Re: Isass.exe

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Wesley Vogel (123WVogel955_at_comcast.net)
Date: 11/11/04 

Date: Wed, 10 Nov 2004 18:53:31 -0700

Lsass.exe is a valid XP file. Isass.exe is not. If you have Isass.exe you
have a virus or a trojan...

[[isass - isass.exe - Process Information
Process File: isass or isass.exe
Process Name: Optix.Pro virus

Description:
isass.exe is registered as the Optix.Pro virus which carries in it's
payload, the ability to disable firewalls and local security protections,
and a backdoor capability. ]]

TROJ_ISAPASS.A
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ISAPASS.A

Update your anti virus software and run a full system scan.

Free online virus scans:

Trend Micro - Free online virus Scan
http://housecall.trendmicro.com/housecall/start_corp.asp

Panda ActiveScan - Free online scanner
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php

Get Your AVG for free!
http://www.grisoft.com/us/us_dwnl_free.php

===

If that doesn't remove Isass.exe, related files and registry entries...

Some of this does not apply if you have Windows XP SP2.

First. Make sure of these settings and nothing will install without you
answering YES. (Except what may install as part of some other software.)
Don't click YES if you don't know/trust the source.

Start | Settings | Control Panel | Internet Options | Advanced tab |
Make sure both of these are NOT checked.

 Enable Install On Demand (Internet Explorer)
[[Specifies to automatically download and install Internet Explorer
components if a Web page needs them in order to display the page properly or
perform a particular task.]]

 Enable Install On Demand (Other)
[[Specifies to automatically download and install Web components if a Web
page needs them in order to display the page properly or perform a
particular task.]]

Apply | OK

 Enable Install On Demand (Other)
Is part of the driveby downloading of unwanted programs. i.e. Scumware or
whatever will install w/o you even being aware of it.
=====

Second. If you need a scan right now.

Follow the instructions!
THE PARASITE FIGHT QUICK FIX PROTOCOL
http://aumha.org/a/quickfix.php

=====

Third.
It is known as scumware. Visit these sites. 1, 2, 3 and 4 are really good.
Download, install, run, update and run again; one or all. They are all
good, FREE utilities. Make sure you update every program, even if you
just downloaded it. You must have the latest updates. Without updates,
you have a gun without ammo. You also need to use more than one
anti scumware program. One program will *not* catch everything.

>>>>>>>>>> Run CWShredder first!!! <<<<<<<<<<<<

1) CWShredder ver. 1.59 direct download:
http://www.merijn.org/files/cwshredder.zip

1a) CWShredder ver. 2.0 direct download:
http://www.aumha.org/downloads/cwshredder.zip

2) SpywareBlaster
[[SpywareBlaster doesn't scan and clean for spyware - it prevents it from
ever being installed.
The most important step you can take is to secure your system. And
SpywareBlaster is the most powerful protection program available.]]
http://www.javacoolsoftware.com/spywareblaster.html

3) Spybot S & D (More for the advanced user)
http://www.safer-networking.org/index.php?lang=en&page=download

4) HijackThis (some other stuff that may be of interest also)
http://www.spywareinfo.com/~merijn/downloads.html

4a) HijackThis (direct download)
http://aumha.org/downloads/hijackthis.zip

5) Bazooka Adware and Spyware Scanner v1.13
http://www.kephyr.com/spywarescanner/index.html?source=appvisit

6) ToolbarCop
http://www.mvps.org/sramesh2k/toolbarcop.htm

7) Ad-aware SE Personal
http://www.lavasoft.de/support/download/

=====

HijackThis log tutorial
http://www.spywareinfo.com/~merijn/htlogtutorial.html

HijackThis Log Tutorial
http://www.aumha.org/a/hjttutor.htm

How to use HijackThis to remove Browser Hijackers & Spyware
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42#warning

How To Install Spybot Search and Destroy & a brief tutorial
http://tomcoyote.com/SPYBOT/index1.php

HOW TO: Reconfigure Ad-aware for a Full Scan
http://forum.aumha.org/viewtopic.php?t=5877
=====

MVPS HOSTS file is a free download from:
http://www.mvps.org/winhelp2002/

Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm
=====

Problems uninstalling? Here's some advice.
http://www.kephyr.com/spywarescanner/uninstallproblems.phtml

Additional information & instructions.
A wealth of information here, boys and girls.

THE PARASITE FIGHT QUICK FIX PROTOCOL
http://aumha.org/a/quickfix.htm

THE PARASITE FIGHT
Finding, Removing & Protecting Yourself From Scumware
http://aumha.org/a/parasite.htm

Bugs, Glitches & Stuffups
http://www.mvps.org/inetexplorer/Darnit.htm

Dealing with Unwanted Spyware and Parasites
http://mvps.org/winhelp2002/unwanted.htm

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/default.aspx?scid=kb;EN-US;827315

Spyware and Deceptive Software
http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx?gssnb=1

What you should know about spyware
http://www.microsoft.com/security/articles/spyware.asp

Cleaning Up XP
http://www.kellys-korner-xp.com/xp_c.htm#cleanup 

-- 
Hope this helps.  Let us know.
Wes
In news:cmuenf$cna$1@hercules.btinternet.com,
STEPHEN HOBBS <citizen4@btinternet.com> hunted and pecked:
> Sorry, I missed out that I have sp2 installed, antivirus fully
> updated and firewall protected
> "STEPHEN HOBBS" <citizen4@btinternet.com> wrote in message
> news:cmue5q$fi1$1@sparta.btinternet.com...
>> Hi everyone
>> This is my question, when I switch on my computer through the
>> process of booting up every now and again I get a blank screen with
>> a dialog box saying "Invalid handle" not specified, above this is
>> "Isass.exe". I click OK and it reboots no problem, it does not do it
>> all the time just only on odd occasions.
>> I have done a quick check on this error but I am confused because
>> between what they say i.e. lower case L or Upper case i, in my
>> processes it looks like A upper case i Can anybody shed light on
>> this thanks for your help.
>>
>>
>> ---
>> Outgoing mail is certified Virus Free.
>> Checked by AVG anti-virus system (http://www.grisoft.com).
>> Version: 6.0.794 / Virus Database: 538 - Release Date: 10/11/2004
>>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.794 / Virus Database: 538 - Release Date: 10/11/2004

Relevant Pages

  • RE: IEXPLORE.EXE Really sorry - need help with an old problem
    ... the download links provided below. ... Install Spybot and the DSO Exploit Fix. ... and then the Immunize button to block common Spyware programs from installing. ... HijackThis log. ...
    (microsoft.public.windowsxp.general)
  • Re: Web Page Colors
    ... Now that you've done the repair, you must access windows updates and install ... Make sure you disable any AV when installing Updates. ... Parasites, spyware malware basics: ... Virus Cleaner - free virus & worm removal tool ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: AIM Send out random messages
    ... > dont want to take chances ... you want me to install the firewall (thats what ... > 5) Download ZoneAlarm from www.zonelabs.com. ... > I downloaded the latest virus definations for intellegent updator... ...
    (microsoft.public.security)
  • Re: casino palazzo, web dialer, unauthorized shortcut
    ... You needn't install nor run everything at this time, ... Check for Spyware - How-to ... as does HijackThis (Only more so. ... Virus Cleaner - free virus & worm removal tool ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • RE: IE6 freezes computer
    ... describing sounds like a virus and or spyware and malware. ... If you have a anti virus run a full scan. ... http://www.avast.com and download the free version. ... This problem is only occuring in IE and MSN Messenger - FireFox is ...
    (microsoft.public.windows.inetexplorer.ie6.browser)