FBI virus and lsass.exe system error

[kuttus]

Sure Send me a Email. Same time try this steps also..

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
SRV - File not found [Auto] --  -- (0240861319997418mcinstcleanup) McAfee Application Installer Cleanup (0240861319997418)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} -  File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [SonyAgent]  File not found
O4 - HKU\.DEFAULT..\Run: [3DVIA]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 44163 = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\msyauoi.bat
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: eeaeadcaeed = C:\Documents and Settings\NetworkService\Application Data\e88ea456-8171-467e-a64d-c7a2745eed9479\eeaeadcaeed.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

:Files
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe|C:\WINDOWS\system32\lsass.exe /replace
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Post the log afterwards.

 

[melissawski]

here is the log. wouldn't let me post an attachment.

========== FILES ==========
File\Folder C:\WINDOWS\Temp\temp35.exe not found.
C:\Documents and Settings\Wlasniewski\Application Data\Qukeq folder moved successfully.
C:\Documents and Settings\Wlasniewski\Application Data\Ycny folder moved successfully.
C:\Documents and Settings\Wlasniewski\Application Data\Ydul folder moved successfully.
C:\Documents and Settings\Wlasniewski\Application Data\Izwaur folder moved successfully.
C:\Documents and Settings\Wlasniewski\Application Data\Biwaew folder moved successfully.
C:\Documents and Settings\Wlasniewski\Application Data\Gyeno folder moved successfully.
File\Folder C:\Documents and Settings\Wlasniewski\Application Data\Ruq not found.
C:\Documents and Settings\Wlasniewski\Application Data\Moget folder moved successfully.
C:\Documents and Settings\Wlasniewski\Application Data\Zaibt folder moved successfully.
C:\Documents and Settings\Wlasniewski\Application Data\e88ea456-8171-467e-a64d-c7a2745eed9479 folder moved successfully.
C:\Documents and Settings\Wlasniewski\Application Data\54AC83 folder moved successfully.
C:\Documents and Settings\Wlasniewski\Application Data\Talo folder moved successfully.
C:\Documents and Settings\Wlasniewski\Application Data\Ugnig folder moved successfully.
C:\Documents and Settings\Wlasniewski\Application Data\Ciux folder moved successfully.
C:\Documents and Settings\Wlasniewski\Application Data\Vumyna folder moved successfully.
C:\Documents and Settings\Wlasniewski\Application Data\Xayg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\BE.js moved successfully.
C:\Documents and Settings\All Users\Application Data\BE.pad moved successfully.
C:\Documents and Settings\All Users\Application Data\4.pad moved successfully.
File\Folder C:\Documents and Settings\Wlasniewski\Local Settings\Application Data\Ahead\3DVIA\smjoebg.dll not found.
File\Folder C:\Documents and Settings\Wlasniewski\Application Data\e88ea456-8171-467e-a64d-c7a2745eed9479\eeaeadcaeed.exe not found.
C:\Documents and Settings\Wlasniewski\Application Data\pcouffin.sys moved successfully.
C:\Documents and Settings\Wlasniewski\Local Settings\Application Data\dt.dat moved successfully.
C:\Documents and Settings\Wlasniewski\Application Data\default.pls moved successfully.
c:\Documents and Settings\Wlasniewski\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 204550 bytes
->Flash cache emptied: 2870 bytes

User: All Users
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1174470 bytes
->Flash cache emptied: 492 bytes

User: NetworkService
->Temp folder emptied: 66083 bytes
->Temporary Internet Files folder emptied: 156757282 bytes
->Flash cache emptied: 4399 bytes

User: Wlasniewski
->Temp folder emptied: 6883166 bytes
->Temporary Internet Files folder emptied: 20262450 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 142779350 bytes
->Google Chrome cache emptied: 384981847 bytes
->Flash cache emptied: 817 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19850891 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 404760 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 173941285 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

Total Files Cleaned = 865.00 mb


[EMPTYFLASH]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Wlasniewski
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <[EmptyJava]> in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 01152013_131140

 

[kuttus]

Try to boot the computer now check if you are getting that error now also..

 

[melissawski]

Try to boot the computer now check if you are getting that error now also..

still the same

 

[kuttus]

Try this steps once again,

Open OTL. Under custom scan/fixes, copy and paste the following:

:Files
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe|C:\WINDOWS\system32\lsass.exe /replace
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Post the log afterwards.

 

[melissawski]

Try this steps once again,

Open OTL. Under custom scan/fixes, copy and paste the following:

:Files
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe|C:\WINDOWS\system32\lsass.exe /replace
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Post the log afterwards.

when i copy and paste it into either wordpad or note pad it adds a square after the first lsass. is that okay? what font should I use? when i click save it gives me a warning that I'm about to save in text only and formatting will be lost. it gives me the option to save it in unicode. should i do that?

 

[kuttus]

Try this steps once again,

Open OTL. Under custom scan/fixes, copy and paste the following:

:Files
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe|C:\WINDOWS\system32\lsass.exe /replace
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Post the log afterwards.

when i copy and paste it into either wordpad or note pad it adds a square after the first lsass. is that okay? what font should I use? when i click save it gives me a warning that I'm about to save in text only and formatting will be lost. it gives me the option to save it in unicode. should i do that?

There is no Squre. Just type lsass.exe remove that Squire...

 

[kuttus]

:Files
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe|C:\WINDOWS\system32\lsass.exe /replace
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

 

[melissawski]

========== FILES ==========
File C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe successfully replaced with C:\WINDOWS\system32\lsass.exe
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The system cannot find the file specified.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to open registry key for tcpip.
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Wlasniewski
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 01172013_150016

 

[kuttus]

========== FILES ==========
File C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe successfully replaced with C:\WINDOWS\system32\lsass.exe

Now try to restart the computer Normally and lets see what you are getting now?

 

[melissawski]

========== FILES ==========
File C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe successfully replaced with C:\WINDOWS\system32\lsass.exe

Now try to restart the computer Normally and lets see what you are getting now?

unfortunately the same

 

[kuttus]

Run OTLPE once again . Try clicking the start button > run and type CMD inside the Run Window. If you are able to access Command Window there type sfc /scannow and Hit on enter.

 

[Fiery]

Also, are able to access recovery console now?

So everytime you get the lsass.exe error, your PC reboots? OR you can boot normally / safe mode but is getting the lsass.exe error?

 

[melissawski]

Also, are able to access recovery console now?

So everytime you get the lsass.exe error, your PC reboots? OR you can boot normally / safe mode but is getting the lsass.exe error?

Everytime I turn my laptop on it says starting up windows and the installation repair begings, the lease error pops up and I click ok, I see another error message but the computer feasts and does the same thing. If I try safe mode, it goes to a black and white screen that says a bunch of windows driver files and then resets. I have nit been able to see my home screen since I found the virus in the 10th. I just tried the OTL command prompt and it opened. There is a predetermined line that says "B:/DOCUMENTS AND SETTINGS/DEFAULT USER/DESKTOP> I entered sfc /scannow and it said "'sfc' is not recognized as an internal or external command, operable program or batch file

 

[Fiery]

Is your XP CD still in the CD-drive? If so, take it out and reboot

Then as soon as the PC boots up, try to access Recovery Console

 

[melissawski]

Is your XP CD still in the CD-drive? If so, take it out and reboot

Then as soon as the PC boots up, try to access Recovery Console

No it is not in the drive. I can get back into the Recovery Console using the XP disk but it asks me for administrator password and any password I try (that I use for other things) says invalid. The first time I accessed the console I just pressed enter when prompted for the password and that worked but when I opened it again, it wants a password.