Corrupted isass.exe

  • Thread starter Thread starter James
  • Start date Start date
J

James

Hello NG,

Last week I had a power outage when I was using my desktop,
and when I tried to restart my computer I kept getting error messages
that Windows had encounters a problem and was shutting down to protect my
system.

After a couple of attempts to reboot I got an error message saying something
about my password not being correct, it apparently is a corrupted isass.exe
file.

This is an HP desktop and the setup disks are on a D:\ partition,
so during one of my attempts to reboot I selected the recovery console and
tried to recover that way, still no luck.
I do have a set of early XP disks from when I bought a laptop several years
ago, so I tried to reinstall from the disks.

I tried to reinstall and I tried to repair, both give me the same error
saying that my isass.exe.
I have tried to create a bootable DVD and boot from my DVD Drive,
all I get is a continuous loop of error messages saying that XP has
encountered an error and is shutting down or sends me back to the initial
boot screen.

When I bought this computer I never put in a password, since it is at home I
didn't feel the need.
How can a password file become corrupted when I never used a password.
I have also tried just hitting enter (blank password) and that gives me the
same error.
I have tried every password I might have ever used thinking I might have
forgotten, no luck.

Any suggestions would be greatly appreciated.
Thanks
James
 
From: "James" <[email protected]>

| Hello NG,

| Last week I had a power outage when I was using my desktop,
| and when I tried to restart my computer I kept getting error messages
| that Windows had encounters a problem and was shutting down to protect my
| system.

| After a couple of attempts to reboot I got an error message saying something
| about my password not being correct, it apparently is a corrupted isass.exe
| file.

| This is an HP desktop and the setup disks are on a D:\ partition,
| so during one of my attempts to reboot I selected the recovery console and
| tried to recover that way, still no luck.
| I do have a set of early XP disks from when I bought a laptop several years
| ago, so I tried to reinstall from the disks.

| I tried to reinstall and I tried to repair, both give me the same error
| saying that my isass.exe.
| I have tried to create a bootable DVD and boot from my DVD Drive,
| all I get is a continuous loop of error messages saying that XP has
| encountered an error and is shutting down or sends me back to the initial
| boot screen.

| When I bought this computer I never put in a password, since it is at home I
| didn't feel the need.
| How can a password file become corrupted when I never used a password.
| I have also tried just hitting enter (blank password) and that gives me the
| same error.
| I have tried every password I might have ever used thinking I might have
| forgotten, no luck.

| Any suggestions would be greatly appreciated.
| Thanks
| James

ISASS.EXE -- isass.exe

or

LSASS.EXE -- lsass.exe

There IS a difference !
 
From: "James" <[email protected]>

| Since all the letters are lower case then I believe it is issas.exe
| James

You should not assume, you need to know because if it is ISASS.EXE (with an "I" not a "L")
then you are most likely infected with malware !
 
How would I determine which one is which?
If a lower case l looks like and upper case I, and you don't want me to go
by the rest of the letters, how do I determine the letter in question?

James
 
James said:
How would I determine which one is which?
If a lower case l looks like and upper case I, and you don't want me to go
by the rest of the letters, how do I determine the letter in question?

James
Click to expand...
The name of the program on my system is all lowercase in both windows
explorer and task manager. Any uppercase letters are a suspicious name.

Surely you can tell the difference between lowercase i and lowercase l. And
surely you can tell the difference between uppercase I and uppercase L. In
fact, lowercase l only looks like uppercase I if you are in a hurry.

Jim

Jim
 
From: "Jim" <[email protected]>

| The name of the program on my system is all lowercase in both windows
| explorer and task manager. Any uppercase letters are a suspicious name.

| Surely you can tell the difference between lowercase i and lowercase l. And
| surely you can tell the difference between uppercase I and uppercase L. In
| fact, lowercase l only looks like uppercase I if you are in a hurry.

| Jim

Uppercase and lowercase filenames are the same as the MS Windows OS' does not
differentiate filenames by their case.
LL.TXT = ll.txt = LL.txt = Ll.TxT, etc.

This is unlike the 'Nix type operating systems where the file; LL.TXT <> ll.txt <> LL.txt
<> Ll.TxT, etc.

The reason a malware author chooses the name ISASS.EXE is for the very nature of what is
happening in this thread -- confusion.

Malware authors obfuscate their malicious intent by naming files close to the name of
legitimate files such that they appear to be legitimate files by the use of a font that
makes differentiating certain characters difficult. I <> l <> 1

For all I know you may say this thread is full of sh!t. { Get the idea }
 
From: "Jim" <[email protected]>



| The name of the program on my system is all lowercase in both windows
| explorer and task manager. Any uppercase letters are a suspicious name.

| Surely you can tell the difference between lowercase i and lowercase l. And
| surely you can tell the difference between uppercase I and uppercase L. In
| fact, lowercase l only looks like uppercase I if you are in a hurry.

| Jim


Uppercase and lowercase filenames are the same as the MS Windows OS' does not
differentiate filenames by their case.
LL.TXT = ll.txt = LL.txt = Ll.TxT, etc.

This is unlike the 'Nix type operating systems where the file; LL.TXT <> ll.txt <> LL.txt
<> Ll.TxT, etc.

The reason a malware author chooses the name ISASS.EXE is for the very nature of what is
happening in this thread -- confusion.

Malware authors obfuscate their malicious intent by naming files close to the name of
legitimate files such that they appear to be legitimate files by the use of a font that
makes differentiating certain characters difficult. I <> l <> 1
 
James said:
How would I determine which one is which?
If a lower case l looks like and upper case I, and you don't want me
to go by the rest of the letters, how do I determine the letter in
question?
Click to expand...

Copy/paste (the name) into notepad and then Iook at it in a different
font.
 
Jim
Yes I can tell the difference between lowercase i and lowercase l.
And yes I can tell the difference between uppercase I and uppercase L.

In your next line " In fact, lowercase l only looks like uppercase I if you
are in a hurry."
So I copied and pasted the two letters in question, here they are ( l , I )
How can you tell the difference between the two letters?
They look exactly the same to me.

James
 
Hello to the rafter,
in my initial post I said that once lsass.exe displays and error message
about the corrupted password file the computer shits down.
I can't open notepad and if I can do a print screen, then I can't open
anything to past it into, not even a flash drive.
I can't even boot into safe mode.


I have found some information on other message boards that indicate this is
a trojan and I might have to reinstall the OS.
That however is going to be impossible, at least from the original copy of
XP.
This machine is an HP and they saved themselves a nickel by putting all the
files on a D:\ partition, that I can't get to.

Anyway thanks to the group for all the help.

I may upgrade to Windows 7

James
 
Use a different font.

For instance, "View - text size - fixed" from the dropdown menu when
viewing an article will give you a fixed width font (with serifs).
 
James said:
Jim
Yes I can tell the difference between lowercase i and lowercase l.
And yes I can tell the difference between uppercase I and uppercase L.

In your next line " In fact, lowercase l only looks like uppercase I if
you are in a hurry."
So I copied and pasted the two letters in question, here they are ( l ,
I )
How can you tell the difference between the two letters?
They look exactly the same to me.

James
Click to expand...
<snip>
As reported by OE (not clear which program prepares the output), the
characters inside the parentheses look like two lowercase l characters. As
reported by the default editor for OE (MS Word if I remember correctly), the
first one is a lowercase l and the second is an uppercase I.

Jim
 
From: "Jim" <[email protected]>

| <snip>
| As reported by OE (not clear which program prepares the output), the
| characters inside the parentheses look like two lowercase l characters. As
| reported by the default editor for OE (MS Word if I remember correctly), the
| first one is a lowercase l and the second is an uppercase I.

| Jim

No. The only editor for OE is OE.

MS Outlook from the Office Suite can use MS Word as the email Rich Text editor.
 
David H. Lipman said:
From: "Jim" <[email protected]>

| <snip>
| As reported by OE (not clear which program prepares the output), the
| characters inside the parentheses look like two lowercase l characters.
As
| reported by the default editor for OE (MS Word if I remember correctly),
the
| first one is a lowercase l and the second is an uppercase I.

| Jim

No. The only editor for OE is OE.

MS Outlook from the Office Suite can use MS Word as the email Rich Text
editor.
Click to expand...
Then, I don't understand why the letters were reported incorrectly in the
OP's message but were reported correctly in my reply. At least, that is
what I saw on my machine.

Jim
 
From: "Jim" <[email protected]>


| Then, I don't understand why the letters were reported incorrectly in the
| OP's message but were reported correctly in my reply. At least, that is
| what I saw on my machine.

| Jim

Misinterpration and fonts. A font with serifs are more distinguishable than simple fonts
like Arial or Verdana.

Reading these nes groups there have been MANY who have mistaed LSASS.EXE vs ISASS.EXE
LASASS (.EXE), is the Microft Local Security Authority Subsystem Service.
If you have ISASS.EXE then you may be infected with malware.

It is as smple as that.
 
Group,
I appreciate all the help, Thank you all for the good insight into the
little corners of windows.
However, I can't get past the warning message into the system at all, so I
can't change fonts, or look a the characters in word.

When I get the error message, the next message, on a BSoD, is that Windows
has detected a fatal error and is shutting down to protect the system, after
about three seconds the computer shuts off.

I'm going the go to another computer and see if I can make a bootable DVD
or CD and try to boot from the DVD drive.
I can still get into the BIOS so I can change the boot order.

I'll try the tomorrow morning and post my results.

Thanks again
James
 
Jim said:
<snip>
As reported by OE (not clear which program prepares the output), the
characters inside the parentheses look like two lowercase l
characters. As reported by the default editor for OE (MS Word if I
remember correctly), the first one is a lowercase l and the second is
an uppercase I.
Click to expand...

....or you could select ctrl + f3 and see another fixed width font with
serifs.
 
From: "James" <[email protected]>

| Group,
| I appreciate all the help, Thank you all for the good insight into the
| little corners of windows.
| However, I can't get past the warning message into the system at all, so I
| can't change fonts, or look a the characters in word.

| When I get the error message, the next message, on a BSoD, is that Windows
| has detected a fatal error and is shutting down to protect the system, after
| about three seconds the computer shuts off.

| I'm going the go to another computer and see if I can make a bootable DVD
| or CD and try to boot from the DVD drive.
| I can still get into the BIOS so I can change the boot order.

| I'll try the tomorrow morning and post my results.

| Thanks again
| James


It is a LSASS issue.

You may have to do a Repair installation.
 
Back
Top