Forums
Page 1 of 2 1 2 >
Show 5000 post(s) from this thread on one page

Forums (http://www.abandonia.com/vbullet/index.php)
-   Tech Corner (http://www.abandonia.com/vbullet/forumdisplay.php?f=23)
-   -   Issas.exe (http://www.abandonia.com/vbullet/showthread.php?t=14429)

gufu1992 08-06-2007 03:00 AM
OK - process library find this to be dangerous process(trojan). Using Pocess explorer to close it shows message what the system must reastart(and no close or cancel buttons!)... So - anyone knows a free solution to clean it off?

Scatty 08-06-2007 06:46 AM
Did you scan it with an anti-virus program and tried to repair the file if it's repairable?

Japo 08-06-2007 08:27 AM
Are you sure it's Isass and not lsass?

C:\WINDOWS\SYSTEM32\lsass.exe is a core Windows process and you shouldn't mess with it. If you did it was to be expected that you would crash the system.

http://www.greatis.com/appdata/n/_/_..._lsass.exe.htm

Some malware are named the same as core Windows programs in an attempt to disguise themselves. But they can't replace Win's apps because Win protects them, so they place themselves in another folder. For example C:\WINDOWS\lsass.exe is malware.

http://www.greatis.com/appdata/d/_/_..._lsass.exe.htm

Also attempting to confuse the user by the name, isass.exe is also malware.

http://www.greatis.com/appdata/d/i/isass.exe.htm

But C:\WINDOWS\SYSTEM32\lsass.exe should not be messed with.

_r.u.s.s. 08-06-2007 03:58 PM
you r not even able to mess with it since windows uses it all the time :bleh:

Scatty 08-06-2007 04:02 PM
Yes you are. You boot from a boot floppy or better boot CD with some extra menu and whatnot, delete all lsasses and Isasses executables that are not in the c:\windows\system folder and are happy.

_r.u.s.s. 08-06-2007 04:30 PM
well i meant in windows, but yes thats an option =)

Ghost 08-06-2007 04:52 PM
I have not heard of Isass. Lsass is a normal Windows process that had a hole in it some years ago. This hole is exploited by the Sasser worm. There is a patch for it. Sasser is not easy to remove, however, even with the patch.

gufu1992 08-06-2007 08:50 PM
Thank you - I learned that in other forums... so thank you again...

ianfreddie07 10-06-2007 06:38 AM
It is a sasser worm, all right. But I think I have a program called FxSasser that eliminates the worm, even when on startup it says: "system cannot find lsass.exe blabla" but the original Lsass.exe is in the WINDOWS/System32 folder. The program FxSasser by Symantec is the solution.

Linky: FxSasser

_r.u.s.s. 10-06-2007 09:23 AM
just edit the registry, and delete it from autoruns..
[H_current_user\software\microsoft\windows\currentv ersion\run]
[H_local_machine\software\microsoft\windows\current version\run] +(Run-;RunOnce;RunOnceEx;RunServices)
and then in 'hkey_users', but its in key with an universal number so you ll have to search for it


The current time is 03:38 AM (GMT)
Page 1 of 2 1 2 >
Show 5000 post(s) from this thread on one page

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.