When my computer has boots up I get a pop up stating âWindows cannot
find âC:\WINDOWS\system\|sass.exeâ. make sure you type the name
correctly, and then try again. to search for a file click the Start
button, and then click Search.â
How do I get rid of it?
This question shows one of the very subtle ways that virus writers
try to fool you.
And thereâs no question, you have, or had, a virus.
Become a Patron of Ask Leo! and go ad-free!
Consider the following list of file names:
|
They all look similar, donât they? In fact, depending on your
machine and installed fonts, some of them may look identical. But they
are four very different file names (vertical bar â sass.exe, lower
case âLâ â sass.exe, lower case âIâ â sass.exe, and the number one â
sass.exe). One of these names is legitimate.
though it does require caution.â
In fact, not only is it legitimate, but itâs a required Windows component.
Your system wonât run without it.
The rest? Malware. Malware trying to look like a required system
file.
My guess is that your anti-virus scan caught the malware at some
point and removed the actual file in question. But what it didnât do is
remove the registry entry that caused that file to be automatically run
at start up.
Fortunately, thatâs a relatively easy fix, though it does require
caution.
Grab a copy of the free autoruns utility from Microsoft. Fire it up and after it
scans your system startup entries youâll see a screen much like
this:
There are many places that Windows can be instructed to run software
automatically, and autoruns attempts to display them all.
Now, pay careful attention to exactly how the start
up entry is spelled in that error message. I canât stress this enough â
virus writers are counting on you to get this wrong, since getting it
wrong can render your system unbootable.
Press CTRL+F and enter the base name of what youâre
looking for. In the case of the question asked here, enter
|sass.exe (thatâs a vertical bar followed by
sass.exe). Press Find Next.
If thereâs an auto-run entry that references that name (and by the
error message youâre getting, there is), autoruns will find it.
|
Important: make absolutely sure the entry is |
Dismiss the search box and press CTRL+D to delete
the entry that it found. You might consider repeating the search just
in case thereâs another reference.
Reboot your system and your warning should be gone.
Now, I donât have that virus on my system, so Iâm going to show you
what you should not delete:
This shows a reference in autoruns to the valid, legitimate and
required âlsass.exeâ. There are several clues that this is the
legitimate and proper file that should not be deleted:
-
The name is spelled properly: âlâ, âsâ, âaâ, âsâ, âsâ .exe.
-
Microsoft is listed as the vendor.
-
The location referenced is correct (%SYSTEMROOT%\system32\lsass.exe)
â it uses both the â%SYSTEMROOT%â variable, as Windows would, itâs the
correct name (âlsass.exeâ), and itâs in the correct folder:
system32.
Typically a virus attempt will at a minimum get the filename wrong,
and if it gets the filename right itâll likely get the location
wrong.
Do not delete the entries referencing
â%SYSTEMROOT%\system32\lsass.exeâ. But if the filename matches the
error message youâre seeing, and itâs clearly not the ârealâ lsass,
then delete or disable it to remove the warning.
Or, if youâre not sure and want to be extra cautious, consult your
local Windows computer geek. 
welldone , thank you very much.
I do not need to worry about the sass series but I find the autorun program useful.
Good article Leo
I struck this problem on 2 machines last month, and it took hours of googling to learn exactly what you have layed out above.
In my case the problem was caused by the QQpass Trojan.
I saved one computer but had to wipe the other.
hi.iâm taking an error like this ..Windows cannot find âsâ â error message on login..Looks like same this error (âWindows cannot find |sass.exeâ) but i cant find âsâ folder anywhere..i cant find âsâ via this programme(autoruns)..What can i do?
my problem is very similiar, but has the small lsass.exe. this error message starts right at startup and will not let me do anything. It also has a counter in 60 seconds the computer will reboot and it keeps doing this. Is there any way to help!!!!
I cannot connect to the internet, and windows I believe has been lost on my computer, everytime I turn on the computer, it says that the disc drives cannot be found, then I have to press F1 just to get to the icons, but when I do itâs saying that windows cannot be found, or itâs damaged and to reinstall windows, why is this happening, and how do I fix this problem? by the way I donât have the windows installation disc any longer.
I recently bought a antivirus program, scanned my system, and it quarantined a virus. I went through all the steps, and I thought it finished the virus off, but aftewards, I started getting a similar message every 30 minutes or so:
âWindows cannot find âC:\Users\Philip\AppData\Local\Temp\NEW65B5.tmp.exeâ. Make sure you typed the name correctly, and then try again.â
This loops. Every 30 minutes (roughly â I havenât timed it.)
Is this the same problem, or very similar? Iâm just hoping I can download autoruns and get rid of this problem. But I got a nasty feeling itâs probably something a lot worseâŠ
Thanks!