I have seen conflicting info as to what this is and even as to whether it is
spelled "isass.exe" or "Lsass.exe". It is listed as a process in my task
manager. Do I need to get rid of it, and if so, what is the best way to get
rid of it?

Magsmom wrote:
> I have seen conflicting info as to what this is and even as to whether it is
> spelled "isass.exe" or "Lsass.exe". It is listed as a process in my task
> manager. Do I need to get rid of it, and if so, what is the best way to get
> rid of it?

http://en.wikipedia.org/wiki/Local_Security_Authority_Subsystem_Service

Paul

Isass.exe (or isass.exe) is the Sasser Virus,... Lsass.exe (or lsass.exe)
(LSASS means Local Security Authority Subsystem Service) is a system process
original for Windows 2000/XP that manages local security and user
authentication procedures through the WinLogon service. It is a local
authentication server that, when a user successfully authenticates, creates
a symbol of access that allows users to connect. The original Lsass service
had a security breach used by the Sasser virus, which is repaired by
Security Update for Microsoft Windows (835732)


Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

All about the W32.Sasser.B.Worm
http://www.symantec.com/security_response/writeup.jsp?docid=2004-050114-1001-99


----------------------------------
"Magsmom" > escribió en el mensaje
...
>I have seen conflicting info as to what this is and even as to whether it
>is
> spelled "isass.exe" or "Lsass.exe". It is listed as a process in my task
> manager. Do I need to get rid of it, and if so, what is the best way to
> get
> rid of it?

"Magsmom" wrote:

> I have seen conflicting info as to what this is and even as to whether it is
> spelled "isass.exe" or "Lsass.exe". It is listed as a process in my task
> manager. Do I need to get rid of it, and if so, what is the best way to get
> rid of it?

If it is isass.exe or Isass.exe it is a virus but if it was Lsass.exe or
lowercase lsass.exe it is a windows process.

http://www.castlecops.com/postt13642.html

What You should Know about the Sasser Worm and its Variants
http://www.microsoft.com/security/incident/sasser.asp

W32.Sasser.Worm
http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html

1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .

Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.

= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit or you can send them here in your next
post) and click [OK] to confirm your Changes.
How to manage Add-Ons:
http://support.microsoft.com/kb/883256

Click on Advanced Tab and scroll down under the browsing option and uncheck
this box:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest) and click Apply
then OK to close your IE Properties.
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
http://www.malwarebytes.org/rr-update/rr-free-setup.exe
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
http://onecare.live.com/standard/en-gb/default.htm
Run a scan from here on-line:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Comodo BOClean : Anti-Malware Version 4.27
http://www.comodo.com/boclean/boclean.html
Run diskm cleanup and also this tool:
http://www.ccleaner.com/download/builds/downloading-slim

If you don't know where to go to send your log I will be happy to help you
out if you sent me the log to my address below.

download Hijackthis and send me the log/Rename the log to:
Hmmmthis.exe don't install with default name (Hijackthis.exe)!
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
Send me copy to my address is : to_you_ross(at remove this and repalce with
the obvious)yahoo.co.uk

( _ is underscore)
HTH
nass
--
http://www.nasstec.co.uk

From: "nass" >



| "Magsmom" wrote:

>> I have seen conflicting info as to what this is and even as to whether it is
>> spelled "isass.exe" or "Lsass.exe". It is listed as a process in my task
>> manager. Do I need to get rid of it, and if so, what is the best way to get
>> rid of it?

| If it is isass.exe or Isass.exe it is a virus but if it was Lsass.exe or
| lowercase lsass.exe it is a windows process.


If the file is %windir%\system32\Lsass.exe then it is a legitimate file.

If Lsass.exe is found running is any OTHER location such as... %windir%\Lsass.exe
Then the propensity of it being malware is extremely high.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Ok: A search of my system turned up these files:

LSASS.EXE in C:\I386
isass.exe in C:\WINDOWS\$NtServicePackUninstall$
isass.exe in C:\WINDOWS\SYSTEM32
isass.exe in C:\WINDOWS\ServicePackFiles\i386

If I understand you correctly, I do not have a problem and the Process
"lsass.exe" is ok. Is that correct?


"David H. Lipman" wrote:

> From: "nass" >
>
>
>
> | "Magsmom" wrote:
>
> >> I have seen conflicting info as to what this is and even as to whether it is
> >> spelled "isass.exe" or "Lsass.exe". It is listed as a process in my task
> >> manager. Do I need to get rid of it, and if so, what is the best way to get
> >> rid of it?
>
> | If it is isass.exe or Isass.exe it is a virus but if it was Lsass.exe or
> | lowercase lsass.exe it is a windows process.
>
>
> If the file is %windir%\system32\Lsass.exe then it is a legitimate file.
>
> If Lsass.exe is found running is any OTHER location such as... %windir%\Lsass.exe
> Then the propensity of it being malware is extremely high.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
>

From: "Magsmom" >

Ok:: A search of my system turned up these files:

| LSASS.EXE in C:\I386
| isass.exe in C:\WINDOWS\$NtServicePackUninstall$
| isass.exe in C:\WINDOWS\SYSTEM32
| isass.exe in C:\WINDOWS\ServicePackFiles\i386

| If I understand you correctly, I do not have a problem and the Process
| "lsass.exe" is ok. Is that correct?


The chances are likely - Yes.



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Thanks David:

"David H. Lipman" wrote:

> From: "Magsmom" >
>
> Ok:: A search of my system turned up these files:
>
> | LSASS.EXE in C:\I386
> | isass.exe in C:\WINDOWS\$NtServicePackUninstall$
> | isass.exe in C:\WINDOWS\SYSTEM32
> | isass.exe in C:\WINDOWS\ServicePackFiles\i386
>
> | If I understand you correctly, I do not have a problem and the Process
> | "lsass.exe" is ok. Is that correct?
>
>
> The chances are likely - Yes.
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
>

"Magsmom" wrote:

> I have seen conflicting info as to what this is and even as to whether it is
> spelled "isass.exe" or "Lsass.exe". It is listed as a process in my task
> manager. Do I need to get rid of it, and if so, what is the best way to get
> rid of it?

The date and time was Thursday, April 16, 2009 5:27:01 PM, and on a
whim, The best way is to just reinstall XP pounded out on the keyboard:

>
> "Magsmom" wrote:
>
>> I have seen conflicting info as to what this is and even as to whether it is
>> spelled "isass.exe" or "Lsass.exe". It is listed as a process in my task
>> manager. Do I need to get rid of it, and if so, what is the best way to get
>> rid of it?

Are you asking a question? From the looks of this post, it appears you
replied to the info above with no reply.

Lsass.exe is a Windows file.

Isass.exe is NOT.
http://www.file.net/process/isass.exe.html


Terry R.
--
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

"Terry R." > wrote in message
...
> The date and time was Thursday, April 16, 2009 5:27:01 PM, and on a whim,
> The best way is to just reinstall XP pounded out on the keyboard:
>
>>
>> "Magsmom" wrote:
>>
>>> I have seen conflicting info as to what this is and even as to whether
>>> it is spelled "isass.exe" or "Lsass.exe". It is listed as a process in
>>> my task manager. Do I need to get rid of it, and if so, what is the
>>> best way to get rid of it?
>
> Are you asking a question? From the looks of this post, it appears you
> replied to the info above with no reply.
>
> Lsass.exe is a Windows file.
>
> Isass.exe is NOT.
> http://www.file.net/process/isass.exe.html
>

Are you sure about that?

http://www.tech-faq.com/lsass.exe.shtml

Considering your link is just full of speculation by users...

The file also belongs to microsoft, if you look at the properties.

"Onsokumaru" > wrote:

>
>"Terry R." > wrote in message
...
>> The date and time was Thursday, April 16, 2009 5:27:01 PM, and on a whim,
>> The best way is to just reinstall XP pounded out on the keyboard:
>>
>>>
>>> "Magsmom" wrote:
>>>
>>>> I have seen conflicting info as to what this is and even as to whether
>>>> it is spelled "isass.exe" or "Lsass.exe". It is listed as a process in
>>>> my task manager. Do I need to get rid of it, and if so, what is the
>>>> best way to get rid of it?
>>
>> Are you asking a question? From the looks of this post, it appears you
>> replied to the info above with no reply.
>>
>> Lsass.exe is a Windows file.
>>
>> Isass.exe is NOT.
>> http://www.file.net/process/isass.exe.html
>>
>
>Are you sure about that?
>
>http://www.tech-faq.com/lsass.exe.shtml
>
>Considering your link is just full of speculation by users...
>
>The file also belongs to microsoft, if you look at the properties.

YO!... Moron! (yeah, YOU: "Onsokumaru")

The second file mentioned was "isass.exe", it was not a repeated
typing of "lsass.exe".

The date and time was Saturday, April 18, 2009 10:15:37 PM, and on a
whim, Onsokumaru pounded out on the keyboard:

> "Terry R." > wrote in message
> ...
>> The date and time was Thursday, April 16, 2009 5:27:01 PM, and on a whim,
>> The best way is to just reinstall XP pounded out on the keyboard:
>>
>>> "Magsmom" wrote:
>>>
>>>> I have seen conflicting info as to what this is and even as to whether
>>>> it is spelled "isass.exe" or "Lsass.exe". It is listed as a process in
>>>> my task manager. Do I need to get rid of it, and if so, what is the
>>>> best way to get rid of it?
>> Are you asking a question? From the looks of this post, it appears you
>> replied to the info above with no reply.
>>
>> Lsass.exe is a Windows file.
>>
>> Isass.exe is NOT.
>> http://www.file.net/process/isass.exe.html
>>
>
> Are you sure about that?
>
> http://www.tech-faq.com/lsass.exe.shtml
>
> Considering your link is just full of speculation by users...
>
> The file also belongs to microsoft, if you look at the properties.
>
>

If you notice, I used capital letters to make sure there wasn't a
misinterpretation. But you did regardless.


Terry R.
--
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.