08-06-2007, 03:00 AM | #1 | ||
|
OK - process library find this to be dangerous process(trojan). Using Pocess explorer to close it shows message what the system must reastart(and no close or cancel buttons!)... So - anyone knows a free solution to clean it off?
__________________
|
||
|
|
08-06-2007, 06:46 AM | #2 | ||
Join Date: Jan 2006
Location: Little big small world
Posts: 1,906
|
Did you scan it with an anti-virus program and tried to repair the file if it's repairable?
|
||
|
|
08-06-2007, 08:27 AM | #3 | ||
Join Date: Mar 2006
Location: ,
Posts: 4,613
|
Are you sure it's Isass and not lsass?
C:\WINDOWS\SYSTEM32\lsass.exe is a core Windows process and you shouldn't mess with it. If you did it was to be expected that you would crash the system. http://www.greatis.com/appdata/n/_/_..._lsass.exe.htm Some malware are named the same as core Windows programs in an attempt to disguise themselves. But they can't replace Win's apps because Win protects them, so they place themselves in another folder. For example C:\WINDOWS\lsass.exe is malware. http://www.greatis.com/appdata/d/_/_..._lsass.exe.htm Also attempting to confuse the user by the name, isass.exe is also malware. http://www.greatis.com/appdata/d/i/isass.exe.htm But C:\WINDOWS\SYSTEM32\lsass.exe should not be messed with.
__________________
Life starts every day anew. Prospects not so good... |
||
|
|
08-06-2007, 03:58 PM | #4 | ||
Join Date: May 2005
Location: Nitra, Slovakia
Posts: 6,533
|
you r not even able to mess with it since windows uses it all the time :bleh:
__________________
|
||
|
|
08-06-2007, 04:02 PM | #5 | ||
Join Date: Jan 2006
Location: Little big small world
Posts: 1,906
|
Yes you are. You boot from a boot floppy or better boot CD with some extra menu and whatnot, delete all lsasses and Isasses executables that are not in the c:\windows\system folder and are happy.
|
||
|
|
08-06-2007, 04:30 PM | #6 | ||
Join Date: May 2005
Location: Nitra, Slovakia
Posts: 6,533
|
well i meant in windows, but yes thats an option =)
__________________
|
||
|
|
08-06-2007, 04:52 PM | #7 | ||
Join Date: Jun 2007
Location: ,
Posts: 13
|
I have not heard of Isass. Lsass is a normal Windows process that had a hole in it some years ago. This hole is exploited by the Sasser worm. There is a patch for it. Sasser is not easy to remove, however, even with the patch.
|
||
|
|
08-06-2007, 08:50 PM | #8 | ||
|
Thank you - I learned that in other forums... so thank you again...
__________________
|
||
|
|
10-06-2007, 06:38 AM | #9 | ||
Join Date: Jan 2007
Location: Maryland, United States
Posts: 357
|
It is a sasser worm, all right. But I think I have a program called FxSasser that eliminates the worm, even when on startup it says: "system cannot find lsass.exe blabla" but the original Lsass.exe is in the WINDOWS/System32 folder. The program FxSasser by Symantec is the solution.
Linky: FxSasser
__________________
yes |
||
|
|
10-06-2007, 09:23 AM | #10 | ||
Join Date: May 2005
Location: Nitra, Slovakia
Posts: 6,533
|
just edit the registry, and delete it from autoruns..
[H_current_user\software\microsoft\windows\currentv ersion\run] [H_local_machine\software\microsoft\windows\current version\run] +(Run-;RunOnce;RunOnceEx;RunServices) and then in 'hkey_users', but its in key with an universal number so you ll have to search for it
__________________
|
||
|
|