Unable to Locate LSASS.EXE at tart-up using Win XP Pro

I currently receive the error "Unable to Locate LSASS.EXE" during start-up in WinXPPro. The status bars shows it trying to launch, but this error appears. IT then displays only a blank screen, but the cursor is visible. I'm trying to determine if this is a virus or trojan??

PLEASE HEEEELLLLLLPPPPPPPP!!!!!!!!!!!

Uncle J

Sounds like you've got a really major problem. LSASS.exe handles a major portion of the Windows security subsystem, if its not able to load, nothing will work.. in fact if LSASS crashes, the system goes down with it. I seriously suggest you reinstall your XP and then patch it as soon as you get it back online. While this may not be the result of a trojan (I don't know of any trojan that does something like this), there was recently an exploit that targetted LSASS.exe and caused it to shutdown, however I don't see how this can prevent it from reloading. Anyway the exploit is the ASN.1 Library Bitstream Heap Corruption Vulnerability if you're interested in looking up details for it.

Since you'll want to backup your data, here are two options you have

a. Connect your hard disk as a secondary or slave to another Windows machine and copy all your data off to the new hard disk.

b. Download Knoppix ( www.knoppix.net ) and burn it to CD, boot from this CD and recover your data.

I would recommend the second option if you're familiar with Linux simply because if its a trojan, then connecting it to the Windows machine may cause it to spread.

Cheers,