SAM file the same size as the sam file in c:\windows\repair.  I'm afraid the lsass bug destroyed the user's profile and I'd like to find a way to restore it.

Any ideas?
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36966514
"I just saw that in the post you had me look at, you said to load the hive.  Well, that option is greyed out. "

Highlight HKLM first, then Load Hive is visible....
0
 
LVL 1

Author Closing Comment

by:thedslguy
ID: 36971637
It WORKED!!!

The client still has some issues, but I got to his profile.

THANK YOU SOOOOOOOO MUCH, johnb6767!!!

thedslguy
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36971819
Glad it worked....
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question