lsass.exe infected, no internet
- Thread starter dreamz
- Start date
- Mar 8, 2013
- 22,627
- Mar 8, 2013
- 22,627
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finishes FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
Check Disk
- Press the
on your keyboard. Type cmd and right click >> Run as Administrator.
- Copy/Enter the command below and press Enter:
-
Code:
chkdsk C: /r - You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
- All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.
- Press the
+ R on your keyboard at the same time. Type eventvwr and click OK.
- In the left panel, expand Windows Logs and then click on Application.
- Now, on the right side, click on Filter Current Log.
- Under Event Sources, check only Wininit and click OK.
- Now you'll be presented with one or multiple Wininit logs.
- Click on an entry corresponding to the date and time of the disk check.
- On the top main menu, click Action > Copy > Copy Details as Text.
- Paste the contents into your next reply.
- Mar 8, 2013
- 22,627
- Mar 29, 2017
- 51
I am now at black screen. at first cursor is not blinking. there is no way for me to get to a place to even open the files on laptop now. i feel that someone has taken over. i can get to bios to reset to default boot and make changes there but even if i did the laptop never does a normal shutdown, it just hangs. even with an emergency boot stick. i bought this from my son last year. i called him to ask what he had done before i got it. he said was originally W10, but downgraded to W8. Not sure if that makes a difference as you saw all the information. yes i downloaded before, but you wrote that this was made specifically for that laptop. i just needed clarification on that...thank you. i unplugged everything, even opened up and disconnected the battery. how do i get out of that screen? i shall wait for your reply. and thanks for your time, it does not go unnoted. i wish i could afford to buy you a keg, sounds like you deserve it.
Jenn
Jenn
- Mar 8, 2013
- 22,627
I don't know what kind of black screen that is. When does that happen? As soon as you start your laptop or when system boot is in progress?
- Mar 29, 2017
- 51
i THATturn on lp, (can get into bios setup to check boot sequence, will not shut down to save changes even if i wanted to), there is 1st screen, once o left click that screen lifts and goes to my login screen, login, hangs forever, at first is was blinking with cursor blinking, cant do anything...tsk manger etc. did hard boot, unplugged battery, hit power few times before plugging in. got to black screen and movable cursor but when i tried to get to task manager it went to blinking. late last night i put in thumb drive plugged in and was able to get to the restore, reset ect. page. i clicked command promt, took me to x:windows\system32. i was trying to run the code to start the tool, but i tried several times, not know what <> mean or il, if i put in ", im just not THAT savvy. im pretty sure virus/malware came from pc pro dude. he was sticking to every page i opened, would end task, he just came back until it got to the point where i am now. i'd like to do a check on this little chromebook next only because i have been transferring files from infected LT to usb to here to upload to you. i was able to get into notebook as you ask above. i was able to see my entire system, which brings me to my next question...if im on x drive, what about my c drive thats infected. i could be wrong but looking at the fixlist its for c drive. when i was able to get to a command prompt it took me to x drive. and there was a push button drive that was all red. i am about to plug in battery, insert thumb drive again and hope that it takes me to where i was last night. i didnt want to open a desktop from there because there are 2. seems this x drive is having fun...i ran dir cmd to see all the system32 files, im at a loss. should i attempt to copy x drive? when i get to a cmd prompt and type in the code any way, it does return that span is not an internal or external path?? i was tired. ive been working on this for a few weeks now it seems and has consumed so much of my time. you have no idea how much i appreciate finding a reputable site to deal with. i know you have links to a few, and i have gone there, even to read manual on frst.exe.
- Mar 29, 2017
- 51
i got the frst64.exe to open and scan, its fixing now. i am curious why i have an x drive that is the admin. weird stuff. push button drive is red. i will attach logs after scans are done. im still having a hard time trying to read the cmd instructions. i found how to open it fairly easy once i knew what to type. i know you are very busy and truly do appreciate everything you are doing, I would like to understand what all that means. I will go read more in your tutorials as my time permits. the fix has been running for about 20+ minutes, is this normal?
- Mar 29, 2017
- 51
the scan would not stop. i eventually stopped it. i read at the bottom of the log that it can't be fixed through recovery services. so i am not sure what to do. i am in x drive, which has its own system and admin, im not sure, but if there was a hacker, being that there are so many users on my machine, im guessing this is their stuff. ill see if i can open desktop from com prompt so run this from correct place.
- Mar 8, 2013
- 22,627
Sorry for a late response. Can you boot your PC now? The fix I provided isn't intended to be used in recovery mode, I will need a fresh FRST scan report from recovery in order to make a fixlist for you.
- Mar 29, 2017
- 51
just getting to where i can sit down for a moment and try. that was the only way i could get to a promt atm. i can get to bios, im using a boot disk and trying to figure how to maybe open TO a prompt without being in recovery mode. unplugging battery again and try. ill await any suggestions. otherwise i can only get into recovery mode or bios, so far. im gonna keep researching other ways. im just blocked and cant even get a total shutdown.
- Mar 8, 2013
- 22,627
Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt
>> Boot into Recovery Environment
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
>> Exit out of Recovery Environment and post me the log please.
Try to boot Windows normally...
>> Boot into Recovery Environment
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
- Press the Fix button once and wait.
- FRST will process fixlist.txt
- When finished, it will produce a log fixlog.txt on your USB flashdrive.
>> Exit out of Recovery Environment and post me the log please.
Try to boot Windows normally...
Similar threads
