lsass.exe error....Puta wont boot
Jonshandbrake
PERTH, WESTERN AUSTRALIA Member
G'day to everyone and I thank you in advance for any help you can give.
I'm not too sure of my puta's internals as my hubby has all that info in his head. I know it is a P4 272mhz something with 80 & 60 gig Hard drives. OS is windows XP home edition
Well I am experiencing a bootup problem. I keep receiving the error message "lsass.exe The endpoint format is invalid" then the system just stays on this black blank screen with this error message. I keep restarting, the system almost logs on then the same error message pops up again.
I have restarted in safe mode and done a system restore twice to take the system back to when it worked correctly. The system restores both worked and reinstalled the system to an earlier date and time but it didn't fix up the lsass.exe problem. I can only log on now in safe mode.
Please help.......is there a fix or a patch that can fix my problem
Hugs
Sally
I'm not too sure of my puta's internals as my hubby has all that info in his head. I know it is a P4 272mhz something with 80 & 60 gig Hard drives. OS is windows XP home edition
Well I am experiencing a bootup problem. I keep receiving the error message "lsass.exe The endpoint format is invalid" then the system just stays on this black blank screen with this error message. I keep restarting, the system almost logs on then the same error message pops up again.
I have restarted in safe mode and done a system restore twice to take the system back to when it worked correctly. The system restores both worked and reinstalled the system to an earlier date and time but it didn't fix up the lsass.exe problem. I can only log on now in safe mode.
Please help.......is there a fix or a patch that can fix my problem
Hugs
Sally
0
Comments
Would a system repair work???? I know how to do this
Regards
Sally
ADDED AND MODIFIED after more looking: If not, have hubby help fix if this is at all possible-- the fix is to edit the registry in safe mode, and that gets complex. He needs to remove registered links using lsass.exe to download things. These are entries that are in the registry to fix so you can patch if the direct patch load does not pull them for you. I could give you examples, but there are many possible ways to get what you have, he needs to look at the registry for web calls that invoke lsass.ex with a substring that includes '+lsass.exe' and pull only the web call registry entries. This one is not your fault, someone exploited a hole.
Basicly, once it is back up, the preventive fix is explained in Microsoft Security Bulletin MS04-007. There is a hole in ASN 1.0, which comes with XP. One of the things this hole lets remote folks do is feed things that overflow lsass.exe (and get them entered into the registry to load at startup) and that is part of what might be happening here. You can also look up KB828028 at Microsoft.com and there will be a download link for a new version of ASN that will patch this (should end up with ASN 3.0 after installing download on XP), and there are also other things that patch fixes. That patch will help keep this from happening again once it is fixed this time.
Microsoft is grading this one a critical patch. I recommend everyone with 2000 or XP read KB828028 if it is not on WindowsUpdate openly yet (new installs like mine day before yesterday of XP SP1a DID get it on first update run).
For those of you who are interested, look at http://cve.mitre.org/ , then click the index, choose to search the cve stuff (it is (might still be when you look, might be accepted in the meantime) a CVE candidate), and the search of the cve list will pull it up, and use keyword lsass.exe . Follow the links (via cut-n-paste into a browser tab or window address bar), they show major discussions that make sense--above and beyond what Microsoft explains.
John D.
If this doesn't fix the problem, then you should try re-installing Windows XP in repair mode (I believe I said "restore" mode last time). If you do have a "Restore Point" where everything worked, you could try that as well, but you would lose any settings changes you've made since that restore point. A re-installation of Windows in "Repair" mode will not change your settings or remove any data.
The ANS1 patch and upgrade eliminates the exploit and the overflow possibility. This problem was first found in July, 2003, and the finder agreed to keep silent until Microsoft could fix it. In fact, the finder helped get it fixed also. It was submitted as a CVE candidate in August, 2003, AFAIK (I have seen different dates at different times, think it was submitted more than once).
John D.
As i just flew back in from the minesite, i found she has this problem. As per my avatar comment, "I don't know very much". I/we certainly appreciate all the help/advise we are getting from you folks. At the moment i am not real sure where Sally is at, fixing this problem. She said something about it last night, but as i just finished night-shift i'm not thinking very clearly.
I do know her puter is running at the moment, so hopefully it's ok.
Very shortly, a backup will be done of the existing puter data and then i will be taking the case to our local puter shop for a planned upgrade. I have been led to believe there will be a format and fresh install of XP as the mobo, ram and cpu will all be replaced.
Presently it is a PIV 2.4g , 512m ram and when we get it back it will be PIV 3.2g , 1G ram. New mobo will be HT, so with all this in mind, my little bit of knowledge is hoping we may possibly be DELETING the root cause of her problem.
I do know she is learning about all of this stuff at a rate that is astonishing me. When i ask about a problem with my laptop, she makes more sense than a computer salesperson. Not too bad for someone her age. Womans perogaritive to keep it secret.
All i can say is, she is just a few years younger then me, and i have just turned 57, hehehe.
Thanks for helping guys. Hopefully after today's work all will be well. We will keep you informed as to how it goes.
Cheerio Jon
I look forward to seeing both of you around these forums.
ed
lol. Thanks for letting us know
Glad it worked out for you. Many land here from google, few stay, but those who do really are better for the experience.
Stick around!