[Zemlya]

I am sure that this has probably been answered already, but having read through some of the posts here I am more confused then ever. So here goes a new thread.

I have Windows XP Home Edition. After coming home from a vacation I tried to start my computer and I receive the following error: lsass.exe, When trying to update a password this return status undicated that the value provided as the current password is not correct.

Before my vacation I installed new virus software from Symantec and as instructed turned off the Windows Firewall - I think that I forgot to turn it back on and that's probably most of my problem.

I am unable to get to the command prompt as indicated in most of the solutions that I have read about worms that might be causing this problem as the computer reboots before I even get to the desktop screen.

I have tried to start in Safe Mode as well as trying to start with the last know good configuration ... I get the same error in both cases. I tried to Repair Windows with my OS disk, but again, got the same error except now, after the windows boot up bar I get a screen that says setup is being restarted and then I get the lsass.exe error.

Can anyone help me with step by step instructions on what to do?

Thanks
Zem

[Advertisements]

do you get to a logon screen at all? Can you hit ctrl-alt-del and then use the administrator account

username administrator
password (blank for home)

[gerryf]

do you get to a logon screen at all? Can you hit ctrl-alt-del and then use the administrator account

username administrator
password (blank for home)

[Zemlya]

No, I do not get to the log on screen at all. I receive the error during the boot up process.

[Zemlya]

I do have a second harddrive with just the operating system on it if that helps at all. The drive is too small to have much else on there.

[gerryf]

I've thought about this, and looked around and come to similar conclusions--this error seems unfixable.

I don't know how long you want to be without your machine....we might come up with an idea, might not...what do you want to do?

[Zemlya]

Well for the moment I have my laptop, but I was hoping that I wouldn't loose everything off the harddrive. I might try to boot up and save some files to a CD, although I do not know if that is wise considering that this is probably a virus? Will reformatting and reloading the OS on this harddrive save it do you think or do I need to go invest in a new one?

[gerryf]

No, this is not a virus...just a corrupt password store. And it had nothing to do with Symantec or your going on vacation.

I've seen it before, but generally it happens directly after a load, not after extensive use.

There are a number of things you can do to recover your data...do you have the two computers networked (normally, I mean, when they are working).

The problem is I am not certain what kind of resources you have. If it were me, I'd pull the drive, put it in another machine, copy the data, wipe the drive and reinstall, then move the data back after program re-installation.

Knowing you have a latop is useful. Got space on it? Got a Windows XP CD?

[Zemlya]

Here's what I have.
I have two hard drives in the effected machine, one with windows XP - don't think there's anything on the other besides some files.
I have an old old hard drive with Windows XP on it, I used that today to boot the machine, but there's not enough room on it to even surf the internet.
The laptop that I have is brand new, nothing loaded on it except what it came with - so yeah - plenty of room.
I do not have them networked normally and I am not sure that I would confidently know how to do that.

Thanks for the semi hopeful response though

Zem

[Zemlya]

Oh, and yes, I have my Windows XP CD.

[gerryf]

Started to type in something else, but this will be easier...

Go here, and build a PE disk...it sounds complicated but it really isn't

http://www.nu2.nu/pebuilder/


All you need to do is copy your i386 directory to yyour harddrive on the laptop and burn a CD.

Then test the PE Disk on your broken computer by putting it in the CD-ROM drive and rebooting.

Your computer will boot from the CD into a Windows like environment. the boot will take longer than normal, since you are booting from the CD. When it asks, say you don't want to install networking (you won't need it).

For the moment, let's just see if this part works...there is no reason that it shouldn't.

After that, BUT DON"T START THIS YET, we will rename three folders with the PE disk, then reboot with a Windows XP installation disk, reinstall windows, reinstall programs, then restore your data from the three renamed folders.

Don't worry...sounds more complicated then it is. In the meantime, I want to do a little more looking at how this Local Security Authority Service works...(that's what LSASS).

Its possible we may be able to fix the problem with the PE disk without the reinstallation, if I can figure out where the password store is...I've never felt satisfied with the "can't fix this" answer.

[thegorx]

try before doing anything
if I'm understanding you, you can dual boot ?

If you can boot into the old windows XP
and open the hidden folder System Volume Information in the root directory of the XP that won't run
open the next restore folder
open one of the RP0-99 restore folders
choose a date from a few days before the problem

open a snapshot folder
copy the

_REGISTRY_MACHINE_SYSTEM

open
WINDOWS\system32\config
of the non working XP

I'd copy the content of this folder and back it up
I usually create a backup folder within this folder

rename System in that folder to oldsystem
this is your system hive

copy the
_REGISTRY_MACHINE_SYSTEM

in this folder and rename SYSTEM

then try rebooting

My guess that should work but you could try replacing other registry hives
but like I said back up the originals first

another place to find a system hive would be
WINDOWS\repair

but that should be the last choice since that will take you back to installation
but you might be able to use system restore afterwards
if you have restore points

note that reinstalling over the top might not fix this and you'll lose you're restore points and you might lose the
WINDOWS\repair
original hive I'm not sure

I'm not saying that this will fix this problem but I believe I've fixed this problem in the past by restoring the system hive

the registry is the easiest thing to get corrupt

[Zemlya]

to thegorx:

Okay, I tried this, but I ran into a problem. When I go to the root directory and try to change to System Volume Information I am getting an access denied error.

So, I tried taking the system file from Windows/Repair on both the bad and the good XPs and neither worked - I am still getting the password error.

But, thanks for trying.

Zem

to Gerryf:

Just went out and bought some CDs to burn backups and a PE disc. Will let you know how I get on, but it'll probably be tomorrow evening before I give it a go.

Thank you for all of your help with this problem.

Zem

[gerryf]

Before we try where I was going, let's go with thegorx's path. (where the heck did I miss the ability to duel boot?)

I think I see where thegorx is going with this, and I like that idea...but I think the error is more likely in the SAM, rather than system file. No matter, let's try both.


Let's back up a bit

Boot into the other OS and select the SYSTEM VOLUME INFORMATION in the root directory of the XP installation that will not run (I assume C:)


RIGHT CLICK, select PROPERTIES, then click the SECURITY tab. Click the ADD button. type in your username, click OK. This will take you back to the previous screen. Before closing, select your username, then click FULL CONTROL checkbox, now click OK. You can now access the folder.

open a restore folder dated at a time things were working.

(will look like this _restore{lengthy alpha numeric string})

open one of the RP0-99 restore folders

choose a date from a few days before the problem

open a snapshot folder

copy the

_REGISTRY_MACHINE_SYSTEM
and
_REGISTRY_MACHINE_SAM

open
WINDOWS\system32\config of the non working XP intalltion (I assume c:\windows\system32\config

He said he's copy, and I would too the content of this folder and back it up
As noted, creating a folder called backup within this folder will work

rename a file called system (no extension, lowercase) in that folder to oldsystem
this is your system hive

rename a file called SAM (no extension, all caps) in that folder to oldSAM
this is your SAM database (where system passwords are stored)

copy the
_REGISTRY_MACHINE_SYSTEM
to this folder and rename it "system"

copy the
_REGISTRY_MACHINE_SAM
to this folder and rename it "SAM"

then try rebooting

[magusbuckley]

Hello:

Sorry to hear you are having computer troubles. I have had the lsass.exe problem many times in the past and have done more research on this problem then anyone on the planet (or so it feels).

To my disbelief, the easiest thing to do is just reinstall windows into the same directory.

When you boot from your XP CD, choose the option to install. Then choose the option to re-install Windows. Do not install to a new directory. When the system comes up, you will have lost your restore points, but they've NEVER helped me anyway. While installing windows, it will ask you to create your system users. For now, we are going to create a random user just to get your PC running again. Don't strain your brain trying to come up with a user name. You can use any ole name, but DON'T use the name of any of your old users. When the system comes up....reboot. Now, when your computer boots, you'll be taken to the login screen. Login as your original user name (the one you had trouble with) and go to the users settings under the control panel. From there, you can delete the random profile you just created when setting up windows.

Trust me, I've tried so many things, including the some of the stuff mentioned above. The only thing I've found to fix this problem is to reinstall Windows into the same directory the corrupt version is in.

LSASS = Local Security Authority Services Sysetm

This file is used when Windows determines what type user you are - Administrator, Power User, etc. This is why the error always comes just before you get to your desktop.

Problems with this file are creating the "Blue Screen Of Death". The reason your computer keeps restarting is because, by default, XP Home is set to reboot when there is a "Blue Screen Of Death". To disable this feature...so you can actually see the error message and try to determine the cause of your problem do this:

Open "System" icon from the control panel. Click "Settings" under Startup and Recovery. Now uncheck "Automatically Restart" under "System Failure".

I hope this helps. I know this is a time consuming process, but I'd bet all I own that this is the road you'll have to take at some point to get your system up and running again. If I were you, I'd just go ahead and take this road now.

Good luck, keep us posted on your progress

Oh, usually, the only time the LSASS problem is a virus is if the error message is listed as "Lsass.exe" instead of the normal "lsass.exe".

[Zemlya]

okay - this seems easy enough to try, but I have a question

Boot into the other OS and select the SYSTEM VOLUME INFORMATION in the root directory of the XP installation that will not run (I assume C:)

when you say root directory are you talking about getting to a command prompt and going right to c:? When I did this earlier today I did not see another directory called SYSTEM VOLUME INFORMATION, but I typed it in and got an access denied message. Is there another way of getting to this folder or am I doing something wrong?

It's been A LONG time since I used DOS. I consider myself computer literate, I am not scared of them and I will attempt anything once I semi know what I am doing, but I am by no means confident of finding my way around one. Let's just say I am a helpdesk nightmare, I know enough to try to fix it myself but ... well, you know