Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

After virus checking and cleaning, "lsass.exe" and "ipwins.dll" missing

This is a discussion on After virus checking and cleaning, "lsass.exe" and "ipwins.dll" missing within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. My friend's computer seemingly got a virus, since it sent an email to somebody in her email list, on its

Thread Tools Search this Thread
Old 04-23-2007, 07:28 AM   #1
Join Date: Jul 2006
Posts: 14

My friend's computer seemingly got a virus, since it sent an email to somebody in her email list, on its own. She asked me to take a look.

She had a virus checker, but it had never been updated. So I installed "AVGfree" and ran that. It found a "trojan horse" virus as well as some other stuff that it said should be removed, so I did. I then ran "ccleaner" and it suggested to remove a TON of crap, like 500mb worth of files (she installs dumb stuff on her computer all the time). I removed these files. Then I ran "spybot" and it removed some stuff. I then defragged, which it needed.

So here I am, feeling like a hero, but then I reboot and there's a message saying that "lsass.exe" cannot be found. I cancel this message, and then there's another message saying that "ipwins.dll" cannot be found.

I tell her to just ignore these messages until I figure it out, but then she informs me today that she cannot access her email account on her computer. So I've gotta figure out how to fix this.

Any advice?? Thanks.
wonkle is offline  
Sponsored Links
Old 04-23-2007, 07:41 AM   #2
TSF Team, Emeritus
justpassingby's Avatar
Join Date: Mar 2007
Location: Belgium
Posts: 6,641
OS: XP Home SP3 / Ubuntu / Win 7

My System

She could try the system file checker : tell her to prepare her XP CD (she'll need it if it asks to replace the missing files), then she will have to go to start => run, and type "sfc /scannow".

If that fails, she can perform a repair install if she has an OEM, retail or upgrade XP CD (recovery CD's cant' do that). She will have to boot on the cd, thus she needs first to change the boot order in the bios to CD-rom first. Then, when XP setup loads, choose the option "To setup Windows XP now" (not the one about recovery console). On the next screen (after the licence agreement) she should be given the option to repair her current xp installation by typing R.

Once that's done, if the CD wasn't a SP2 version, first thing is to go to windows update to reinstall XP SP2 and all updates she could have done since. Don't surf on the internet before any antivirus and firewall (either windows or another) is enabled.
justpassingby is offline  
Old 04-23-2007, 07:45 AM   #3
TSF Security Manager
Ried's Avatar

Microsoft Most Valuable Professional
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit

Hello wonkle,

The infections were not removed properly and remnants remain. I'll move this thread to the HijackThis Log Help section.

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review.
  • DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in yournext reply.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

Please include the following in your next reply:

an attached extra.txt
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
I had a couple of infections recently
One of them was the W32.Alcran.B (WORM_VB.AS) The anti-virus deleted it. Went to housecall and everything seems ok. Posting the log here just in case there is anything else. ------------- Logfile of HijackThis v1.99.1 Scan saved at 6:41:41 PM, on 9/19/2005
xk3zofrenik Resolved HJT Threads 11 09-29-2005 08:04 AM
Hijack log- Computer shutting down by itself
I used the hijack analyzer. ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05 Get updates at https://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** ...
gaming711 Inactive Malware Help Topics 39 09-21-2005 04:47 PM
hijack file for yieldmanager problem
Hi, I'm very new to this so please bare with me. :4-dontkno I have some kind of malware that's causing constant popups mostly from ad.yieldmanager though there are others. I've run Adware, SpyS&D, Ewido and others. Looking for any possible help with this. Thanks! Logfile of HijackThis v1.99.1...
iambaytor Resolved HJT Threads 8 09-04-2005 02:45 PM
HJT Help
I have been attempting to remove start-up dll, new poly win 32, and adware. I have not been successful. Can you please review the attached results from the HijactThis Analyzer program. I really appreciate the great service you all provide!! og was analyzed using KRC HijackThis Analyzer -...
TTK Resolved HJT Threads 14 08-07-2005 12:59 PM
Please help...
I am plagued by hackers or some type of threat and can not get rid of system32\svhost32.exe. Here is my hijackthis log. Thanks. ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05 Get updates at...
linster Resolved HJT Threads 14 07-25-2005 10:55 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Post a Question

» Site Navigation
 > FAQ
Powered by vBadvanced CMPS v3.2.3

All times are GMT -7. The time now is 08:16 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts