lsass.exe

  1. 02-02-2005  #1
    smokefaerie
    smokefaerie is offline Junior Member

    lsass.exe

    having a problem among 6 networked computers. during use they come up with an error msg as follows:

    "This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shut down was initiated by NT SYSTEM

    Time before shutdown: 00:00:39

    Message

    The system process 'C:\WINNT\system32\lsass.exe' terminated unexpectedly with status code 128. The system will now shut down and restart."

    Hope you can help.

  3. 02-02-2005  #2
    brain_damage
    brain_damage is offline D-A-L Team Member (UK)
    Just did a bit of googling on the error ..........and it came up with the sasser worm...........
    http://www.microsoft.com/security/incident/sasser.mspx
  4. 02-02-2005  #3
    owen
    owen is offline D-A-L Team Member (UK)
    Quite correct jeff
  5. 23-04-2005  #4
    vijaysaraf
    vijaysaraf is offline Newbie
    i am also suffering by same problem .
    pls help
  6. 23-04-2005  #5
    vijaysaraf
    vijaysaraf is offline Newbie
    This Is My logFile :

    Logfile of HijackThis v1.99.1
    Scan saved at 3:55:04 PM, on 4/23/2005
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\SQLLIB\bin\db2jds.exe
    C:\Program Files\SQLLIB\bin\db2licd.exe
    C:\Program Files\SQLLIB\bin\db2sec.exe
    C:\IBM\IBM HTTP Server\Apache.exe
    C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    C:\IBM\IBM HTTP Server\Apache.exe
    C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    C:\PROGRA~1\SQLLIB\bin\IWH2LOG.EXE
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
    C:\PROGRA~1\SQLLIB\bin\IWH2SERV.EXE
    C:\WINNT\TEMP\JO7C0E.EXE
    C:\PROGRA~1\SQLLIB\bin\DB2NDMGR.EXE
    C:\WINNT\Explorer.EXE
    C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
    C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\IBM\IMNNQ\HTTPDL.exe
    C:\PROGRA~1\IBM\IMNNQ\imnsvdem.exe
    C:\Lotus\Notes\NLNOTES.EXE
    C:\Lotus\Notes\nhldaemn.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINNT\System32\svchost.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.8.53.59:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.*;*.ril.com
    ;<local>
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: 0 - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINNT\system32\a.ocx (file missing)
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - Global Startup: Start HTML Search Server.lnk = C:\Program Files\SQLLIB\bin\db2nq.exe
    O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O14 - IERESET.INF: START_PAGE_URL=about:blank
    O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://10.8.53.208/officescan/Client...l/WinNTChk.cab
    O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://10.8.53.208/officescan/client...l/setupini.cab
    O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://10.8.53.208/officescan/clientinstall/setup.cab
    O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://10.8.53.208/officescan/client...RemoveCtrl.cab
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) -
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dakc.ril.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4F1DC0CA-527D-45EE-8236-0F72F02A8EBD}: NameServer = 10.8.53.239,10.8.53.241
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dakc.ril.com
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4F1DC0CA-527D-45EE-8236-0F72F02A8EBD}: NameServer = 10.8.53.239,10.8.53.241
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dakc.ril.com
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4F1DC0CA-527D-45EE-8236-0F72F02A8EBD}: NameServer = 10.8.53.239,10.8.53.241
    O23 - Service: DB2 - DB2 (DB2) - International Business Machines Corporation - C:\PROGRA~1\SQLLIB\bin\db2syscs.exe
    O23 - Service: DB2 JDBC Applet Server - Control Center (DB2ControlCenterServer) - Unknown owner - C:\Program Files\SQLLIB\bin\db2ccs.exe
    O23 - Service: DB2 - DB2CTLSV (DB2CTLSV) - International Business Machines Corporation - C:\PROGRA~1\SQLLIB\bin\db2syscs.exe
    O23 - Service: DB2 - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\PROGRA~1\SQLLIB\bin\db2syscs.exe
    O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2govds.exe
    O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
    O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2licd.exe
    O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: IBM WS AdminServer 4.0 - Unknown owner - C:\IBM\WebSphere\AppServer\bin\adminservice.exe
    O23 - Service: IBM HTTP Administration (IBMHTTPAdministration) - Unknown owner - C:\IBM\IBM HTTP Server\Apache.exe
    O23 - Service: IBM HTTP Server (IBMHTTPServer) - Unknown owner - C:\IBM\IBM HTTP Server\Apache.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
    O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
    O23 - Service: Warehouse server (vwkernel) - Unknown owner - C:\PROGRA~1\SQLLIB\bin\IWH2SERV.EXE
    O23 - Service: Warehouse logger (vwlogger) - Unknown owner - C:\PROGRA~1\SQLLIB\bin\IWH2LOG.EXE
+ Reply to Thread
« Major Malfunction | screen yellow »