Isass.exe

[STEPHEN HOBBS]

Hi everyone
This is my question, when I switch on my computer through the process of
booting up every now and again I get a blank screen with a dialog box saying
"Invalid handle" not specified, above this is "Isass.exe". I click OK and it
reboots no problem, it does not do it all the time just only on odd
occasions.
I have done a quick check on this error but I am confused because between
what they say i.e. lower case L or Upper case i, in my processes it looks
like A upper case i Can anybody shed light on this thanks for your help.

 

[STEPHEN HOBBS]

Sorry, I missed out that I have sp2 installed, antivirus fully updated and
firewall protected

 

[Wesley Vogel]

Lsass.exe is a valid XP file. Isass.exe is not. If you have Isass.exe you
have a virus or a trojan...

[[isass - isass.exe - Process Information
Process File: isass or isass.exe
Process Name: Optix.Pro virus

Description:
isass.exe is registered as the Optix.Pro virus which carries in it's
payload, the ability to disable firewalls and local security protections,
and a backdoor capability. ]]

TROJ_ISAPASS.A
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ISAPASS.A

Update your anti virus software and run a full system scan.

Free online virus scans:

Trend Micro - Free online virus Scan
http://housecall.trendmicro.com/housecall/start_corp.asp

Panda ActiveScan - Free online scanner
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php

Get Your AVG for free!
http://www.grisoft.com/us/us_dwnl_free.php

===

If that doesn't remove Isass.exe, related files and registry entries...

Some of this does not apply if you have Windows XP SP2.

First. Make sure of these settings and nothing will install without you
answering YES. (Except what may install as part of some other software.)
Don't click YES if you don't know/trust the source.

Start | Settings | Control Panel | Internet Options | Advanced tab |
Make sure both of these are NOT checked.

 Enable Install On Demand (Internet Explorer)
[[Specifies to automatically download and install Internet Explorer
components if a Web page needs them in order to display the page properly or
perform a particular task.]]

 Enable Install On Demand (Other)
[[Specifies to automatically download and install Web components if a Web
page needs them in order to display the page properly or perform a
particular task.]]

Apply | OK

 Enable Install On Demand (Other)
Is part of the driveby downloading of unwanted programs. i.e. Scumware or
whatever will install w/o you even being aware of it.
=====

Second. If you need a scan right now.

Follow the instructions!
THE PARASITE FIGHT QUICK FIX PROTOCOL
http://aumha.org/a/quickfix.php

=====

Third.
It is known as scumware. Visit these sites. 1, 2, 3 and 4 are really good.
Download, install, run, update and run again; one or all. They are all
good, FREE utilities. Make sure you update every program, even if you
just downloaded it. You must have the latest updates. Without updates,
you have a gun without ammo. You also need to use more than one
anti scumware program. One program will *not* catch everything.

1) CWShredder ver. 1.59 direct download:
http://www.merijn.org/files/cwshredder.zip

1a) CWShredder ver. 2.0 direct download:
http://www.aumha.org/downloads/cwshredder.zip

2) SpywareBlaster
[[SpywareBlaster doesn't scan and clean for spyware - it prevents it from
ever being installed.
The most important step you can take is to secure your system. And
SpywareBlaster is the most powerful protection program available.]]
http://www.javacoolsoftware.com/spywareblaster.html

3) Spybot S & D (More for the advanced user)
http://www.safer-networking.org/index.php?lang=en&page=download

4) HijackThis (some other stuff that may be of interest also)
http://www.spywareinfo.com/~merijn/downloads.html

4a) HijackThis (direct download)
http://aumha.org/downloads/hijackthis.zip

5) Bazooka Adware and Spyware Scanner v1.13
http://www.kephyr.com/spywarescanner/index.html?source=appvisit

6) ToolbarCop
http://www.mvps.org/sramesh2k/toolbarcop.htm

7) Ad-aware SE Personal
http://www.lavasoft.de/support/download/

=====

HijackThis log tutorial
http://www.spywareinfo.com/~merijn/htlogtutorial.html

HijackThis Log Tutorial
http://www.aumha.org/a/hjttutor.htm

How to use HijackThis to remove Browser Hijackers & Spyware
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#warning

How To Install Spybot Search and Destroy & a brief tutorial
http://tomcoyote.com/SPYBOT/index1.php

HOW TO: Reconfigure Ad-aware for a Full Scan
http://forum.aumha.org/viewtopic.php?t=5877
=====

MVPS HOSTS file is a free download from:
http://www.mvps.org/winhelp2002/

Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm
=====

Problems uninstalling? Here's some advice.
http://www.kephyr.com/spywarescanner/uninstallproblems.phtml

Additional information & instructions.
A wealth of information here, boys and girls.

THE PARASITE FIGHT QUICK FIX PROTOCOL
http://aumha.org/a/quickfix.htm

THE PARASITE FIGHT
Finding, Removing & Protecting Yourself From Scumware
http://aumha.org/a/parasite.htm

Bugs, Glitches & Stuffups
http://www.mvps.org/inetexplorer/Darnit.htm

Dealing with Unwanted Spyware and Parasites
http://mvps.org/winhelp2002/unwanted.htm

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/default.aspx?scid=kb;EN-US;827315

Spyware and Deceptive Software
http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx?gssnb=1

What you should know about spyware
http://www.microsoft.com/security/articles/spyware.asp

Cleaning Up XP
http://www.kellys-korner-xp.com/xp_c.htm#cleanup

 

[John A]

Have you checked out possible Sasser worm infection?

http://support.microsoft.com/?kbid=841720

John Allen

 

[STEPHEN HOBBS]

Hi thank you for your suggestions so far, I have completed a online scan
with "house call Trend Micro" it has done a complete scan and finds no
infections.

 

[Sky King]

Hi;

Hi everyone
This is my question, when I switch on my computer through the process of
booting up every now and again I get a blank screen with a dialog box
saying "Invalid handle" not specified, above this is "Isass.exe". I click
OK and it reboots no problem, it does not do it all the time just only on
odd occasions.

It may be that a supporting file (msvcrt.dll) is either corrupt or has been
replaced by an older or 3rd-party version. Details here on how to correct
that:
http://support.microsoft.com/default.aspx?scid=kb;en-us;324762

The "Note"" on that page listing the version information is incorrect since
you state you have XP SP2 installed. Your version should be 7.0.2600.2180.
You may have the correct version in C:\WINDOWS\ServicePackFiles\i386; if so
you can replace the file in your System32 folder with the one you find there
by just copying the file --- no need to do the "expand" method.

 

[Wesley Vogel]

See if you even have ISASS.EXE.
Do a Search on your machine for ISASS.EXE.

1. Click Start, click Search, click All files and folders, and then click
More advanced options.
2. Click to select the Search system folders and Search hidden files and
folders check boxes.
3. Click to select the Search Subfolders.

 

[STEPHEN HOBBS]

Hi thank you that suggestion, the search comes up with these only when I put
in "Lsass.exe"
c:\windows\$ntservicep c:\windows\system32,
c:\windows\servicepack. When put search for "Isass.exe" This is a upper
case i it comes up with the searches when I was checking on line for this
error. Like I say in my processes it looks like "lsass.exe"thats a lower
case L, where has this "Isass.exe" is upper case i. A little confusing, I
find no other ref in the hidden files or sub.I am sure I do not have a
problem as far as virus or worm. what do you think?

See if you even have ISASS.EXE.
Do a Search on your machine for ISASS.EXE.

1. Click Start, click Search, click All files and folders, and then click
More advanced options.
2. Click to select the Search system folders and Search hidden files and
folders check boxes.
3. Click to select the Search Subfolders.

 

[Wesley Vogel]

Probably not a problem. The upper case i can look like a lower case L.

I have Lsass.exe in both of these folders:
C:\WINDOWS\system32
and
C:\WINDOWS\system32\dllcache
and not in any others, but I have XP Pro with SP1 and not SP2.

Both my Lsass.exe's are version 5.1.2600.1106

Windows XP Service Pack 2 Lsass.exe are version 5.1.2600.2180

--
Hope this helps. Let us know.
Wes

In

Hi thank you that suggestion, the search comes up with these only
when I put in "Lsass.exe"
c:\windows\$ntservicep c:\windows\system32,
c:\windows\servicepack. When put search for "Isass.exe" This is a
upper case i it comes up with the searches when I was checking on
line for this error. Like I say in my processes it looks like
"lsass.exe"thats a lower case L, where has this "Isass.exe" is upper
case i. A little confusing, I find no other ref in the hidden files
or sub.I am sure I do not have a problem as far as virus or worm.
what do you think?

 

[STEPHEN HOBBS]

Thanks Wes, and everyone else who have suggested ideas, I do not think I
have a problem. But thank you all for you help, I will keep you posted if it
reaccurs.

 

[Wesley Vogel]

Keep having fun!