Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi,
When I opened up an IE browser suddenly there was a pop up said LSA shell (export version) encounted problem and like the same there're 'send' or 'don't send' option then I clicked the 'don't send' button and afterwards a 1 min. countdown of shutdown window appeared and said l(L not i)sass.exe is blah blah blah...stuff like that.
My labtop then shutdown after a min. and restart by itself.
This is my first time to encounter this problem and this problem keep popping up now and anyone here know what's going on about that?
I tried to check the previous post and most of them related to password logon issue and my labtop has no password to logon and therefore need someone shed me some light about this issue.
Any help would be appreciated.
Thanks!
use the system restore option to restore back to a day before it started acting up.
start>programs>accessories>system tools>system restore and follow instructions
0 
I'm getting the same problem but in addition I'm not sure if it is related. When windows starts there is a message from wildtangent saying something about a problem with wdengine.dll... and after a while I get my computer restarting automatically. I went to take no action on rpc and I still have this problem. I ran multiple virus scans and am confused.
0
The following website as per another page in this forum suggested worked for this problem for me http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx. However, good idea to update virus protection and check out whether or not you are at risk. Whether or not the virus is related to this problem or not I am uncertain. I do know it worked in ridding me of the issue of the LSA shell problem and the automatic shutdown. good luck.
0
fixed problem by reinstalling sp1 over
existing install. i also removed .net framework, as i found an extra user account
named "asp.net" which was listed in user accounts but did not apear at logon(xp).
i wonder if there is an exploit in .net
allowing unauthorized access to this("asp.net")account. my first thouht at onset
of problem was that we had infection/worm.
system is clean as a whistle,no suspicous
outbound activity, or spyware that can so
far be dectected...
0
http://www.computing.net/security/wwwboard/forum/11377.html
this thread has a solution that seems to be working for me:
"Try downloading the Security Update KB835732 from http://www.microsoft.com/downloads (it is currently #10), it is basically another variant of the blaster worm (I believe we are on msblast.g). Hope this can be of some help."
ALSO
"If you look in c:\windows\ there should be a file called avserve.exe delete it and remove the reg key under HLKM\Software\Microsoft\Windows\CurrentVersion\
Run that points to the avserve.exe file. "
0
avserve2.exe now known as W32.Sasser.B.Worm, http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.b.worm.html
0
Hi,
We have the LSA Shell error as well and I did find the Microsoft patch using another computer. How do you access the website and download the patch, if the NT Authority\System message comes up everytime you hookup to the internet. Everytime we get that message, the system shuts down in 60 seconds.
Thanks!
0
Will be FIXED using Security Update KB835732 from http://www.microsoft.com/downloads (it is currently #10)like Response Number 6 wrote !!
0
I would turn off system restore first, then as posted by Edge in #6, remove avserve2.exe from the registry.
Click Start, and then click Run. (The Run dialog box appears.)
Type regedit
Then click OK. (The Registry Editor opens.)
Navigate to the key:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:"avserve2.exe"="%Windir%\avserve2.exe"
Exit the Registry Editor.Then you should be able to stay connected and not shut down as was my experience. Then you can update your virus definitions and do a full system scan and delete the infected files, download the removal tool @ http://securityresponse.symantec.com/avcenter/FxSasser.exe.
download the Microsoft patch @ http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
and then run a thorough scandisc http://support.microsoft.com/default.aspx?scid=kb;en-us;315265.
0
I had the Same problem as every one else but after running the fix from Norton and running the updates for windows I still have problems. 1 Norton had to be removed because the Virus made it so the servces could not load. So I removed Norton and re-installed it and Xp has a known problem with a driver in winXP and it offers you a link to go and get a updated driver well the page never loads. I tryed it on my over box and the link work fine any Ideas?
0
I have the same LSA Shell problem. In the process of following the advice above. Problem is also compounded by about 20% of the keys on the keyboard not working. Anybody come across this 'feature'. Any advice relating to the non-functioning keys?
0
I had the same problem.Its a virus .
Go to start-programmes-acessories-system tools- system restore and check the first option which is restore my computer to an ealier time then click next and a calander will appear,click on a date before you noticed that your system started closing down and just follow the instructions it will take a moment or so and will reboot should be ok then.barbi
0
Barbi, that won't remove the virus, you need to turn off system restore on all hard drives and remove the virus.
Depending on which sasser worm you have, W32.Sasser.B.Worm or W32.Sasser.Worm, get your fix here http://securityresponse.symantec.com/
Be sure you have the Microsoft patch too.
0
Thanks Tonydallas
ive turned off system restore,done everything you reccomended scan found no threats,removal tool found no sasser.downloaded patch and turned on xp firewall ben surfing about 2 hours now and seem to clean
Barbi
0
Yeah, people, just like most other people said, it's most probably going to be a variant of the W32 Sasser Worm.
Most of the methods outlined by microsoft seemed a little too complex considering that i have very little knowlege of the registry, and the entry "avserve2.exe"="%Windir%\avserve2.exe" didn't even seem to exist under the "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run," key. Instead, after resarting in safe mode so that the virus doesn't execute, i found an entry called "skynetave.exe," which didn't seem to be a windows file so i followed the directory in the windows explorer and found that the file was created at exactly the same time that the virus first hit. (worm file isolated).
I then restarted the computer in normal mode, and before the virus had a chance to execute, or crash the LSA Shell, i hit Ctrl Alt Delete. Went to the "Processes tab," clicked on the "skynetave.exe" and ended the process. With the process ended, i could now go onto the windows update, download the patches and then from the "http://www.microsoft.com/security.incident.sasser.asp" sight, i scanned for and removed the sasser worm. remember that the name may be different for each variation, so you may have to go to the registry and follow each directory, until the date/time of creation matches the time that the worm first hit my pc. good luck
0
Hi!
first of all i want to said thanks to the all the advices in here. IT really help a lot. But i still have a little problem and i hope i can get some advices like last time. I have this box popping up and countdown 60 seconds, i did try the shutdown -a but it still not working, it work for a while, but after that i restart the computer it will popup again. In the box it said C:\Windows\System32\lsas.exe and there a lot advices in here, but it still not working, they said to find the avserve.exe or any #_up.exe in the regedit, in
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, and in task manager, but everytime i open all the file that listed here, i couldn't find it anywhere and it did show on any of this file, and i couldn't find anything under those name. So would anyone in here help! me out please. Oh...one more thing when i open my task manager there were a file name lsass.exe and svchost.exe, i wonder if this is the cost of the popup box. If so what should i do with it, could anyone please tell me. Thanks you a lot. Hope to heard from you guy soon.dragonlovebr
0
exact same problem as last post. updates done, sytem restore is off, norton scan says fine but lsa shell error on reboot and in task manager i see lsass.exe. need help! scans show no virus. lsass.exe will not let me end task from task manager either.
0
Hello,
I had the same issue with my Dell Laptop.
Solution: download this file from MaCfee,
AVERT Stinger (http://download.nai.com/products/mcafee-avert/stinger.exe) and run it. It found the sasser virus even though I ran just about every AV program out there on my laptop. After running this program it found 42 infected files and clean them out. Now I no longer have the LSA Shell (export Version) error.
0
hi,
I had the same problem(my laptop kept restarting after the one minute warning and would display the LSA Shell has encountered problems message) and I did follow instructions. I removed the avserve2.exe entry in the regedit. Now I am able to stay online longer and everything.
But when I restart my system, there is another avserve2.exe in the C:\windows folder and the entry is back in the register. And also, previously I could not delete the avserve2.exe file, so I displaced and renamed it. I did download the security update but it didnt seem to help. Please advise.
0
Hi,
Well ive got a few probs. I have a problem where every time on startup it says "windows explorer has encountered a problem and needs to close". Also the LSA shell (export version) needed to close when connected to the internet. Dont know if theyre connected. I did a virus scan and got the patch for the w32.sasser.worm as norton said i had it. So i downloaded the patch and followed instructions (including turning off system restore). However, didnt work. It still comes up and proceeds to come up with shut down in 60 secs. So its pretty screwed up. Can anyone help? I realy need it fixed.PS i deleted the avserve stuff in registry and seems to be gone.
Pretty please
blah
0
Have a friend with exactly the same problems. Tried ALL of the above, nothing worked. The avserve2.exe file was NEVER located on her machine. We have done three scans...nothing shows. She couldn't download the Microsoft update because of getting bumper off as described above. I finally downloaded to my machine and copied it to a cd. We still couldn't get it to load! She has done a total fdisk/reformat...nothing solved, problem remains. HELP!
0
I fixed the problem using this program
Stinger
http://download.nai.com/products/mcafee-avert/stinger.exe
0
Hi!
Lately, my dell laptop has been freezing everyb time I startup and the LSA Shell message popped up. I recently got the sasser worm and downloaded the program to get rid of the w32 sasser worm and it seemed to get rid of the infected files. After, my computer was repeatedly freezing, I ran the sasser program (when I was lucky enough for it not to freeze on me) and it said that the worm was not found on my computer. ?? Does anyone know what could possibly affecting this and how to fix it? Thanks!
0
I just found this problem and seem to have solved it...
1. OS = Windows XP
2. No sign of virus with Fixserver and Stinger
3. Mcafee 7.0 with latest DAT file was runningI noticed strange files in system32 directory such as *****_upload files. where ***** are numbers.
What I did:
Disconnected PC from network
Disabled system restore
deleted lsasss.exe from c:\windows
removed lsasss from registry run
..
but what I don't know is how to forestall further infection since I have latest antivirus update running!
0
someone said they formatted & still had problem...same here...i have 3 versions of xp...one includes xp corporate...i have istalled all of these on systems in my house...i have a friend whose computer started to freeze whenever dialing began on his dial-up connection winME...formatted & installed xp...get this 60 second shutdown lsass.exe blah blah blah...tried different xp disc & tried different prod. KEYS...still same error...hope someone can make sense of this...oh the error only seems to come up when connected to the internet...
0
If you installed all MS patches and ran Norton's Sasser fix tool and still have lsass.exe issues, do an XP repair installation. This worked for me and I didn't have to reinstall my apps.
0  |
 Can't click on link
|
Mouse probs
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
