I am using XP Home and twice in the past month, after having reason to reboot my PC, I have received a window entitled “LSASS.EXE – System error”, with “The Endpoint Format is Invalid” text in the window. The mouse pointer is visible but does not move and the PC has hung. This happens after the XP window showing the green bar moving from left to right disappears and is at the point when the users that can be logged on are shown. I have noticed that during boot up my Microsoft Optical USB mouse is illuminated but as soon as the XP window with the green bar appears the light goes out, as if power to the mouse has gone. Also, my USB Alcatel Speedtouch ADSL modem does not power up properly, I get a flashing red light on the left hand light on the modem. I can only press the reset switch to reboot the PC. I have gone into safe mode, where the mouse worked but not the modem. Suspecting that it may be USB related, I removed all my USB devices, scanner, printer, modem, mouse and game pad and reinserted them. The PC then booted up OK. LSASS.EXE is present under C:\WINDOWS\system32 but I cannot determine what it does. I have searched the web but cannot find any reference to this problem. I can find LSASS.EXE listed many times under Google, but the links don’t provide any help. Any ideas?
Thanks for the responses. I think the USB idea is a red herring, as it did the same thing again after I rebooted after installing new printer drivers, but the USB fix didn't make any difference. After spending most of the afternoon trying various things, I reinstalled XP using the repair option and I was able to get into Windows, albeit with a ton of write delay errors. After cancelling these messages and rebooting several times, I am now back to my original configuration. On each reboot the PC ran chkdsk and found a lot of errors, wrong file sizes, orphaned files etc. I have set a new restore point, but the previous ones did not help me. Woodchip, I have a 300w PSU and run a Radeon 9500 Pro graphics card, 5 USB devices, PCI TV Card, SoundBlaster 4.1 Digital Sound Card and a P4 2.53GHz and it runs on an Asus P4PE mobo, all self-built. THE PSU has the additional power connector for P4 CPU's. Is 300w enough? Also, and this may be another topic, how do you use the Recovery Console? I was able to get into it, but couldn't see how it could help me, apart from displaying DOS commands.
I reformatted my hard drive at the end of May and everything was fine until last night. I booted up from cold and got the same message again. It is actually “Isass.exe”, not “Lsass.exe”. So I don’t know if that is a capital “I – pronounced “eye”” or a small “l – pronounced “ell”! I can get into XP in Safe Mode, did a System Restore from a point made a few days ago, but it made no difference. I am sure that it is not a virus, as I scanned the PC, ran Stinger, all the Windows Updates are installed and the firewall is always on. I understand that “Lsass.exe may indicate the Sasser Worm, but not “isass.exe”. There are many references to this on the net, but no solutions. I can reformat my hard drive again, but this seems a bit drastic. Any ideas?
Virus and spyware writers are getting more cunning. They are now disguising their viruses to look or sound like Windows system files. Isass.exe lsass.exe The first starts with the letter capital i (I) and second starts with the letter lowercase l (L). The one starting with i (isass.exe) is a virus/Trojan but Windows users may easily mistake it for the very important security process, lsass.exe (starts with a lowercase L, as in lucky).
Process File: lsass or lsass.exe Process Name: Local Security Authority Service Description: Windows Local Security Authority Server Process handles Windows security mechanisms. It verifies the validity of user logons to your computer or server. Technically, the software generates the process that is responsible for authenticating users for the Winlogon service
WinTasks Process Library
isass - isass.exe - Process Information Process File: isass or isass.exe Process Name: isass Description: Virus added to the system as a result of variant of the OPTIX PRO TROJAN that opens TCP port 3410 and allows a hacker to control an infected computer