Yesterday morning I booted my laptop and it stopped with the following message "lsass.exe object not found"
When I click OK the laptop reboots and stops at the same place.
Safe mode stops at the same point.
Am not interested in reformatting.
Any suggestions?

Cheers haha good luck buddy who knows what else it is infected with. Also run some kind of Anti Virus software to see if you have anything else.

Thanks for responding.
My computer will not boot into windows.
The instructions for SASSGUI imply it needs windows to run.
Were you referring to SASSSFX.exe?

Your computer is infected with the Sasser Virus. Here's a removal tool you can put on a floppy disk and run from there:

http://www.sophos.com/support/disinfection/sasser.html

After that you should follow the instructions in this Microsoft article:

http://www.microsoft.com/security/incident/sasser.asp

After that, have a read of the hints in the 'Helping Yourself' stickied topic in the 'Security' section of this forum.

Cheers

The instructions for that utility include a description of how to load it onto a floppy disk, boot into DOS from floppy, and clean the system from the command prompt.

I've used the utility successfully in that exact fashion.

If you can't boot into Windows because of LSASS.exe, you might just want to reconsider getting all of your data off of the drive and reinstalling Windows.

You can use the Windows disc to reinstall the file, or the files associated with it, but I've never had any luck. Alternatively, you could try a repair reinstall.

The instructions for that utility include a description of how to load it onto a floppy disk, boot into DOS from floppy, and clean the system from the command prompt.

I've used the utility successfully in that exact fashion.

I've got an HP notebook running WinXP Home with the sasser on it. There is no way to boot XP (lsass.exe not found). Can you post a link or copy those instructions you're talking about??
I don't think it is possible to boot from DOS and read/write onto an NTFS partition, much less to run an XP executable.

Please, next time you post, think first.

Hey all! I ran into some trouble while overclocking my PC. I came across a fix that I'm sure will help someone here someday so I'm posting it. I hope if it saves you like it saved me and that you will mention it here. This works a whole lot better than having to do a full reinstall and takes less than a quarter of the time. Here is a huge document I made that pretty much says it all but I want to be clear. This is a last ditch effort to recover a system that boots but won't even let you log in before it makes you reboot or just simply crashes. Here it is:

Before you read anymore PRINT THIS NOW. To use these instructions you must have the following at your fingertips or you will fail:

1. A Windows XP CD that matches the version on your computer meaning if you run XP Pro, then have an XP Pro CD on hand. If it is XP Home then have an XP Home CD on hand. I don’t think it matters if you have upgraded to SP2 since you initially installed your CD that may have been a pre SP1 version or even an SP1 version. Just make sure that Pro is for Pro and Home is for Home.

2. You MUST know the “Administrator” password for your computer. Normally you either know it by heart or it is blank meaning no administrator password was set or it is simply the word administrator. Here is a link that can help you to determine what it is though I’m just adding this link and have never used it before so I don’t even know if the link is still valid. Here is the link which I have no association to other than showing you where it is:

http://www.petri.co.il/forgot_admini...r_password.htm

3. Make sure your computer is set to boot from the CD-ROM first and then from the hard drive.

4. (Optional) If you have a friend that you know is pretty good with computers please let them do this instead of you. Make sure to tell them that you won’t hold them accountable if it fails and completely crashes and becomes unrecoverable data but hey, what choice do you have at this point?

Here is just a little history of why I made this document:
I made some hardware changes to my computer and after a standard reboot to save changes the computer restarted but between the screens were it normally says starting Windows XP and the next screen which would normally have been the user login screen, a small box appeared. The box itself was titled “lsass.exe – System Error” and in the box itself it said “Object not found” and just beneath that line in the same box there was a button that simply said “OK”. My only option was the button so I clicked it and my PC rebooted again and did the exact same thing over and over and over etc. etc.

I looked up this error on the Internet and found several different reasons as to why it might occur. The most common was from a virus but I knew that I had already had protection from this virus long before it ever seemed to show up on my machine. I kept reading about the several different ways that this happened to others and the multitude of solutions that were offered though often under each solution the next post would be about how someone tried the solution and it failed.

One of the solutions caught my eye though. The problem that was described sounded exactly like my error and they (the author), said they were able to restore their system fully. I reviewed the process and unlike all of the other solutions, it didn’t seem too complex nor was it more cumbersome that actually reinstalling the entire operating system and trying to restore all of my additional programs so I printed out the directions and sat down ready to go to war against my computer in order to make it work again!!!

There were numerous errors in the directions from beginning to end but because I have lots of experience in the computer field I was able to tell what they meant to say and I worked around the faulty directions and completed the task which did in fact restore my PC to a restore point just 1 day prior to when I made some change that apparently broke my computer’s
operating system. I found the original document that was written by a guy named “Charlie White” to be very helpful and felt it should be shared with others since it helped me and could (hopefully), help resolve so many other computer user’s problems if they were at their last straw.

If you have a PC running Windows XP that can at least start up before it errors to the point of not being useable, then this may be of great use to you. Windows XP by default takes a snap-shot of itself each day. That snapshot is called a restore point and usually Windows XP keeps about the last 30 days worth of restore points saved on the hard drive. The concept is
that in the event that you add a program or make some sort of a change that messes up your computer so badly that you simply can’t work with it under those conditions that if the PC still functions enough to start up, you can go to a point sometime in the last 30 days when your PC still functioned properly and select for the PC to load that snapshot over it’s current bad configuration thus making your PC run as if you never made the mistake that may have caused your PC to mess up in the first place. Yes, just like going back in time to when your computer was still working well! This does work pretty well normally but for me the computer wasn’t even able to get to the login screen so selecting a restore point wasn’t an option.

I had also already tried to start up in “Safe Mode” which gave me the same error and I tried to start up using the “Last known good configuration”. It failed as well giving me the same error. At that point, I had already exhausted every other little trick I knew to get into my computer so I thought why not give one of the resolutions I read about a try. I had nothing to lose since at this point a full system rebuild seemed like the only fix. The method I describe is the only one I found where it worked and it didn’t install XP over itself again making duplicate files and all of that stuff that takes forever to straighten out.

This process simply does this: It allows you to manually start up your computer with a restore point already installed as if you were able to do this the normal way in the first place. You can’t restore your PC to a previous restore point without getting into Windows XP first or at least you can’t unless you follow these directions! Just in case you don’t trust me, here is a link to the original document that I modeled my instructions from:

http://www.digitalwebcast.com/articl...le.jsp?id=8658 . If you choose to trust me, it’s time to get your PC
running. Something to consider here is this: If you just installed a new piece of hardware in your computer, you might remove it and or put back what you replaced and then try to reboot one more time before trying this. If there was no new hardware installed that may have caused this problem then get ready to start here! Be ready because this should take about 45 minutes which is still way shorter than completely reinstalling XP and all of your programs not to mention doing it like this won’t make you lose anything you had before on this computer!

Note that this procedure assumes that Windows XP is installed to the C:\Windows folder. If you installed Windows to a different location, make sure to change C:\Windows in the following directions to the appropriate windows folder if it's at a different location. Copy commands will show you they completed successfully by showing you a message saying "file copied".
The delete commands just move on to the next line but won’t say that they happened or not. Just assume they did provided you type each command I give you exactly as I have them listed. I've separated each command by an empty line. Type the whole command in one line and when you've finished typing that command hit the Enter key.

Start Here!

Get the Windows XP CD you used to install your operating system. Put the XP CD in your CD drive and restart the computer once you have confirmed it will boot from the CD-ROM first and then from the hard drive. When it says "press any key to boot from CD," press any key. At first it will look like you are reinstalling but you aren’t at all. XP is simply loading enough files for it to be able to function since the original files are still corrupt that are on the hard drive. Wait during this process. Don’t select anything until it stops loading files and a screen will come up asking you if you want to Setup Windows or Repair Windows XP. Press R to Repair which will launch the Recovery Console which looks like this:

_________________________________________________________________
Microsoft Windows XP<TM> Recovery Console

The Recovery Console provides system repair and recovery functionality.
Type EXIT to quit the Recovery Console and restart the computer.

1: C:\WINDOWS

Which Windows Installation would you like to log onto
(To cancel, press ENTER)?

_________________________________________________________________

(Make sure your Num Lock is on if you use the number key pad on the right of your keyboard) Select the number which corresponds to the operating system location you were using which broke and then hit enter, (Usually this is the number 1). Now it asks you for your administrator password. Enter your administrator password, and then hit enter. If you entered the correct password then you will get a C:\Windows prompt on the screen. That means you’re in! By the way, if you don't know your administrator password, just try hitting the Enter key. If that doesn't work either then go to the following site and get the necessary tools to get you in:

http://www.petri.co.il/forgot_admini...r_password.htm

(In my case, even though I knew and entered my administrator password it still said it was wrong because the file that kept that information was now corrupt. I used my own program that allowed me to reset my admin password then I continued)

In this step, we are going make a new directory on your hard drive and store some files there as back-ups in case this process doesn’t work for you. That way you’ll still have all of the original files and can at least restore your computer to its exact current BROKEN status as if you never tried this!
On your monitor you should be looking at a prompt that looks like this:
c:\windows>
Add md tmp to the prompt to make it look exactly like this and then hit enter: (Remember to hit enter at the end of each command line below)
c:\windows>md tmp
cd c:\windows\system32\config (now your prompt on the screen should look like this: c:\windows\system32\config>

copy default c:\windows\tmp\default

copy sam c:\windows\tmp\sam

copy security c:\windows\tmp\security

copy software c:\windows\tmp\software

copy system c:\windows\tmp\system

ren default default.her

ren sam sam.her

ren security security.her

ren software software.her

ren system system.her

OK! So far you have copied the last original (broken) copies of the startup files to a back up location and you then renamed
the originals to have new names so Windows won’t touch them anymore. Now we want to go and get a fresh set of original start up files from a place on your hard drive that they were put when XP was originally installed. They were put here for exactly what you are doing now. Here we go…

cd ..\ ( Note that this is typed out as cd space dot dot backslash )

cd ..\ ( Note that this is typed out as cd space dot dot backslash again )


So now your prompt should look like this: C:\windows>


cd c:\windows\repair (Now your prompt should look like this: c:\windows\repair )

copy c:\windows\repair\system c:\windows\system32\config\system

copy c:\windows\repair\system\software c:\windows\system32\config\software

copy c:\windows\repair\system\sam c:\windows\system32\config\sam

copy c:\windows\repair\system\security c:\windows\system32\config\security

copy c:\windows\repair\system\default c:\windows\system32\config\default

exit ( Yes, type in the word exit )

The computer should reboot now and yes it will ask again for you to press any key to boot from the CD. Don’t press anything yet. Let the PC start up normally but understand that we aren’t done yet which is why it will look very strange. Just keep following the directions. You are getting very close to seeing your PC work again like it did before it broke. Wait for a while and give the computer some time to start up all of the way. Usually a couple of minutes are good to let it boot up.

Now we are going to copy the saved repair files you copied earlier into the right spot so the computer will use them properly. We will be using the actual System Restore from within windows now that you are in. The Restore folder is usually made to be very hard to find but I’ll tell you how to find it now. Note that at this point I was forced to use a program I had again that allowed me to reset my administrator password because no matter what I put in, it said it was wrong. If a bubble pops up talking about your video settings being awful say OK to let it auto configure your video settings. Say yes again to confirm the settings work and are OK to keep.

Right click on the start button in the task bar and then when the menu of options appears select Explore. Now, click on tools in the file menu then folder options and then select the view tab.

Under Hidden files and folders, select “Show hidden files and folders”.
Now scroll down some and put a check in the box that says “Show contents of system folders”. Click to clear the "Hide protected operating system files (Recommended)" check box. (Take the check out of the box)

Click “Yes” when the box pops up asking you to confirm that you want to display these files. Click Apply and then click OK.

Double-click the drive where you installed Windows XP to view the list of the folders inside of it.

Locate the “System Volume Information folder. This folder appears faded because it is normally set as a hidden folder.

Double click the “System Volume Information” folder. If the folder opens for you, skip down to the paragraph that starts with “The System Volume Information” folder is now opened. If you got an error saying access is denied, do the following:

Right click on the “System Volume Information” folder and select the Sharing and Security option. Then click the Security tab if there is one. (If there is no security tab available to select then skip down to the paragraph that starts with “But what if no security tab is available to select?” If you do see a security tab then click Add, and then in the box that says "Enter the object names to select," type the name of the user that's at the top of the Start menu which is probably you. Make sure you type the name the way it's listed on the Start Menu. I made the mistake of typing my first name only and it wouldn't let me in. Type first and last name if that's how it's written on the top of the Start menu. After you've typed that in, click OK until you are back to looking at the folder that wouldn’t let you in and double click it again to open it.

You should be in it now. If not then you didn’t type the name exactly as it is listed on top of the start menu. It has to be the same for the folder to open for you.

“But what if no security tab is available to select?” Do this: Click to put checks in BOTH checkboxes in the "Network sharing and security" area. One of them is labeled "Share this folder on the network" and the other is labeled "Allow network users to change my files." Change the share name from “System Volume Information to something short, like SysVolInf as in only the first three letters of the words “System and Volume and Information. Click Apply and you will get an error possibly. If you get the error then just do it again and it will let you in the second time. Put a star next to this section on your print out because you’ll want to come back after you are restored and make sure to put this back to the way it was if the restore doesn’t do it for you. Just double check this when you’re running again is all I’m saying. Double click the folder now to get in it.

“The System Volume Information folder is now opened.” This folder may contain one or more folders with names like this”

_restore{F4EB0E83-91FF-4B7D-ABC2-287358719EAE}”

Right click on each of them and note the date they were created. You DON’T want the one created with today’s date and time.

Open the one that doesn’t have today’s date and time but is closest to the latest date before the problems happened. Inside are several folders with names like RP37, RP38, and RP39 etc. These are each a separate restore point. Go up to the file menu and select view. When the drop down menu opens select “Details”. Now you can see the dates of when each of these was created listed next to them. Double click on the one that has the date
that was one day before you started having trouble with your computer. So as an example if your computer died last Saturday on June 18 of 2006 then you would most likely want to open the folder that was created on Friday, June 17, 2006 which as you see was the day before the computer broke.

Now that you have opened the RP******* folder: Find and open the “Snapshot” folder. Select view from the file menu again and select details from the drop down menu so you can read the file names more easily. Copy the following files from this “Snapshot” folder to the C:Windows\Tmp folder using the copy/paste process or however you know how to do this to get them copied from here to there. Here is the list of files to copy:

_registry_user_.default
_registry_machine_sam
_registry_machine_security
_registry_machine_software
_registry_machine_system

You are getting very close to being done so hang in there! Make sure your Windows XP CD is still in the drive and restart

Windows making sure to hit any key this time when it tells you to do that to boot from the CD. Once it finishes with that long start up process again you’ll have those same options again like before. Press R to select Repair using the Recovery Console. Again, make sure your num lock is on if you use the number keypad on the right of your keyboard and then select the number that best describes the location of where you installed Windows XP to. Enter your admin password when prompted to do so. Now, you are again looking at a c:\windows> prompt.

Type in cd c:\windows\system32\config and hit enter so that your prompt should now look like c:\windows\system32\config>

From within Recovery Console, type the following commands:
del default
del sam
del security
del software
del system

cd ..\
cd ..\
cd tmp ( now your prompt should look like this: c:\windows\tmp> )

copy _registry_user_.default c:\windows\system32\config\default (Notice the period (".") before the word default in the first parameter)

copy _registry_machine_sam c:\windows\system32\config\sam
copy _registry_machine_security c:\windows\system32\config\security
copy _registry_machine_software c:\windows\system32\config\software
copy _registry_machine_system c:\windows\system32\config\system

If you can, remove the Windows XP CD from the CD-ROM now.

Type exit and your computer will reboot into whichever restore point you chose. Now you're done except that you may want to reset your current time and go back up to where I told you to mark that spot where you will make sure that the sharing isn’t still turned on for the System Volume Information folder. I hope this saved your butt. Always help others when you get a chance. If this helped and you are really-really grateful, please tell us about it on the forum at www.Hermskii.com and if you find an error in this please let me know.

Thank you,

Hermskii

Or

You can carry the cut n' paste routine on the disk if you mount in another PC

Browse to C:\WINDOWS\system32\config

Create a origdate ie orig7621 easy to spot and find

Back up the existing files! to a origdate by copying them

Use the trick to share the system volume infomation
(Heminski 's Words)
Right click on the “System Volume Information” folder and select the Sharing and Security option. Then click the Security tab if there is one. (If there is no security tab available to select then skip down to the paragraph that starts with “But what if no security tab is available to select?” If you do see a security tab then click Add, and then in the box that says "Enter the object names to select," type the name of the user that's at the top of the Start menu which is probably you. Make sure you type the name the way it's listed on the Start Menu. I made the mistake of typing my first name only and it wouldn't let me in. Type first and last name if that's how it's written on the top of the Start menu. After you've typed that in, click OK until you are back to looking at the folder that wouldn’t let you in and double click it again to open it.

You should be in it now. If not then you didn’t type the name exactly as it is listed on top of the start menu. It has to be the same for the folder to open for you.

“But what if no security tab is available to select?” Do this: Click to put checks in BOTH checkboxes in the "Network sharing and security" area. One of them is labeled "Share this folder on the network" and the other is labeled "Allow network users to change my files." Change the share name from “System Volume Information to something short, like SysVolInf as in only the first three letters of the words “System and Volume and Information. Click Apply and you will get an error possibly. If you get the error then just do it again and it will let you in the second time. Put a star next to this section on your print out because you’ll want to come back after you are restored and make sure to put this back to the way it was if the restore doesn’t do it for you. Just double check this when you’re running again is all I’m saying. Double click the folder now to get in it.


copy a good set of

copy _registry_machine_sam c:\windows\system32\config\sam
copy _registry_machine_security c:\windows\system32\config\security
copy _registry_machine_software c:\windows\system32\config\software
copy _registry_machine_system c:\windows\system32\config\system


to the C:\WINDOWS\system32\config directory

Delete the existing ones and rename the new files to sam,security,software,system

shut down and replace the drive in the original PC, boot the PC
Takes about 15 mins including remounting the disk back to the PC

I bet this a good fix for one or to other nasty problems!

Or

You can carry the cut n' paste routine on the disk if you mount in another PC

Browse to C:\WINDOWS\system32\config >>>>>
etc.
>>>>>to the C:\WINDOWS\system32\config directory

Delete the existing ones and rename the new files to sam,security,software,system

shut down and replace the drive in the original PC, boot the PC
Takes about 15 mins including remounting the disk back to the PC

I bet this a good fix for one or to other nasty problems!

sir
will this work when loading xp pro onto an older system asus bx600 mhz board with same error? loads files procedes to install setup then isass.exe error object not found ok only option then reboot
4 drive cubx board have hd master cd slave prime master slave ran 98 fine any ideas? thanks

It will work provided the os has already been installed on the hardware(m/board/cpu/memory/drive/vga cont')
Try stripping the system to basics, no nuthing extras (USB ports, additional cards, FDD provided you don't need to supply drive controller files etc) basic basic PC OK from scratch install format drive after backup! set the m/board to optimum/fail safe defaults. Fails? this then try another disk if you have one. Good luck

i just had this problem. I lucked on a way to get into the system as normal. at my login screen i got the same message lsass not found and went around the reboots and tried booting from windows disc to no avail. I had given up and was retrieving the windows cd when i thought i'd have just one more go at logging in. this is what made it work....When that error message comes up with the red X and the OK box our instinct is to click OK or try and click it out by the top right X. Leave it sitting there. Move it aside if you have to then make sure your cursor is in the login box and type your password. Hit enter. For me...my sytem then started and my normal desktop came up. All the while that error message is sitting on top. Just move it aside. Once in i was able to get rid of the message by clicking it out at the top right X but you could just leave it there and work around it. I was able to do a system restore to a point 2 days earlier and everything is now 100%. Other things i tried before restore. I downloaded a Norton Sasser fixer which scanned every file over 15 minutes and found nothing. I tried resetting the system 32 files by renaming and replacing the security file but it never let me because it said the file was in use. Couldn't get a boot into safe mode. I count myself lucky compared to what i've been reading so i hope it works for someone else. Don't acknowledge the error message. Just login and restore.

Maybe you should try doing a Windows XP repair installation ...
Your data is left intact...

Maybe you also want to backup your data first, use a linux live cd for that purpose...

i just had this problem. I lucked on a way to get into the system as normal. at my login screen i got the same message lsass not found and went around the reboots and tried booting from windows disc to no avail. I had given up and was retrieving the windows cd when i thought i'd have just one more go at logging in. this is what made it work....When that error message comes up with the red X and the OK box our instinct is to click OK or try and click it out by the top right X. Leave it sitting there. Move it aside if you have to then make sure your cursor is in the login box and type your password. Hit enter. For me...my sytem then started and my normal desktop came up. All the while that error message is sitting on top. Just move it aside. Once in i was able to get rid of the message by clicking it out at the top right X but you could just leave it there and work around it. I was able to do a system restore to a point 2 days earlier and everything is now 100%. Other things i tried before restore. I downloaded a Norton Sasser fixer which scanned every file over 15 minutes and found nothing. I tried resetting the system 32 files by renaming and replacing the security file but it never let me because it said the file was in use. Couldn't get a boot into safe mode. I count myself lucky compared to what i've been reading so i hope it works for someone else. Don't acknowledge the error message. Just login and restore.

Thanks but Well I have already solved it my doing the 'Out of the box' trick with basically a manual restore by going back to a previous registry copy hopefully if you have to do it pick a date when you can reasonably be sure of the stability of the system. If all else fails (as nobody uses the system repair backup to create on going copies in the system repair directory) you can use the original files found in the \WINDOWS\repair directory it should take the system back to the beginning of the mists of time when all was fresh and new. Very useful occasionally if you want to take a system back to a clean state before anyone installed anything, you may have to reactivate the o/s so check to make sure you have the COA or a correct COA to hand, thanks again anyway

Quote Be careful when you ask out loud for something, you do not know who or WHAT might be listening' (T Pratchett)

Yes it will work but it doesn't as well as the Out of the box trick as that leaves all the user setting, data and everything else as it was. Anyway the value of the data on the system = time to recover the data X the salary of the entity or person doing it.
If you ever want to assess the value of the data try that.

Bearing that in mind ! Working on clients systems do you ever ask 1) Is it backed up? 2) When was it Backed up 3) Do you belive them? 4) Take an image of the hard drive before you start?
Survival as an IT consultant can hinge on the replies....

Awsome tutorial Hermskii - worked great for me, thank you.
I turned my laptop on this morning and got that lsass.exe error and could not boot up:angry:; read a bunch of stuff on the web about how you have to reformat the HD, etc..., and then I read your fix. I followed your instructions step by step and as you can see, I'm back to normal. I have not tried to shut down and restart my PC yet, I wanted to thank you while it works :icon_lol:. This is my work PC so it had to be fixed quickly.
The only difference I encountered while following your steps is when I had to "copy c:\windows\repair\system\software c:\windows\system32\config\software", the prompt would tell me that file wasn't present, so I typed a DIR and found out that software, default, sam and security are not within the "system" folder but in the "repair" folder, so I changed this portion to : copy c:\windows\repair\software............
instead of copy c:\windows\repair\system\software............, and same thing for sam, security, etc...
Beside that, worked just fine. Thanks again
azur10

Restoring from the repair folder will invariable return the system to when these repair files where created often as 'new' for the system. You could update these files once apon a time! If you only want the system back few days or weeks use the ones from the System Information folder.

Be careful of what you ask for you don't know who or what might be listening......

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.