This error message suddenly appeared a few minutes ago, and then the shutdown error message appeared, I aborted shutdown by doing the following: Start> Run> Shutdown -a

This is what my client was receiving, though they were using the current commercial version of Nod32 and only came across the error message when trying to make a VPN connection.

The system has been running perfectly overnight, and for hours this morning...

I am using the new BETA version of Nod.

Cheers

Are you using Sygate Pro? I thought I ran across something similar regarding their latest build a few days ago but I can't seem to find it now. Just a guess though.

-{ Quote: "Are you using Sygate Pro? I thought I ran across something similar regarding their latest build a few days ago but I can't seem to find it now. Just a guess though." }-

No, all programs are the same, only exception being I installed EVEREST Home Edition from: http://www.lavalys.com/index.php?page=product&view=1 late last night, other than that nothing new.

From what I understand this is a IMON related problem, see the following thread: http://www.wilderssecurity.com/showthread.php?t=35206

Cheers ;D

Yes, IMON was going to be my next suggestion, I am not familiar with the BETA though, best of luck and hope you get it fixed soon. I'll try to find somemore info later.

Blackspear,

Had a similar problem with 2.000.10 (which was supposed to be a fix for the IMON LSASS error). I discovered that a second winsock stack was running (use JV16 powertools to see all startup items and processes). Mine was insatlled by a Samsung cell phone application, and when I removed this, the problem dissapeared. This is a dificuult problem top diagnose as it is random in nature, and not easlily duplicated. Good luck.

Steve

-{ Quote: "Blackspear,

Had a similar problem with 2.000.10 (which was supposed to be a fix for the IMON LSASS error). I discovered that a second winsock stack was running (use JV16 powertools to see all startup items and processes). Mine was insatlled by a Samsung cell phone application, and when I removed this, the problem dissapeared. This is a dificuult problem top diagnose as it is random in nature, and not easlily duplicated. Good luck.

Steve" }-

Wow, thanks for that, the lads at Eset are going to have fun then aren't they, because this isn't an isolated problem, though it has only appeared lately (over the last month or so), wonder if it has something to do with a MS update? being that I generally don't install anything different on my system, I enjoy having a stable system ;D

Thanks for the info...

Cheers ;D

I regularly get this problem whenever I try to establish a VPN session to my company's network using the AT&T 5.09.2 VPN client. Someone mentioned something about it possibly being related to two TCP/IP stacks. Well, the AT&T client works by creating a new virtual network adapter and using it to create the VPN session (this, to avoid issues with changing parameters of your normal LAN adapter's configuration and forgetting to restore them when your session ends unceremoniously for some reason). I'd be happy to work with whomever at eset to try to get this one nailed down and finally fixed. This is a serious impact on my productivity.

Bob Cronin

Thanks for your input Bob, keep us posted...

Cheers ;D

Ok, I managed to capture the info from the VPN client bringup log from around the time of the error in imon.dll. Here it is, interspersed with stuff from the WinXP event log showing the imon failure in context with what was going on in the VPN client at the time. Hopefully this will be useful to someone.

09:05:52.718 Authenticating with the VPN server (129.42.208.240)...
09:05:52.781 Action 1 of 1 is 'LogonToIPSecTunnelServer' (result required in 105 seconds)...
09:05:52.781 Configured to negotiate UDP encapsulation
09:05:52.781 Obtained VPN MTU Size value '1370' from preferences.
09:05:52.796 Logon request sent to VPN server 129.42.208.240...
09:05:52.796 Wait for asynchronous action to complete.
09:05:58.921 A VPN logon message 3 was received.
09:05:58.921 Authenticating with the VPN server (129.42.208.240)...

lsass.exe error occurs here at 09:06:07

Faulting application lsass.exe, version 5.1.2600.1106, faulting module imon.dll, version 0.0.0.0, fault address 0x0000abcd.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

09:06:08.031 The VPN logon response was received.
09:06:08.031 The tunneled intranet address is 9.65.108.24.
09:06:08.031 The local address is 192.168.0.100.
09:06:08.031 The local gateway address is 192.168.0.1.
...
09:06:08.046 Key exchange (IKE) encryption is Diffie-Hellman Group 1.
09:06:08.046 VPN compression (IPCOMP) is none.
09:06:08.046 VPN protocol and encryption is ESP,3DES,MD5.
09:06:08.046 The source and destination VPN IKE ports are 0 and 0.
09:06:08.046 UDP wrapper (for NAT traversal) is off.
09:06:08.046 The authentication server returned 9.0.2.1 9.0.3.1 as the DNS.
09:06:08.046 ---------- Change state to 'AfterTunneling'. ----------
09:06:08.046 VPN connection completed.
09:06:08.109 Action 1 of 5 is 'WriteToEventLog' (no result required)...
09:06:08.109 Action 2 of 5 is 'StartConnectionMonitorTimer' (no result required)...
09:06:08.109 Action 3 of 5 is 'VPNQueryCurrentInterface' (no result required)...
09:06:08.109 Adapter Description : 'AGN Virtual Network Adapter - Net Firewall Miniport Interface', IP address: '192.168.0.100'.
09:06:08.109 Connection interface: '{BE22851F-9FF2-466E-8FC2-638EE20824C2}'.


Windows decides to shutdown here at 09:06:09

A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code 00000000. The machine must now be restarted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

09:06:09.484 rc from NetCfg is 0
09:06:09.484 Action 4 of 5 is 'VPNSLAFinishConnecting' (no result required)...
09:06:09.484 SLR result code is 0 (0, 0, n, 0, 0).
09:06:09.500 SLR3007 - VPN connection (1753764628140223124) was logged.
09:06:09.500 Action 5 of 5 is 'DisplayVPNMessageIfNecessary' (immediate result required)...


So as you can plainly see, whatever is going wrong is going wrong between this entry:

09:05:58.921 Authenticating with the VPN server (129.42.208.240)...

and this one

09:06:08.031 The VPN logon response was received.

Hopefully that will provide a clue. I do know that there is an registry hack I can do to get the client to write a more detailed trace (but I forget the details just now, I'll have to try to dig that up and see if I can narrow it down any further).

Bob Cronin

Ok, some more news. I narrowed it down a bit more. Since the AT&T VPN client has a proprietary implementation of IPSEC, one of the things it does during bringup is to stop the built-in IPSEC service in XP. Well, it is precisely this that is causing the error. However it is doing this, it is causing Windows to get upset. My suspicion is that this is a bug in the recent Windows update that was intended to deal with the sasser worm. Windows sees lsass.exe going away unexpectedly (lsass.exe is the executable identified as the provider of the native IPSEC service in the Services administrative tool) and concludes the system needs to be shutdown and restarted to recover. It appears to me that the bug is that it does not check the exit code and notice that it is ZERO (which would indicate a good shutdown of the service, and so, should not cause a panic).

I think imon.dll is just an innocent bystander here because it happens to have interposed itself in the middle of the code paths that do alll this stuff (so it can do its scanning as traffic is flowing through the path).

I was able to bypass the problem by setting the startup type for the IPSEC service to "Manual". Thus, when I boot my system, lsass.exe does not start automatically and therefore, the AT&T client does not need to stop it (and hence, this avoids the bug, since if it doesn't have to stop it, Windows will not get upset about it).

Bob Cronin

Of course, this means that someone has got to go try to convince Microsoft to fix the sasser-worm windows update to not get upset by some other program (such as the AT&T client) legitimately needing to stop the native IPSEC service. I'm afraid I don't have the energy or patience to fight that fight. Perhaps someone at eset could take up the challenge (since after all, it is their software that is being unfairly implicated, increasing their support costs) ...

Bob Cronin

Although it *is* interesting that it does not happen if imon is deactivated, so perhaps there is some interaction amongst all these components that does not occur when imon is not in the picture ...

Fantastic posts Bob, great work...

Cheers ;D

To update, the problem has disappeared from my system after deleting the EVEREST Home Edition software.

Cheers ;D

What in the world would be in Everest that would cause such a conflict with IMON? Everest is one of my very favorite programs. I keep it open all the time so I can check the temp of the CPU. I would be really upset if I was using IMON. The more I hear about IMON the more convinced I am that I have been right to not use IMON. I wouldn't take Everest off my computer....I'd be taking NOD32 off!

-{ Quote: "What in the world would be in Everest that would cause such a conflict with IMON? Everest is one of my very favorite programs. I keep it open all the time so I can check the temp of the CPU. I would be really upset if I was using IMON. The more I hear about IMON the more convinced I am that I have been right to not use IMON. I wouldn't take Everest off my computer....I'd be taking NOD32 off!" }-

I don't know if Everest was the problem with IMON, but logic dictates that when this was the only change to my system, that it had some sort of conflict with IMON, and this is the very first instance of the above error being personally experienced by myself. The only other experience that has crossed my path is one of my customers trying to make a VPN connection. We have others on this forum having the same problem when trying to make VPN connections.

Bob in the above posts pinpoints the issue back to Microsoft’s Windows patch and IMON having conflicts, though we are still wait to hear anything from Eset, other than there is no known conflict with IMON...

Cheers ;D

I've been reading this thread with interest, as I recently had a problem getting that same type of error message when trying to run a help file for a program called Intellisync (used to sync between my PC and Ipaq PDA). I gave up on the help file in the end and figured out operations by trial and error - mostly error at first :P Since I am running Nod32 it makes me wonder. I can live without the help file, anyway.

-{ Quote: "No, all programs are the same, only exception being I installed EVEREST Home Edition from: http://www.lavalys.com/index.php?page=product&view=1 late last night, other than that nothing new.

From what I understand this is a IMON related problem, see the following thread: http://www.wilderssecurity.com/showthread.php?t=35206

Cheers ;D" }-

I don't know what they added in Everest that was not in Aida32 Enterprise edition, but I use Aida32 and do not have the same problems as those indicated with Everest. As Everest is a directly modified version of Aida32, they must have added something when Everest took control of this program. I'm still using Aida Enterprise and I guess will continue to do so. I'm glad I archive all these programs. Been a few lately that have been bought out and went commercial.

(Edited to make my post clearer. Reread it and it appeared that I was using Everest, which I was not)

-{ Quote: "I don't know what they added in Everest that was not in Aida32 Enterprise edition..." }-

Thanks for your comments Habiru, from what we are seeing through many posts now, this is a IMON conflict with various pieces of software, though mainly VPN. Bob has narrowed it down in one area by capturing a log when the error occured, or this may be THE area, we are yet to see...

Cheers ;D

I have sent an inquiry to the development/support team for the AT&T VPN client infoming them of my findings and asking if they have any ideas what might be wrong. I gave them enough information about my configuration such that they could possibly recreate the error in their labs. Hopefully they will be able to and get to the bottom of whats going on. I'll post any updates of interest to this thread (though I am going away for 3 weeks soon, so if nothing happens this coming week, there will be a long delay before I can post again).

Thanks for keeping us in the loop Bob...

Cheers ;D

I had this happen to me, yesterday at work. I know that we don't have any VPN software on it and no else installed anything on it. I have a few other pc's that have a similar setup (ie same programs, etc). It only happened once and I am going to go take a look at it on Monday to see if I can come up with something.

-{ Quote: "I had this happen to me, yesterday at work. I know that we don't have any VPN software on it and no else installed anything on it. I have a few other pc's that have a similar setup (ie same programs, etc). It only happened once and I am going to go take a look at it on Monday to see if I can come up with something." }-

Thanks for the info Brian, can you keep us up to date with your findings, much appreciated...

Cheers ;D

Well to update, it was just coincidence regarding EVEREST Home Edition, the error returned while the PC was left on overnight.

I have the latest BETA:

NOD32 Antivirus System information
Virus signature database version: 1.796 (20040626)
Dated: Saturday, 26 June 2004
Virus signature database build: 4632

Information on other scanner support parts
Advanced heuristics module version: 1.007 (20040309)
Advanced heuristics module build: 1053
Internet filter version: 1.001 (20031104)
Internet filter build: 1012
Archive support module version: 1.014 (20040408 )
Archive support module build version: 1088

Information on installed components
NOD32 For Windows NT/2000/XP/2003 - Base
Version: 2.000.11
NOD32 For Windows NT/2000/XP/2003 - Internet support
Version: 2.000.11
NOD32 for Windows NT/2000/XP/2003 - Standard component
Version: 2.000.11

Operating system information
Platform: Windows XP
Version: 5.1.2600 Service Pack 1
Version of common control components: 5.82.2800
RAM: 496 MB
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz (2813 MHz)



In the event logs from this morning I have the following:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1007
Date: 27/06/2004
Time: 7:01:14 AM
User: NT AUTHORITY\SYSTEM
Computer: XXXXX
Description:
Windows cannot determine the associated site for this computer. (The remote procedure call failed and did not execute. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


and then this:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1007
Date: 27/06/2004
Time: 7:01:54 AM
User: XXXXX\XXXXX
Computer: XXXXX
Description:
Windows cannot determine the associated site for this computer. (The RPC server is too busy to complete this operation. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



In the event logs from yesterday I have the following:

Event Type: Error
Event Source: Winlogon
Event Category: None
Event ID: 1015
Date: 26/06/2004
Time: 11:16:43 AM
User: N/A
Computer: XXXXX
Description:
A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



and this event log from the 24th:

Event Type: Information
Event Source: DrWatson
Event Category: None
Event ID: 4097
Date: 24/06/2004
Time: 9:25:05 AM
User: N/A
Computer: CRAIG
Description:
The application, C:\Program Files\Internet Explorer\IEXPLORE.EXE, generated an application error The error occurred on 06/24/2004 @ 09:24:59.312 The exception generated was c0000005 at address 20B0111A (imon)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:
00000: 0d 00 0a 00 0d 00 0a 00 ........
00008: 41 00 70 00 70 00 6c 00 A.p.p.l.
00010: 69 00 63 00 61 00 74 00 i.c.a.t.
00018: 69 00 6f 00 6e 00 20 00 i.o.n. .
00020: 65 00 78 00 63 00 65 00 e.x.c.e.
00028: 70 00 74 00 69 00 6f 00 p.t.i.o.
00030: 6e 00 20 00 6f 00 63 00 n. .o.c.
00038: 63 00 75 00 72 00 72 00 c.u.r.r.
00040: 65 00 64 00 3a 00 0d 00 e.d.:...
00048: 0a 00 20 00 20 00 20 00 .. . . .
00050: 20 00 20 00 20 00 20 00 . . . .
00058: 20 00 41 00 70 00 70 00 .A.p.p.
00060: 3a 00 20 00 43 00 3a 00 :. .C.:.
00068: 5c 00 50 00 72 00 6f 00 \.P.r.o.
00070: 67 00 72 00 61 00 6d 00 g.r.a.m.
and it continues...

Cheers ;D

Further update, siince installing the latest Beta:

Information on installed components
NOD32 For Windows NT/2000/XP/2003 - Base
Version: 2.000.11
NOD32 For Windows NT/2000/XP/2003 - Internet support
Version: 2.000.11
NOD32 for Windows NT/2000/XP/2003 - Standard component
Version: 2.000.11

The error messages are more prevalent :(

Cheers ;D

Interesting reading about Everest (which I have installed). I have the latest Beta installed on 6 different workstations from Windows 2000 SP4 to Windows XP SP1. All have the latest updates. I use the Checkpoint VPN software (latest version) on 2 of the workstations to connect to work and I have never experienced any of these issues. The box I am currently using has approximately 180 programs installed.

-{ Quote: "Interesting reading about Everest (which I have installed). I have the latest Beta installed on 6 different workstations from Windows 2000 SP4 to Windows XP SP1. All have the latest updates. I use the Checkpoint VPN software (latest version) on 2 of the workstations to connect to work and I have never experienced any of these issues. The box I am currently using has approximately 180 programs installed." }-

I have never experienced the problem until putting on the Beta, the only exception being my customer experienced it... and others on this forum have been coming forward...

Still no word from Eset as to acknowledging there is a problem or if they are working on a solution...

Cheers ;D

Hello,

Are you sure that this lsass problem comes from Imon ?

I have a 2 CPU server running W2k with AD. On this server is installed the current version of NOD32 version 2 and I have this trouble since a month.

Sometimes the crash is preceded by a memory error message, sometimes not.

Last week the server does'nt had any problem for 4 days and I was wondering if it was solded but as Blackspear answers No, i have disabled Imon.

This morning, I can see that the probleme is still here because my server restart on Sundy at 6H27 AM and no one was working on the server this WE.

What can be the solution to stop those untimely reboot ? It's critical on a server.

Is ESET actualy trying to find a solution ?

Niko

Niko,

I found that simply disabling IMON didn't stop the LSASS faults. Instead, I uninstalled NOD32 and reinstalled without choosing the IMON option. Then the crashes stopped.

I don't know what the difference is exactly, but I hope that Esset are aware of this problem and doing something about it to get it working again.

I'd also like to think they are doing something about a version of EMON that will work with current versions of Outlook.

Who knows?

Nick.

-{ Quote: "...I found that simply disabling IMON didn't stop the LSASS faults. Instead, I uninstalled NOD32 and reinstalled without choosing the IMON option. Then the crashes stopped.

I don't know what the difference is exactly, but I hope that Esset are aware of this problem and doing something about it to get it working again.

I'd also like to think they are doing something about a version of EMON that will work with current versions of Outlook.

Who knows?..." }-

Thanks for your input and findings Nick.

Cheers ;D

Blackspear,

I found another bug with lsass.exe:

I use true image from acronis to backup my HD.
I don't have 2 HD, so I use DVD to backup my HD.
True Image needs INCD from Nero.
When I turn on my PC and INCD is enable, when I try to connect to internet, the same problem with lsass.exe happens to me.After reboot, If I don't try to connect to internet, everything is fine, so I can check the lsass's log and it shows me that the problem was imon.dll.
I tried to disable INCD service, reboot my PC and after that I could use internet without any problems.
Do you have any idea to solve this problem ?

Best Regards,

DonKid.

Hi DK, you are now added to the list of people having the lsass.exe problem. And as you can see throughout this thread and the other 2 links at the beginning, the problem does relate to IMON. There are a few very knowledgeable people on this thread that are willing to help Eset delve into what is happening.

Thanks for your input. If you keep following this thread, eventually there will be a fix provided by Eset or an update to a newer version of IMON.

Cheers ;D

Blackspear,

Thanks and I hope they can find a solution for it.Today I installed Reget 4.0 Build 210 and reboot my PC.When I tried to connect to internet, the same problem.So I reboot my PC BEFORE to click yes for the error message.When it restarted, I could use internet and reget too.
It's too strange.

Best Regards,

DonKid.

im not even sure if it is related but can't we set the RPC service to restart the service and not restart the computer when failing.

Or is this Lsass.exe error not involving the RPC service?

arrowsmithmidwest,

I don't know.

Best Regards,

DonKid.

-{ Quote: "I have sent an inquiry to the development/support team for the AT&T VPN client infoming them of my findings and asking if they have any ideas what might be wrong. I gave them enough information about my configuration such that they could possibly recreate the error in their labs. Hopefully they will be able to and get to the bottom of whats going on. I'll post any updates of interest to this thread (though I am going away for 3 weeks soon, so if nothing happens this coming week, there will be a long delay before I can post again)." }-

So, here's what AT&T had to say ...

-----

In reality I think this is NOD32 problem. The faults you indicate don’t involve us. We just happen to stop LSASS.EXE using the Win32 API before we VPN connect:

ControlService(hService, SERVICE_CONTROL_STOP, &ServiceStatus) ß actual code that stops LSASS.EXE

-----

I replied seeking clarification and received the following ...

-----

> Thanks, can you confirm that you only stop lsass.exe if you find it
running?

Yes.

> Because if I disable it from the services control panel before I
invoke the dialer, the problem does not occur (hence my theory that it is
something to do with the dialer stopping it that is causing the error).

We use the Win32 API to stop LSASS.EXE, the function is "ControlService". We don't disable the LSASS.EXE service, we just stop it. I don't know if the service control manager is using the same function we do, but they probably are. This could be explained by a timing issue.

I installed the trial version and could not reproduce your problem. You probably don't need the PolicyAgent service housed in LSASS.EXE running since you are using our IPSEC. So, a workaround would be to stop and disable it.

-----

So I am at a dead end. In any event, if Eset would like to enlist my assistance in conducting further problem determination and/or testing of proposed fixes, I can recreate the problem at will and would be happy to help (but I will be on the road until July 26 as of tomorrow, so will not be able to pursue it further until then).

Bob Cronin

-{ Quote: "Thanks for your input and findings Nick.
" }-

Hi Blackspear,

I may have spoken too soon. I'm now getting crashes in Flight Simulator reported as being in IMON.DLL. And I thought I had IMON completely disabled. ???

It's "fairly" reproduceable. I let the first couple go to Microsoft's bug reporting server, but it fairly predictably diagnosed the problem and referred me to www.nod32.com to check for updates or request support.

I started a new thread before I noticed that this one was still kicking on. If you're keeping a list of people with IMON troubles, better put me back on it.

Thanks for sticking with it,
Nick.

Hi Folks,

Any news about when this problem will be fixed ?

Best Regards,

DonKid.

Just a thought (maybe not a smart one?)... Have any of you tried 'tweaking' the options in IMON a little? F.ex. this setting --> "Automatically detect changes in network configuration and repair necessary settings" (in IMON Advanced Setup, under the "Network configuration changes" option) unchecking/checking it (I have it checked).

Please keep me on this list. I have to keep imon disabled then sign on w/dsl then turn on IMON which isn't so much of a problem. I do get an error problem here and there, but not the LSASS one. I only get that if I forget and have IMON running when trying to log on w/dsl.

So, to whoever is keeping the list, please keep me on it too! :)

Thanks.. taperino

I never had any problems at home. I've only seen it once and it was a win2k. I have over 600 hundred pc's and I haven't heard one complaing about it yet. Know on wood.

i have updated the imon.dll on our SBE server 2003 last week, so far it has been alright.

Hello there,

I had this problem a little while back, when I connected to the internet. Straight away after connecting, the error message came up. Sometimes I could browse in Opera and it would be ok, but it always came up with the error using IE.

This all happened after I installed the MS patches:

KB835732
KB837001
KB828741

I took these patches off and the machine is running fine now. Just as a test, I put them back on again, and the same problems appeared.

I also used system restore to the time just before I installed the patches.

I don't know if I'm exposing myself to the virus by not having the patches, but figure NOD32 will pick it up.

Vando

@vando

Vando, about removing these three updates, i suggest you leave the last one in place (KB828741) cause it is a critical update for the RPC/DCOM, it's a security update for Remote Code Execution. ;)

rgds,
Martin

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1007
Date: 27/06/2004
Time: 7:01:54 AM
User: XXXXX\XXXXX
Computer: XXXXX
Description:
Windows cannot determine the associated site for this computer. (The RPC server is too busy to complete this operation. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



In the event logs from yesterday I have the following:

Event Type: Error
Event Source: Winlogon
Event Category: None
Event ID: 1015
Date: 26/06/2004
Time: 11:16:43 AM
User: N/A
Computer: XXXXX
Description:
A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Hello,
would you please try installing the latest beta available on our website? Should the problem still perist, please try uninstalling NOD completely to make sure it is actually the culprit.

Kishor, there is a new Beta is available here:

http://www.nod32.com/download/download.htm

As with all Beta's, use at your own risk...

Cheers ;D

still having the prom after comming the error of lsass.exe it restrat my computer and bloody me pissed of this virus please kindly tell me the right soloution thanxs
reply me on my email adress(nav_l23@hotmail.com)

Hi navl23,

You have posted in the NOD32 Beta forum; are you using NOD32 version 2 antivirus?

Regards,

snap

Hi, I just got notice that I was subscribed to this thread. (I had forgotten about it.)

I was having the Lsass problem (posts above), and after awhile NOD32 must've fixed the problem, because now I can log on normally and leave everthing running.

Just thought I'd let you know.

Thanks ---- Taperino

Thanks for that Taperino.

Cheers ;D

I've noticed that when my available memory is very low, everything (including lsass.exe among others) starts to fail.

Not sure if this might be a cause of the problem.

-{ Quote: "I've noticed that when my available memory is very low, everything (including lsass.exe among others) starts to fail.

Not sure if this might be a cause of the problem." }-In my case it wasn't I had plenty of memory. Thanks for the observation.

Cheers ;D

Hi B+E, as Nod32 is no longer in Beta, I have moved your post into its own thread HERE (http://www.wilderssecurity.com/showthread.php?t=69856)

Cheers ;D

Um, forgive me for being dumb, but does Serive Pack 2 not get rid of the lsass 60 second shutdown errors? It did for me.

-{ Quote: "Um, forgive me for being dumb, but does Serive Pack 2 not get rid of the lsass 60 second shutdown errors? It did for me." }-In my case SP2 wasn't around at the time. A reinstall of Windows fixed the problem, and there was an issue with System Safety Monitor.

Cheers ;D

Ah ok. :)

Is there an alternative to Service Pack?

-{ Quote: "Ah ok. :)

Is there an alternative to Service Pack?" }-Other than a Format and reinstall of Windows, no.

Cheers ;D

I have know idea what is going on but i think i have the same problem. I was just wondering is this effecting only computers that use At&t or is it a problem with the Windows? That leads into my next question is does this effect all OS's or just XP?
I think you guys trying to fix this problem is great and i hope to find an anwser. Thanks.

-{ Quote: "I have know idea what is going on but i think i have the same problem. I was just wondering is this effecting only computers that use At&t or is it a problem with the Windows? That leads into my next question is does this effect all OS's or just XP?
I think you guys trying to fix this problem is great and i hope to find an anwser. Thanks." }-Not using AT&T here, and only on XP as far as I am aware.

A fresh install of Windows resolved the situation.

Hope this helps...

Cheers ;D

Is there any other way to fix the problem. I have tried a fresh download of windows and i still have the problem.

-{ Quote: "Is there any other way to fix the problem. I have tried a fresh download of windows and i still have the problem." }-So you formatted and reloaded Windows? Loading Windows over the top of this issue will not resolve the situation, it needs a FRESH install.

If so and you are still seeing the issue, then you will need format and reinstall again, update Windows fully with the XP Firewall turned on, then install imaging software, such as Acronis True Image 8.0, Build 800 or higher, make an image at this point, then install Nod32 and make an incremental image, install the next piece of software and then image again, and continue until you discover which piece of software is causing the conflict. When the conflict is found restore the previous image and continue installing the rest of you software.

Hope this helps…

Let us know how you go.

Cheers ;D

I tried to do all that but am haveing difficulty. but i was wondering has everyone who has had the problem with Xp downloaded the same copy on to more then one computer? because my parents computer works fine but when i tried to download their copy of XP on to my computer it started messing up. So could it be an anti-piracy thing for xp.thanks for your time.

Format, Fresh install of Windows and turn on Windows Firewall = No more LSASS error. True?

After XP installation and install/updating your AV should be fine?

-{ Quote: "Format, Fresh install of Windows and turn on Windows Firewall = No more LSASS error. True?" }-Correct.

Cheers ;D

thanks for all the help. the firewall worked.

-{ Quote: "thanks for all the help. the firewall worked." }-Good to see, and thanks for keeping us informed.

Cheers ;D