lsass.exe error....Puta wont boot

JonshandbrakeJonshandbrake PERTH, WESTERN AUSTRALIA Member
edited November 2007 in Hardware
G'day to everyone and I thank you in advance for any help you can give.

I'm not too sure of my puta's internals as my hubby has all that info in his head. I know it is a P4 272mhz something with 80 & 60 gig Hard drives. OS is windows XP home edition

Well I am experiencing a bootup problem. I keep receiving the error message "lsass.exe The endpoint format is invalid" then the system just stays on this black blank screen with this error message. I keep restarting, the system almost logs on then the same error message pops up again.

I have restarted in safe mode and done a system restore twice to take the system back to when it worked correctly. The system restores both worked and reinstalled the system to an earlier date and time but it didn't fix up the lsass.exe problem. I can only log on now in safe mode.

Please help.......is there a fix or a patch that can fix my problem

Hugs

Sally

Comments

  • LeonardoLeonardo Wake up and smell the glaciers Eagle River, Alaska Icrontian
    edited February 2004
    Have you tried running Windows "Error-checking" for the affected drive? (It should be your C: partition/drive.) I'd try that first. If that doesn't work, I would suggest doing a Windows XP installation in restore mode. I don't know of a simpler solution. If you need help performing either of those operations, just post again. We'll get your system working right again.
  • JonshandbrakeJonshandbrake PERTH, WESTERN AUSTRALIA Member
    edited February 2004
    Could you please help with instructions on how to do these options.

    Would a system repair work???? I know how to do this

    Regards

    Sally
  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited February 2004
    Technically, you might try the KB828028 patch run in safe mode if you can get it as an archive on another box and then get it on the hurt box's HD via CD read or over a direct box-to-box connection. Unfortunately, easiest way to get rid of error and get to normal boot will probbaly break your networking, so the repair install (AKA quick install, which is a recovery via CD installation that will fix some things including some networking which is involved in this) from a full retail CD of XP might be best. If you can repeat the rollback and get on the web long enough to apply the fix, you can get rid of part of your problem that way also.

    ADDED AND MODIFIED after more looking: If not, have hubby help fix if this is at all possible-- the fix is to edit the registry in safe mode, and that gets complex. He needs to remove registered links using lsass.exe to download things. These are entries that are in the registry to fix so you can patch if the direct patch load does not pull them for you. I could give you examples, but there are many possible ways to get what you have, he needs to look at the registry for web calls that invoke lsass.ex with a substring that includes '+lsass.exe' and pull only the web call registry entries. This one is not your fault, someone exploited a hole.

    Basicly, once it is back up, the preventive fix is explained in Microsoft Security Bulletin MS04-007. There is a hole in ASN 1.0, which comes with XP. One of the things this hole lets remote folks do is feed things that overflow lsass.exe (and get them entered into the registry to load at startup) and that is part of what might be happening here. You can also look up KB828028 at Microsoft.com and there will be a download link for a new version of ASN that will patch this (should end up with ASN 3.0 after installing download on XP), and there are also other things that patch fixes. That patch will help keep this from happening again once it is fixed this time.

    Microsoft is grading this one a critical patch. I recommend everyone with 2000 or XP read KB828028 if it is not on WindowsUpdate openly yet (new installs like mine day before yesterday of XP SP1a DID get it on first update run).

    For those of you who are interested, look at http://cve.mitre.org/ , then click the index, choose to search the cve stuff (it is (might still be when you look, might be accepted in the meantime) a CVE candidate), and the search of the cve list will pull it up, and use keyword lsass.exe . Follow the links (via cut-n-paste into a browser tab or window address bar), they show major discussions that make sense--above and beyond what Microsoft explains.

    John D.
  • LeonardoLeonardo Wake up and smell the glaciers Eagle River, Alaska Icrontian
    edited February 2004
    For Windows files check: go to either Windows Explorer or My Computer, right click on your drive C:, select properties, select tools at the tab above, select "Check Now" button at "Error-checking". After that selection, there will be two boxes - check them both. You will probably get a message during the operation that states your computer has to be restarted for the file checking to complete. Do restart the computer.

    If this doesn't fix the problem, then you should try re-installing Windows XP in repair mode (I believe I said "restore" mode last time). If you do have a "Restore Point" where everything worked, you could try that as well, but you would lose any settings changes you've made since that restore point. A re-installation of Windows in "Repair" mode will not change your settings or remove any data.
  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited February 2004
    Leonardo, the way the problem happened is that there is a way to induce lsass.exe to have a work heap overflow. When that happens, it is quite possible for bad code to be pushed through a registered pipe created in registry. File check is a good preventive thing (and also a good idea), but the reg keys are what it is yelling about, and it is lsass.exe which has been put in an error state that is hanging the boot.

    The ANS1 patch and upgrade eliminates the exploit and the overflow possibility. This problem was first found in July, 2003, and the finder agreed to keep silent until Microsoft could fix it. In fact, the finder helped get it fixed also. It was submitted as a CVE candidate in August, 2003, AFAIK (I have seen different dates at different times, think it was submitted more than once).

    John D.
  • LeonardoLeonardo Wake up and smell the glaciers Eagle River, Alaska Icrontian
    edited February 2004
    John, where we are at now is helping the lady get her system fixed an running. Yes, I understand - the problem may recur for her if she doesn't fix the root cause. Nevertheless, we need to get her up and running.
  • dragonV8dragonV8 not here much New
    edited February 2004
    G'day guys. As some of you will know, i'm Jon, Sally's MUCH better half.
    As i just flew back in from the minesite, i found she has this problem. As per my avatar comment, "I don't know very much". I/we certainly appreciate all the help/advise we are getting from you folks. At the moment i am not real sure where Sally is at, fixing this problem. She said something about it last night, but as i just finished night-shift i'm not thinking very clearly.

    I do know her puter is running at the moment, so hopefully it's ok.
    Very shortly, a backup will be done of the existing puter data and then i will be taking the case to our local puter shop for a planned upgrade. I have been led to believe there will be a format and fresh install of XP as the mobo, ram and cpu will all be replaced.

    Presently it is a PIV 2.4g , 512m ram and when we get it back it will be PIV 3.2g , 1G ram. New mobo will be HT, so with all this in mind, my little bit of knowledge is hoping we may possibly be DELETING the root cause of her problem.

    I do know she is learning about all of this stuff at a rate that is astonishing me. When i ask about a problem with my laptop, she makes more sense than a computer salesperson. Not too bad for someone her age. Womans perogaritive to keep it secret.
    All i can say is, she is just a few years younger then me, and i have just turned 57, hehehe.

    Thanks for helping guys. Hopefully after today's work all will be well. We will keep you informed as to how it goes.

    Cheerio Jon
  • edcentricedcentric near Milwaukee, Wisconsin Icrontian
    edited February 2004
    Jon (and Sally), I am glad to see someone else here that is not 'just out of school'. There are actually quite a few of us that have been around a while and are still rather new to the hardware.
    I look forward to seeing both of you around these forums.
    ed
  • DonDanielsDonDaniels
    edited December 2006
    For the boot problem "lsass.exe System Error: The endpoint is invalid" create a new pagefile on another disk while setting the current disk(s) to no pagefile, then reboot the system. Once fixed, you can delete the old pagefile(s) and recreate original setting(s). Contact D2 at GAP dot NET for more info.
  • HeadHurtBadHeadHurtBad
    edited November 2007
    had same problem, googled to here, DonDaniels suggestion about swapping pagefile to different disk worked. btw puta in spanish means prostitute.
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited November 2007
    HeadHurtBad wrote:
    btw puta in spanish means prostitute.

    lol. Thanks for letting us know :D

    Glad it worked out for you. Many land here from google, few stay, but those who do really are better for the experience.

    Stick around! :cool2:
  • HeadHurtBadHeadHurtBad
    edited November 2007
    With all the different ways a computer can stop working, it's good to find an answer that fixes the problem. That usually means I'll be lurking, in hopes of helping somebody back.
Sign In or Register to comment.