PDA

View Full Version : Missing file lsarv.dll


gatehill
09-05-2004, 09:43
I successfully removed Sasser from a friend's PC on Thursday so, full of confidence I went to another friend's house on Friday to carry out the same operation.
At both places I turned on the XP firewall, removed the worm using the Symantec tool which I had downloaded on to a CD and then ran Windows Update to download the latest critical updates, including 835732.

However, at the second friend's house when we tried to restart the computer, as required after installing the windows updates, the PC would not reboot, instead we got the error message along the lines of: "lsass.exe could not run as lsasrv.dll is missing".

Can anyone advise how I should proceed? It is a Dell 2350 and he still has all the disks which were supplied when he purchased the PC about a year ago.

09-05-2004, 11:52
Are you able to start the PC in "Safe Mode"? If so, you might be able to copy the file from a running installation. It is a 652kB file in the path:

C:\Windows\System32\Lsasrv.dll

calimanco
09-05-2004, 12:07
Isass.exe (as opposed to isass.exe which is part of the OS) is a variation of the Optix Pro Trojan which opens TCP port 3410 and allows a hacker to control an infected computer. It is difficult to remove and in your case, only part of it has been which is why you can't boot. A clean reinstall would be the best option here I think.
On the subject of Sasser, Microsoft have a bulletin with removal instructions here:-
http://www.microsoft.com/security/incident/sasser.asp

anonymous
09-05-2004, 12:10
or you could download dll from here onto floppy and load it that way?
http://www.dll-files.com/

gatehill
10-05-2004, 12:12
Thanks for the comments. I have been unable to start the PC even in safe mode.

I've had to call in my local technical chappy to solve it. I'll post the outcome in a couple of days.

anonymous
06-06-2004, 02:27
Gatehill:

Did you ever solve this problem?

I am having a similar experience on an AMD Athlon running Windows XP Pro. My only solution so far has been to use system restore to return to a prior setup but then if I run the Windows automatic updates, the problem returns and as you know the computer will not reboot.

Any one out there with a solution?

anonymous
06-06-2004, 02:48
Gatehill if you can run using system restore then why not copy dll file from above site,to the path it is supposed to be in,then when you try again it might see it?Or copy it onto floppy then install it using safe mode, if you can use safe mode?
If it does then load it will give you the oppertunity to try and sort out the problems?

anonymous
06-06-2004, 02:49
sorry thats to you russel.

anonymous
06-06-2004, 10:07
Forgot to mention that curiously, the computer with this problem cannot see the lsasrv.dll file. Tried to copy it from a floppy, from a USB drive and even accross a network. In each case, Windows Explorer cannot see it, either on any of these media or in the \windows\system32\ folder.

gatehill
06-06-2004, 14:19
Problem was solved by my techy contact; he seems to have started the PC in safe mode and reinsattled the missing file. This did not seem to work for me!

anonymous
06-06-2004, 14:25
Thought thats what i said?