Article ID: 924995 - View products that this article applies to.
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/256986/ )Description of the Microsoft Windows registry
The Lsass.exe file in Microsoft Windows Server 2003 is being identified as an infected file and is being quarantined by Computer Associates (CA) eTrust Antivirus signature 303.3.30.54. This behavior may cause the computer to display a gray screen when the computer restarts. The computer may appear to stop responding.
When you restart Windows Server 2003, the computer may display a gray screen or may appear to stop responding. The computer may respond to a ping command. However, you cannot access the computer any other way. You may also see a quick warning message about the Win32/Lasssrv.b virus.
This behavior occurs because the Lsass.exe file has been quarantined by Computer Associates eTrust software, even though the file is not actually infected.
CA antivirus signature 303.3.30.54 identifies the Lsass.exe file as a virus. The signature deletes or quarantines the file, depending on client configuration. For more information, visit the following CA Web site:
To work around this problem, replace the Lsass.exe file. Use one of the following methods to replace the Lsass.exe file.
Method 1: Start Recovery Console, and then replace the Lsass.exe file
Method 2: Use Recovery Console to disable eTrust servicesImportant These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.
Method 3: Use Windows Preinstallation Environment or a parallel installation on the system to gain accessWarning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
Note Use this method only if Recovery Console cannot be used.
Article ID: 924995 - Last Review: August 6, 2012 - Revision: 2.0
Contact us for more help
Connect with Answer Desk for expert help.