Lsass.exe System error XP Home SP2

Did you manage to solve this problem? I am having exactly the same problem
but this is the first system I have attempted to build. Everything was going
fine then this error message started to appear. It goes on to restart the PC
2 or 3 times then you can get past it and log on to windows ok! I havent got
as far as installing a modem so I am baffled as to the cause. HELP!

"My Toy" wrote:

I have been receiving the following erroe message on a system I am building
Lsass.exe-System Error
"An I/O operation initiated by the Registry failed unrecoverably. The
Registry could not read in,or write out, or flush, one of the files that
contain system's image of the Registry"
To me, this seems to be a software error, or an error generated because of a
corrupted file when Lsass.exe executes. so I ran fdisk, took out the
partitions, set them again, reformatted and reinstalled the operating system.
I have flushed the MB registry several times,still the same message. Any ideas

From: "kazzabojangles"

| Did you manage to solve this problem? I am having exactly the same problem
| but this is the first system I have attempted to build. Everything was going
| fine then this error message started to appear. It goes on to restart the PC
| 2 or 3 times then you can get past it and log on to windows ok! I havent got
| as far as installing a modem so I am baffled as to the cause. HELP!
|
| "My Toy" wrote:
|


Download the patch (below). Put the patch, Stinger and Sysclean (below) on media (CDROM,
ZIP
Disk, USB Flash drive, etc) disconnect the affected PC from the Internet and install the
patch. Then reboot the PC and perform the following scan of the PC using Stinger and Trend
Sysclean !

Go to; Start -- Run
enter; shutdown -a

This will halt the shutdown and give you a chance to Download the McAfee worm removal tool,
Stinger: http://vil.nai.com/vil/stinger/

Please read the following URL:
http://www.microsoft.com/security/in...r_printxp.mspx

Please install the patch that fixes the Lsass vulnerability that the Sasser and other
infectors exploit --
KB835732
http://www.microsoft.com/downloads/d...displaylang=en

You also need a FireWall.
If you don't patch the PC and not use a FireWall then you will just be re-infected.

I also suggest the installation of ALL MS Critical Updates ASAP.


Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start -- Settings -- Control Panel -- Internet Options -- Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools -- Options -- Privacy -- Cache -- Clear

1) Download the TrendMicro Sysclean Front End

Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe


2) Download and install Ad-aware SE
(free personal version v1.06)
http://www.lavasoftusa.com/
Update Ad-aware with the latest definitions and then exit the software.

3) Execute; SYSCLEAN_FE.EXE
Choose; Unzip
Choose; Close


Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
when you get to the menu dhoose [1] so you can boot into Safe Mode.

4) Disable System Restore
http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm

5) Reboot your PC into Safe Mode and shutdown as many applications as possible.

6) Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
Choose [2] on the menu and let SYCLEAN.COM scan your computer.
when done, execute Ad-aware SE and perform a full scan of your PC and delete
all objects found.

7) Restart your PC and perform a "final" Full Scan of your platform
Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
Choose [2] on the menu and let SYCLEAN.COM scan your computer.
when done, execute Ad-aware SE and perform a final scan of your PC and delete
all objects found.


8) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),

9) Reboot your PC.

10) Create a new Restore point


* * * Please report back your results * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Thankyou for responding. I can't understand how I could be infected when
this PC has never been connected to the internet. Is it possible that it
could be to do with the fact that I purchased the XP full version disk from a
Computer Fair? Is it possible that this could be the cause of the problem?

"David H. Lipman" wrote:

From: "kazzabojangles"

| Did you manage to solve this problem? I am having exactly the same problem
| but this is the first system I have attempted to build. Everything was going
| fine then this error message started to appear. It goes on to restart the PC
| 2 or 3 times then you can get past it and log on to windows ok! I havent got
| as far as installing a modem so I am baffled as to the cause. HELP!
|
| "My Toy" wrote:
|


Download the patch (below). Put the patch, Stinger and Sysclean (below) on media (CDROM,
ZIP
Disk, USB Flash drive, etc) disconnect the affected PC from the Internet and install the
patch. Then reboot the PC and perform the following scan of the PC using Stinger and Trend
Sysclean !

Go to; Start -- Run
enter; shutdown -a

This will halt the shutdown and give you a chance to Download the McAfee worm removal tool,
Stinger: http://vil.nai.com/vil/stinger/

Please read the following URL:
http://www.microsoft.com/security/in...r_printxp.mspx

Please install the patch that fixes the Lsass vulnerability that the Sasser and other
infectors exploit --
KB835732
http://www.microsoft.com/downloads/d...displaylang=en

You also need a FireWall.
If you don't patch the PC and not use a FireWall then you will just be re-infected.

I also suggest the installation of ALL MS Critical Updates ASAP.


Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start -- Settings -- Control Panel -- Internet Options -- Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools -- Options -- Privacy -- Cache -- Clear

1) Download the TrendMicro Sysclean Front End

Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe


2) Download and install Ad-aware SE
(free personal version v1.06)
http://www.lavasoftusa.com/
Update Ad-aware with the latest definitions and then exit the software.

3) Execute; SYSCLEAN_FE.EXE
Choose; Unzip
Choose; Close


Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
when you get to the menu dhoose [1] so you can boot into Safe Mode.

4) Disable System Restore
http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm

5) Reboot your PC into Safe Mode and shutdown as many applications as possible.

6) Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
Choose [2] on the menu and let SYCLEAN.COM scan your computer.
when done, execute Ad-aware SE and perform a full scan of your PC and delete
all objects found.

7) Restart your PC and perform a "final" Full Scan of your platform
Execute; c:\sysclean\SYSCLEAN_FE.BAT
{ or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
Choose [2] on the menu and let SYCLEAN.COM scan your computer.
when done, execute Ad-aware SE and perform a final scan of your PC and delete
all objects found.


8) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),

9) Reboot your PC.

10) Create a new Restore point


* * * Please report back your results * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

From: "kazzabojangles"

| Thankyou for responding. I can't understand how I could be infected when
| this PC has never been connected to the internet. Is it possible that it
| could be to do with the fact that I purchased the XP full version disk from a
| Computer Fair? Is it possible that this could be the cause of the problem?
|

Possible but not probable.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

"kazzabojangles" wrote in message
...
Did you manage to solve this problem? I am having exactly the same
problem
but this is the first system I have attempted to build. Everything was
going
fine then this error message started to appear. It goes on to restart the
PC
2 or 3 times then you can get past it and log on to windows ok! I havent
got
as far as installing a modem so I am baffled as to the cause. HELP!

"My Toy" wrote:

I have been receiving the following erroe message on a system I am
building
Lsass.exe-System Error
"An I/O operation initiated by the Registry failed unrecoverably. The
Registry could not read in,or write out, or flush, one of the files that
contain system's image of the Registry"
To me, this seems to be a software error, or an error generated because
of a
corrupted file when Lsass.exe executes. so I ran fdisk, took out the
partitions, set them again, reformatted and reinstalled the operating
system.
I have flushed the MB registry several times,still the same message. Any
ideas



I had a problem with this and it turned out to be virus kind of activity. I
did a clean installation and it fixed it in the end.

Thankyou for the previous responses but I am still stuck on this! I tried
reformatting and setup went fine but within 5 mins same error message
appeared! I still can't understand how it could be a virus. This is a newly
built system that has not run any programs at all yet and never been online.
Is it poss that any of the installation software I am using could be
corrupted? If I cant solve it by reinstalling Windows what else can I do?

"My Toy" wrote:

I have been receiving the following erroe message on a system I am building
Lsass.exe-System Error
"An I/O operation initiated by the Registry failed unrecoverably. The
Registry could not read in,or write out, or flush, one of the files that
contain system's image of the Registry"
To me, this seems to be a software error, or an error generated because of a
corrupted file when Lsass.exe executes. so I ran fdisk, took out the
partitions, set them again, reformatted and reinstalled the operating system.
I have flushed the MB registry several times,still the same message. Any ideas

kazzabojangles wrote:

Thankyou for the previous responses but I am still stuck on this! I tried
reformatting and setup went fine but within 5 mins same error message
appeared! I still can't understand how it could be a virus. This is a newly
built system that has not run any programs at all yet and never been online.
Is it poss that any of the installation software I am using could be
corrupted? If I cant solve it by reinstalling Windows what else can I do?

Have you tested your RAM and hard drive?

Steve


"My Toy" wrote:


I have been receiving the following erroe message on a system I am building
Lsass.exe-System Error
"An I/O operation initiated by the Registry failed unrecoverably. The
Registry could not read in,or write out, or flush, one of the files that
contain system's image of the Registry"
To me, this seems to be a software error, or an error generated because of a
corrupted file when Lsass.exe executes. so I ran fdisk, took out the
partitions, set them again, reformatted and reinstalled the operating system.
I have flushed the MB registry several times,still the same message. Any ideas

From: "kazzabojangles"

| Thankyou for the previous responses but I am still stuck on this! I tried
| reformatting and setup went fine but within 5 mins same error message
| appeared! I still can't understand how it could be a virus. This is a newly
| built system that has not run any programs at all yet and never been online.
| Is it poss that any of the installation software I am using could be
| corrupted? If I cant solve it by reinstalling Windows what else can I do?
|
| "My Toy" wrote:
|

You failed to follow my advice !

I didn't tell you to reformat and re-install.

I did state - "If you don't patch the PC and not use a FireWall then you will just be
re-infected."

As long as you fail to heed my information, you will continue to be exploited !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

"David H. Lipman" wrote in message
...
From: "kazzabojangles"

| Thankyou for the previous responses but I am still stuck on this! I
tried
| reformatting and setup went fine but within 5 mins same error message
| appeared! I still can't understand how it could be a virus. This is a
newly
| built system that has not run any programs at all yet and never been
online.
| Is it poss that any of the installation software I am using could be
| corrupted? If I cant solve it by reinstalling Windows what else can I
do?
|
| "My Toy" wrote:
|

You failed to follow my advice !

I didn't tell you to reformat and re-install.

I did state - "If you don't patch the PC and not use a FireWall then you
will just be
re-infected."

As long as you fail to heed my information, you will continue to be
exploited !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


The kind of virus I felt this was did not come from email it seemed to be
some kind of other virus.

From: "Jones"

|
| The kind of virus I felt this was did not come from email it seemed to be
| some kind of other virus.

There are a few types of LSASS Exploits but most are Internet worms that attack and try to
infect via TCP port 445.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

"David H. Lipman" wrote in message
...
From: "Jones"

|
| The kind of virus I felt this was did not come from email it seemed to
be
| some kind of other virus.

There are a few types of LSASS Exploits but most are Internet worms that
attack and try to
infect via TCP port 445.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

It seems awful that these programs can randomly get into your system and
mess it up without even opening up an email!

I'm sorry to sound like I am ignoring your advice on this, I am really
grateful for all your suggestions - but again I have to ask - how can this be
a virus issue when this PC is brand new and has not yet been hooked up to the
net? - it does not even have a modem installed. Also I did download the
patch you suggested from another PC and when I uploaded it I received a M/S
window telling me that SP2 is already installed and is more up to date than
the patch I am trying to install. I also reformatted again (I know, you told
me not to but I'm clutching at straws here!) and this time I used a new XP
package and it still happened so that would suggest to me that it isnt to do
with the O/S. Please can you suggest anything else?

"Jones" wrote:


"David H. Lipman" wrote in message
...
From: "Jones"

|
| The kind of virus I felt this was did not come from email it seemed to
be
| some kind of other virus.

There are a few types of LSASS Exploits but most are Internet worms that
attack and try to
infect via TCP port 445.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

It seems awful that these programs can randomly get into your system and
mess it up without even opening up an email!

What have you done to your computer re configuring it. Especially memory =
tuning? Or memory or disk error.
Memory Tester
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
http://oca.microsoft.com/en/windiag.asp

Use the recovery console to test the disk.


That message text is the text for error 1016 (type in Start Run=20
cmd /k net helpmsg 1016
)

You can look through here.
http://www.google.com.au/search?num=...&q=3DLsass+%2=
2An+I%2FO+operation+initiated+by+the+registry+fail ed%22&meta=3D

http://groups.google.com.au/groups?q...%20operation%=
20initiated%20by%20the%20registry%20failed%22&num= 3D100&hl=3Den&lr=3D&saf=
e=3Doff&sa=3DN&tab=3Dwg
--=20
-------------------------------------------------------------------------=
-------------------------
http://webdiary.smh.com.au/archives/...nt/001075.html
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=3D
"kazzabojangles" wrote in =
message ...
I'm sorry to sound like I am ignoring your advice on this, I am really =

grateful for all your suggestions - but again I have to ask - how can =
this be=20
a virus issue when this PC is brand new and has not yet been hooked up =
to the=20
net? - it does not even have a modem installed. Also I did download =
the=20
patch you suggested from another PC and when I uploaded it I received =
a M/S=20
window telling me that SP2 is already installed and is more up to date =
than=20
the patch I am trying to install. I also reformatted again (I know, =
you told=20
me not to but I'm clutching at straws here!) and this time I used a =
new XP=20
package and it still happened so that would suggest to me that it isnt =
to do=20
with the O/S. Please can you suggest anything else?
=20
"Jones" wrote:
=20
=20
"David H. Lipman" wrote in message=20
...
From: "Jones"

|
| The kind of virus I felt this was did not come from email it =
seemed to=20
be
| some kind of other virus.

There are a few types of LSASS Exploits but most are Internet =
worms that=20
attack and try to
infect via TCP port 445.

--=20
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
=20
It seems awful that these programs can randomly get into your system =
and=20
mess it up without even opening up an email!

=20
=20
=20

Thankyou all for your many suggestions re this error. It appears to be
finally solved! And it was as simple as replacing the cables running from
the hard drive and the dvd drive! Have been using the PC with no problems
for the last 2 days - fingers crossed it stays that way!

"David Candy" wrote:

What have you done to your computer re configuring it. Especially memory tuning? Or memory or disk error.
Memory Tester
============
http://oca.microsoft.com/en/windiag.asp

Use the recovery console to test the disk.


That message text is the text for error 1016 (type in Start Run
cmd /k net helpmsg 1016
)

You can look through here.
http://www.google.com.au/search?num=...led%22&meta =

http://groups.google.com.au/groups?q...ff&sa=N&tab=wg
--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/...nt/001075.html
=================================================
"kazzabojangles" wrote in message ...
I'm sorry to sound like I am ignoring your advice on this, I am really
grateful for all your suggestions - but again I have to ask - how can this be
a virus issue when this PC is brand new and has not yet been hooked up to the
net? - it does not even have a modem installed. Also I did download the
patch you suggested from another PC and when I uploaded it I received a M/S
window telling me that SP2 is already installed and is more up to date than
the patch I am trying to install. I also reformatted again (I know, you told
me not to but I'm clutching at straws here!) and this time I used a new XP
package and it still happened so that would suggest to me that it isnt to do
with the O/S. Please can you suggest anything else?

"Jones" wrote:


"David H. Lipman" wrote in message
...
From: "Jones"

|
| The kind of virus I felt this was did not come from email it seemed to
be
| some kind of other virus.

There are a few types of LSASS Exploits but most are Internet worms that
attack and try to
infect via TCP port 445.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

It seems awful that these programs can randomly get into your system and
mess it up without even opening up an email!

[quote=kazzabojangles]Thankyou all for your many suggestions re this error. It appears to be
finally solved! And it was as simple as replacing the cables running from
the hard drive and the dvd drive! Have been using the PC with no problems
for the last 2 days - fingers crossed it stays that way!

"David Candy" wrote:
[color=blue][i]
What have you done to your computer re configuring it. Especially memory tuning? Or memory or disk error.
Memory Tester
============
http://oca.microsoft.com/en/windiag.asp

Use the recovery console to test the disk.


That message text is the text for error 1016 (type in Start Run
cmd /k net helpmsg 1016
)

You can look through here.
http://www.google.com.au/search?num=...led%22&meta =

http://groups.google.com.au/groups?q...ff&sa=N&tab=wg
--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/...nt/001075.html
=================================================
"kazzabojangles" wrote in message ...[color=green][i]
I'm sorry to sound like I am ignoring your advice on this, I am really
grateful for all your suggestions - but again I have to ask - how can this be
a virus issue when this PC is brand new and has not yet been hooked up to the
net? - it does not even have a modem installed. Also I did download the
patch you suggested from another PC and when I uploaded it I received a M/S
window telling me that SP2 is already installed and is more up to date than
the patch I am trying to install. I also reformatted again (I know, you told
me not to but I'm clutching at straws here!) and this time I used a new XP
package and it still happened so that would suggest to me that it isnt to do
with the O/S. Please can you suggest anything else?

HI I just was looking to find an answer on this same topic and realized that my usual recycling of cables and bits and pieces to build "new systems" may have blindsided me again. The 80 conductor ultra ata cable could be a big issue. The conductors are small in diameter and can be bad certainly when repeatedly reused as I do. A new system can suffer a bad cable as well. It is not commonly thought of but I build/rebuild about 100 systems a year and it has been nearly 8 years since I diagnosed a bad ide cable. Be aware that conductors can cause weird effects particularly on first boot(cold) as opposed to reboot(warm). This to me is a common "strange truth" of the hardware world. You had already stated the SP2 patch, and the 'software/virus' rant could be struck from the tread as irrelevant. Cheers on your solution