I have a laptop used by one of my Chinese design engineers. In his Windows 2000 Professional, an annoying program was shutting down his computer on an irregular basis. Its filepath was C:\WINNT\system32\Lsass.exe ( or something like that *.exe.) He could not delete it, so he moved it to a different folder. Alas, when he rebooted, he now has the blue screen of death. Is there a way to do System Restore with 2000 Professional? We do not have his original 2000 install diskette. Even if I did, the OS is a Chinese version, so most of the menus are in Chinese. I have tried troubleshooting, but even a SAFE MODE restart steers me into Chinese menus that lead nowhere. HELP!
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Blue screen of death even in Chinese!
- Thread starter BradOne
- Start date
Lsass.exe is part of the security schema of windows and verifies passwords. Win2k does not have System Restore.
First, what you have is the Sasser worm:
Second, all you need to do is to put Lsass.exe back into C:\winnt\system32\ from wherever it was moved. If you can access Safe Mode, you can do the copy with a Start, Run, copy ...etc command.
Then reboot normally and remove Sasser with the first link above.
First, what you have is the Sasser worm:
Second, all you need to do is to put Lsass.exe back into C:\winnt\system32\ from wherever it was moved. If you can access Safe Mode, you can do the copy with a Start, Run, copy ...etc command.
Then reboot normally and remove Sasser with the first link above.
- Thread starter
- #3
Thanks, bcast. So much for Norton Anti-Virus that has been on this system forever. Grrrrr. Though I have a Chinese OS, from memory I recall SAFE MODE is the first option on a F8 Start Control Screen. However, that choice briefly results in a rolling string of start-up commands, then a momentary small blank green screen, and finally a black screen with "Microsoft Professional 2000(TM)[2195 Free]" in the top middle with the same Chinese symbols in all four corners of the screen. On that black screen, I have cursor control, but nothing else works including <cntl> <alt> <delete> to reboot. I am surprised that I cannot enter into a normal SAFE MODE screen, wherein I could restore the lasass.exe command to the System32 folder as you suggested. Is it possible that SAFE MODE is in a different list location in W2K? I tried all the other Start options, but nothing else works, either. Any help will be appreciated.
Create a Pre-Installation Environment. You do not have to use the localized Chinese version of Win2k for this:
Bart's PE: Variant I use:
It takes about twenty minutes to create the bootable CD. Boot with it, and do the copy.
Bart's PE: Variant I use:
It takes about twenty minutes to create the bootable CD. Boot with it, and do the copy.
- Thread starter
- #6
Thanks LLoyd and bcast. LLoyd, I thought that might be the SAFE MODE screen, but the screen just freezes there - it does not proceed to the SAFE MODE desktop.
Bcast, I will try that. I reviewed those procedures, and they both use Bart'sPE - which requires a WXP SP1 install disk. Is there some way around this requirement? Thanks.
Bcast, I will try that. I reviewed those procedures, and they both use Bart'sPE - which requires a WXP SP1 install disk. Is there some way around this requirement? Thanks.
- Status
Similar threads
