LSASS errors - probable malware..

Networking/Security Forums -> Spyware // Adware // Trojans Discussion

Author: djmuk PostPosted: Tue Mar 16, 2010 2:04 am    Post subject: LSASS errors - probable malware..
    ----
Not sure if this is the right place as one thing I can't do is a HJT log...

I am looking at a machine for a friend, when it starts up it gives LSASS unable to locate component and a message box that complains about msls52.dll missing.

There are almost no hits for that file on google - just a couple on the prevx site where it had been found on machines last week...

Windows will not start NOT EVEN IN SAFE MODE. I get the message box above and then no response from mouse or keyboard (even LEDs).

It will boot to UBCD4WIN and using that I have:
found an AV log file that had removed msls52.dll (!!)
Run clamwin with latest updates - found several occurrences of KOOBFACE which were all quarantined.
Dug through the registry and can find nothing that looks odd (eg run, userinit, LSA entries all look OK)
I have searched the (correct) registry for msls52.dll but it isn't there...

I did get into windows before I brought it home, but explorer also complained about missing msls52.dll as did almost everything else I tried to do...!
I ran HJT and there was a 'stray' userinit entry which I removed.

I am obviously missing the location in the registry which is calling the rogue software...

Any suggestions where else I should look in the registry (or elsewhere) to find what is being called by lsass and everything else??

Author: dustybin PostPosted: Tue Mar 16, 2010 11:39 am    Post subject:
    ----
I also have the same problem with Windows XP.

Removed a Trojan yesterday but when restarting I can no longer get any further than the initial log on screen, ie can't get the start bar to appear on the desktop because of this lsass.exe - Unable To Find Component message which I can't get past.

Please help me somebody!

Author: djmuk PostPosted: Wed Mar 17, 2010 12:42 am    Post subject: SORTED - msls52.dll missing
    ----
Finally cracked it...

I ended up doing a search for any file that contained the text msls52.dll ...

lo & behold uxtheme.dll was the only file that contained the text & there was a renamed copy of it as usxtheme.dll<random characters>.TMP so I renamed the first one (to .vxx !) and renamed the 2nd one back to .dll & it boots up.

anyone interested in a copy of the infected file?

Hint - if your machine won't boot up then you need an alternative boot disk, this simple change could be done from windows recovery console (boot from the XP install CD if it isn't on the F8 boot menu), or get yourself a bootable utility CD (EG ubcd4win) or a linux live CD...

David ( Very Very Happy )

Author: jannercobbler PostPosted: Tue Apr 13, 2010 11:59 pm    Post subject: Re: SORTED - msls52.dll missing
    ----
djmuk wrote:
Finally cracked it...

I ended up doing a search for any file that contained the text msls52.dll ...

lo & behold uxtheme.dll was the only file that contained the text & there was a renamed copy of it as usxtheme.dll<random characters>.TMP so I renamed the first one (to .vxx !) and renamed the 2nd one back to .dll & it boots up.

anyone interested in a copy of the infected file?

Hint - if your machine won't boot up then you need an alternative boot disk, this simple change could be done from windows recovery console (boot from the XP install CD if it isn't on the F8 boot menu), or get yourself a bootable utility CD (EG ubcd4win) or a linux live CD...

David ( Very Very Happy )


David

I registered at this forum just so that I could say thanks to you.

I spent all day looking for solutions, when I found yours, after creating a Linux Live CD on a USB Drive and locating the file you mention, and making the changes, everything is back to normal on my Nieces Computer Smile

It only took 20 mins in total to fix, Once again, Thank you for this Solution.

Paul (Very, Very Smile Smile )

Author: Ouisri PostPosted: Mon Jun 21, 2010 5:51 pm    Post subject:
    ----
Try RemoveIT Pro V7. It can help



Networking/Security Forums -> Spyware // Adware // Trojans Discussion


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group