Guys , one of my work collegues has as hp laptop , win xp home on it . and its just started rebooting on the logon screen . i get an error message saying lsass.exe, and then it reboots . Is this a virus ??? and can i save it ??????

lsass - lsass.exe - Process Information

Process File: lsass or lsass.exe
Process Name: Local Security Authority Service

Description:
lsass.exe is a system process of the Microsoft Windows security mechanisms. It specifically deals with local security and login policies. This program is important for the stable and secure running of your computer and should not be terminated.

Note: lsass.exe also relates to the Windang.worm, W32.Spybot.ABDO, irc.ratsou.b, Webus.B, MyDoom.L, Randex.AR, Nimos.worm which spread via floppy disk drives, mass-mailing and peer-to-peer sharing. Please review file path for clarification of this.

Determining whether this process is a virus or a Windows process depends on the directory location it executes or runs from in WinTasks.


Read on:

http://ask-leo.com/what_are_lsass_lsassexe_and_sasser_and_how_do_i_know_if_im_infected_what_do_i_do_if_i_am.html

This is definately a virus ,. Ive been on symantecs website , and it says i should have 20 secs or so , to delay the shutting down . I cant do this because it only boots to the desktop picture , not with all the icons on !! So i cant go into the the command prompt and type whats needed. It shuts down instantly when that message appears.

Is there a fix ??

you could try to use the keyboard shortcuts...if your fast enough(works for me sometimes)

WindowsKey+R --> type "cmd" --> type this (note the space) "shutdown -a"

if you are able to stop the shutdown and get to a browser...better go get one of Symantecs Virus Removal Tools

Ill try , If i cant do this , are we talking reformat ????

Nope , aint havin none of it. just found out she hasnt any antivirus on it.

You have a Sasser worm or a variant of it. Here's a removal tool:

http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

Sounds like your collegue doesn't have all the updates from MS installed. The monthly tool from MS, Malicious Software Removal Tool, would have taken care of Sasser too.

I had a friend with this problem... never could get it to work. You can't get into safe mode either. I backed up all her files using a USB pen drive and Knoppix Linux then reformatted.

I had a friend with this problem... never could get it to work. You can't get into safe mode either. I backed up all her files using a USB pen drive and Knoppix Linux then reformatted.

very smart move.never tought of that...hehehe:D

Guys , i cant get into windows to do anything. It looks like she has never updated it or had any kind of antivirus on there. It instantly reboots as soon as the desktop picture comes on, then i get the error message then reboot. Is there a way of saving anything of it , or can a repair be done in dos ?????

The notebook is a hp nx9010

One way to work this is to remove the hard drive from the laptop and then install it in a desktop with a 2.5" HDD to 3.5" HDD adapter (http://shop.store.yahoo.com/laptopsforless/25to35laphar.html) and then run a virus scan that way. Once the 2.5" HDD is clean you install it back in the laptop and see how it runs.

Also, could you please change the color of the font in your sig...the red lettering is really bothersome.

:) Cricket

Guys , i cant get into windows to do anything. It looks like she has never updated it or had any kind of antivirus on there. It instantly reboots as soon as the desktop picture comes on, then i get the error message then reboot. Is there a way of saving anything of it , or can a repair be done in dos ?????

The notebook is a hp nx9010

As stated in my post above... use a Knoppix Linux Live CD and a USB pen drive to backup the data.

http://www.knoppix.org

An alternative to Knoppix is a BartPE CD. If available, you can try someone's antivirus program that comes on a bootable CD, but the definitions are going to be quite stale. XP has no DOS so that's not really an option - you can boot with an XP CD and use the console, but there's not much you can do in there that would help this issue.

Ok thanks for all the replies guys. Ill have a go at the knoppix . If i cant do it , she knows the worst case scenario.

Cheers