Fix Lsass.exe Error in Windows XP

What is lsass.exe?

The lsass.exe file is core Windows process that is responsible for enforcing the security policy within a Windows operating system. Whenever a user tries to access a computer, lsass.exe verifies whether identification details supplied by the user are correct or not.

By default, the lsass.exe file is located in a subfolder of C:\Windows\System32. The most common size of the lsass.exe file is 13,312 bytes, but you may also find the file in 11,776, 7,680, 9,728, 14,848, 14,336, and 16,384 bytes sizes.

Lsass.exe error

When you start your Windows XP computer, you may encounter an error message similar to one of the following:

“Lsass.exe: Entry Point Not Found

The procedure entry point _resetstkoflw could not be located in the dynamic link library Msvcrt.dll.”

-Or-

“Services.exe: Entry Point Not Found

The procedure entry point _resetstkoflw could not be located in the dynamic link library Msvcrt.dll.”

After you click OK, your keyboard may stop working and a blank screen may appear on your desktop.

Cause of the Errors

This problem occurs when the Msvcrt.dll file is replaced with a third-party version that does not contain _resetstkoflw (recovery from stack overflow) function.

Solution

To fix this lsass.exe error, replace the Msvcrt.dll file with the original version using the Windows XP Recovery Console. To achieve this, perform the steps listed below:

  1. Insert the Windows XP CD into your computer’s CD drive and restart your computer from the CD-ROM.
  2. Press R at the welcome screen to start the Recovery Console.
  3. Press the number key that represents the Windows Operating System (if you have only one operating system installed, press 1) that you want to repair, and then press Enter.
  4. If prompted, enter the administrator password and then press Enter to proceed further.
  5. Next, type the following commands and press Enter after each command:
    • cd system32
    • ren msvcrt.dll msvcrt.old
    • CD-ROM_or_DVD-ROM_Drive_Letter:
    • cd \i386
    • expand msvcrt.dl_ BootDriveLetter:\windows\system32
    • exit

Notes:

  • BootDriveLetter points to the drive letter of the drive that contains Windows installation. By default, it is drive C.
  • CD-ROM_ or_DVD-ROM_Drive_Letter points to the drive letter of your CD-ROM or DVD-ROM drive. Generally, it is drive D.

Lsass.exe – Security Report

The true lsass.exe is a safe file. However, there is also a malicious process by the same name that is registered as a trojan.

The malicious lsass.exe is used by hackers to access your computer remotely to steal your personal information, such as email passwords and Internet banking details. If you are infected with the lsass.exe virus, immediately take corrective measures to get rid of this menace.

What are the Internet threats with which the lsass.exe virus is associated?

Listed below is a detailed list containing the names of Internet threats with which lsass.exe is known to be associated:

W32/Rontokbro.gen@MM [McAfee]
Email-Worm.Win32.Brontok.n [Kaspersky Lab]
W32.Rontokbro.U@mm [Symantec]
WORM_BRONTOK.BA [Trend Micro]
I-Worm.Brontok.AY [PC Tools]
W32.Rontokbro.X@mm [Symantec]
W32.Rontokbro@mm [Symantec]
W32.SillyDC [Symantec]
W32.SillyFDC [Symantec]
W32/YahLover.worm [McAfee]
Worm.Brontok.BA [PC Tools]
Worm.Brontok.BK [PC Tools]
Worm.Brontok.Gen!Pac.3 [PC Tools]
Worm.Win32.VB.ck [Kaspersky Lab]
WORM_RONTKBR.GEN [Trend Micro]
Trojan.Agent.lsass [Ikarus]
WORM_SOHANAD.FI [Trend Micro]
WORM_VB.FQO [Trend Micro]
WORM_BRONTOK.IE [Trend Micro]
Backdoor.Trojan [Symantec]
Email-Worm.Win32.Brontok.N [Ikarus]
Email-Worm.Win32.Brontok.q [Kaspersky Lab]
Gen.Packed [Ikarus]
Generic.dx [McAfee]
Generic.dx!fml [McAfee]
IRC/Client [McAfee]
I-Worm.Brontok.BM [PC Tools]
Mal/EncPk-KP [Sophos]
Mal/Generic-A [Sophos]
Packed.Generic.233 [Symantec]
Packed/FSG [PC Tools]
PE_FLUENZA.ART-O [Trend Micro]
PE_PARITE.A [Trend Micro]
Trojan Horse [Symantec]
TrojanClicker:Win32/Hatigh.C [Microsoft]
Virus.Win32.Parite.b [Kaspersky Lab]
W32.Sality.X [Symantec]
W32/Brontok-AE [Sophos]
W32/Pate.b [McAfee]
W32/Rontokbr-A [Sophos]
W32/Sality.ac [McAfee]
W32/Zaflen.a [McAfee]
Win32.Parite.B [PC Tools]
Win32.Sality.AA [PC Tools]
Win32.Xorer.Gen [PC Tools]
Worm.Brontok.Gen.1 [PC Tools]
Worm.VB.FKF [PC Tools]
Worm.VB.FWG [PC Tools]
Worm.VB.GUE [PC Tools]
Worm.Win32.VB.gr [Kaspersky Lab]
WORM_VB.EIQ [Trend Micro]
Virus.Win32.Sality.s [Kaspersky Lab]
Win32.SuspectCrc [Ikarus]
not-a-virus:Client-IRC.Win32.mIRC.603 [Kaspersky Lab]
W32/Brontok-Gen, W32/Brontok-Gen, Mal/Packer, Mal/Behav-024 [Sophos]
W32/Virut.gen [McAfee]
Backdoor.IRCBot [PC Tools]
WORM_MOONLIGHT.C [Trend Micro]
W32/Generic.e [McAfee]
W32/Brontok-Gen, W32/Brontok-Gen, Mal/Behav-024 [Sophos]
W32.Pagipef.I!inf [Symantec]
W32.Lunalight@mm [Symantec]
Virus.Win32.Xorer.dr [Ikarus]
Virus.Win32.Virut.q [Kaspersky Lab]
Virus.Win32.VB.bp [Kaspersky Lab]
Trojan.Win32.Swisyn.eg [Kaspersky Lab]
PE_SALITY.AL [Trend Micro]
Mal/Zlob-AG [Sophos]
Mal/Xorer-A [Sophos]
Email-Worm.Brontok!sd5 [PC Tools]
Bloodhound.Unknown [Symantec]
Email-Worm.Win32.VB.cp [Kaspersky Lab]
Virus.Win32.Banker.CYL [Ikarus]
W32/Brontok-Gen, W32/Brontok-Gen, Mal/Behav-024, Mal/Heuri-D, Mal/Emogen-N [Sophos]
Adware.VirtuMonde [Symantec]
Trojan.Win32.VB.oqz [Kaspersky Lab]
WORM_AUTORUN.TI [Trend Micro]
PE_RUNGBU.E [Trend Micro]
Suspicious.MH690 [Symantec]
W32/Lovelet-AD [Sophos]
WORM_VB.CBS [Trend Micro]
WORM_SALITY.BL [Trend Micro]
Worm:Win32/Zaflen.A@mm [Microsoft]
Worm:Win32/Brontok.BJ@mm [Microsoft]
Worm.AutoRun.BX [PC Tools]
Worm.AutoRun.AGB [PC Tools]
Win-Trojan/MircPack.1790464 [AhnLab]
W32/Fujacks [McAfee]
W32/Brontok-Gen, W32/Brontok-Gen, Mal/Emogen-N, Mal/Heuri-D [Sophos]
W32/Autorun.worm.g [McAfee]
Virus.Win32.Xorer.ey [Kaspersky Lab]
Trojan-Downloader.Win32.Zlob [Ikarus]
PE_PAGIPEF.BY [Trend Micro]
not-a-virus:Client-IRC.Win32.mIRC [Ikarus]
Generic Downloader.s [McAfee]
Email-Worm.Win32.Brontok.A [Ikarus]
Downloader [Symantec]
I-Worm.Moonlight.C [PC Tools]
Virus:Win32/Sality.AM [Microsoft]
W32/Imaut-A [Sophos]

How to get rid of the lsass.exe virus

If your PC is infected by the lsass.exe virus, run a malware scan on your entire computer using advanced malware removal tools, such as STOPzilla Antivirus and Spyware Cease to remove the malicious lsass.exe and its associated malware. Also, use a reliable registry tool, such as RegServe, to scan your registry and fix any issues related to lsass.exe or any other exe file on your computer.