• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

LSASS errors - probable malware..

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Spyware // Adware // Trojans Discussion

View previous topic :: View next topic  
Author Message
djmuk
Just Arrived
Just Arrived


Joined: 16 Mar 2010
Posts: 0


Offline

PostPosted: Tue Mar 16, 2010 2:04 am    Post subject: LSASS errors - probable malware.. Reply with quote

Not sure if this is the right place as one thing I can't do is a HJT log...

I am looking at a machine for a friend, when it starts up it gives LSASS unable to locate component and a message box that complains about msls52.dll missing.

There are almost no hits for that file on google - just a couple on the prevx site where it had been found on machines last week...

Windows will not start NOT EVEN IN SAFE MODE. I get the message box above and then no response from mouse or keyboard (even LEDs).

It will boot to UBCD4WIN and using that I have:
found an AV log file that had removed msls52.dll (!!)
Run clamwin with latest updates - found several occurrences of KOOBFACE which were all quarantined.
Dug through the registry and can find nothing that looks odd (eg run, userinit, LSA entries all look OK)
I have searched the (correct) registry for msls52.dll but it isn't there...

I did get into windows before I brought it home, but explorer also complained about missing msls52.dll as did almost everything else I tried to do...!
I ran HJT and there was a 'stray' userinit entry which I removed.

I am obviously missing the location in the registry which is calling the rogue software...

Any suggestions where else I should look in the registry (or elsewhere) to find what is being called by lsass and everything else??
Back to top
View user's profile Send private message
dustybin
Just Arrived
Just Arrived


Joined: 16 Mar 2010
Posts: 0


Offline

PostPosted: Tue Mar 16, 2010 11:39 am    Post subject: Reply with quote

I also have the same problem with Windows XP.

Removed a Trojan yesterday but when restarting I can no longer get any further than the initial log on screen, ie can't get the start bar to appear on the desktop because of this lsass.exe - Unable To Find Component message which I can't get past.

Please help me somebody!
Back to top
View user's profile Send private message
djmuk
Just Arrived
Just Arrived


Joined: 16 Mar 2010
Posts: 0


Offline

PostPosted: Wed Mar 17, 2010 12:42 am    Post subject: SORTED - msls52.dll missing Reply with quote

Finally cracked it...

I ended up doing a search for any file that contained the text msls52.dll ...

lo & behold uxtheme.dll was the only file that contained the text & there was a renamed copy of it as usxtheme.dll<random characters>.TMP so I renamed the first one (to .vxx !) and renamed the 2nd one back to .dll & it boots up.

anyone interested in a copy of the infected file?

Hint - if your machine won't boot up then you need an alternative boot disk, this simple change could be done from windows recovery console (boot from the XP install CD if it isn't on the F8 boot menu), or get yourself a bootable utility CD (EG ubcd4win) or a linux live CD...

David ( Very Very Happy )
Back to top
View user's profile Send private message
jannercobbler
Just Arrived
Just Arrived


Joined: 13 Apr 2010
Posts: 0


Offline

PostPosted: Tue Apr 13, 2010 11:59 pm    Post subject: Re: SORTED - msls52.dll missing Reply with quote

djmuk wrote:
Finally cracked it...

I ended up doing a search for any file that contained the text msls52.dll ...

lo & behold uxtheme.dll was the only file that contained the text & there was a renamed copy of it as usxtheme.dll<random characters>.TMP so I renamed the first one (to .vxx !) and renamed the 2nd one back to .dll & it boots up.

anyone interested in a copy of the infected file?

Hint - if your machine won't boot up then you need an alternative boot disk, this simple change could be done from windows recovery console (boot from the XP install CD if it isn't on the F8 boot menu), or get yourself a bootable utility CD (EG ubcd4win) or a linux live CD...

David ( Very Very Happy )


David

I registered at this forum just so that I could say thanks to you.

I spent all day looking for solutions, when I found yours, after creating a Linux Live CD on a USB Drive and locating the file you mention, and making the changes, everything is back to normal on my Nieces Computer Smile

It only took 20 mins in total to fix, Once again, Thank you for this Solution.

Paul (Very, Very Smile Smile )
Back to top
View user's profile Send private message
Ouisri
Just Arrived
Just Arrived


Joined: 14 Jun 2010
Posts: 0


Offline

PostPosted: Mon Jun 21, 2010 5:51 pm    Post subject: Reply with quote

Try RemoveIT Pro V7. It can help
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Spyware // Adware // Trojans Discussion All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register