Isass.exe, what now?

Trigunner · 11-27-2006

ok, so heres the problem my sister was on msn talking to her friends when she got a message "hey is this profile you? [link]" she opened the link and it is now sending the same like to all of her friends. Standard msn virus procedure.

now im trying to remove it. the process isass.exe is running in task manager and i cant end it. i was looking through the registry for shady characters when i found " EPIC_NAME" with a value of J Tao. this was found in

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\

maybe it means something. maybe not.

ok so this virus is stoping me from accessing alot of antivirus sites. "page cannot be displayed" this includes the "hijackthis" page in the prework.

any ideas?

here is what symantec has to say about the virus:
Symantec Security Response - W32.Bropia.M

GaRHaR · 11-27-2006

Hi Trigunner,

Can you please follow the prework link in my signiture? One of the security tech's will browse through the logs and help you out.

Trigunner · 11-28-2006

I tried to do the prework earlier but my access to most antivirus sites has been block by the virus. On my second try i used a proxy to access and download hijack this. Ive just run a scan and will post the log.

Log:
http://www.pchelpforum.com/hijackthi...tml#post158067

upgrader · 11-28-2006

Ouch that MSN virus i have had that sent to me but recognized the file type and said NO! there are also many variants of it going around.

Trigunner · 11-28-2006

Yeah, it's rough. I had turned off my antivirus to play the supreme commander open beta, I couldnt connect with AVG on. I must have forgotten to turn it back on when I was done. Just bad luck that I got infected that night.

the more i look at the log the more i think that lsass isnt the problem. in the hijackthis log its shows Lsass and the virus form of the file is called isass. according to:
lsass.exe or isass.exe - virus or system file? Find out which process is good and which is evil.

Barendje68 · 12-06-2006

To Solve the problem I did a system restore to a point one day earlier when I had not that virus.
And that helps me to sovle this problem

Ofcourse you have to scan your computer again for a virus

upgrader · 12-06-2006

Barend, you will however still have a virus present if you use that restore as the restore is undoable.

11-27-2006	#1
Trigunner Bronze Member Join Date: Aug 2005 Posts: 51	Isass.exe, what now? ok, so heres the problem my sister was on msn talking to her friends when she got a message "hey is this profile you? [link]" she opened the link and it is now sending the same like to all of her friends. Standard msn virus procedure. now im trying to remove it. the process isass.exe is running in task manager and i cant end it. i was looking through the registry for shady characters when i found " EPIC_NAME" with a value of J Tao. this was found in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ maybe it means something. maybe not. ok so this virus is stoping me from accessing alot of antivirus sites. "page cannot be displayed" this includes the "hijackthis" page in the prework. any ideas? here is what symantec has to say about the virus: Symantec Security Response - W32.Bropia.M

11-27-2006	#2
GaRHaR Tech Member Join Date: Jul 2006 Location: Western Australia Posts: 6,068 PC Experience: Elite PC Guru	Hi Trigunner, Can you please follow the prework link in my signiture? One of the security tech's will browse through the logs and help you out. __________________ < Prework \| PSU Calculator \| PCHF Rules \| Microsoft Knowledge Base \| Guru 3D \| Toms Hardware \| Blackle.com - Spread the word! >

11-28-2006	#3
Trigunner Bronze Member Join Date: Aug 2005 Posts: 51	I tried to do the prework earlier but my access to most antivirus sites has been block by the virus. On my second try i used a proxy to access and download hijack this. Ive just run a scan and will post the log. Log: http://www.pchelpforum.com/hijackthi...tml#post158067 Last edited by Trigunner; 11-28-2006 at 08:07 PM.

11-28-2006	#4
upgrader Site Manager Join Date: Jul 2006 Location: /home/upgrader/ Posts: 7,250 PC Experience: Some Experience	Ouch that MSN virus i have had that sent to me but recognized the file type and said NO! there are also many variants of it going around. __________________ PCHF Rules--PCHF Prework--PCHF Downloads

11-28-2006	#5
Trigunner Bronze Member Join Date: Aug 2005 Posts: 51	Yeah, it's rough. I had turned off my antivirus to play the supreme commander open beta, I couldnt connect with AVG on. I must have forgotten to turn it back on when I was done. Just bad luck that I got infected that night. the more i look at the log the more i think that lsass isnt the problem. in the hijackthis log its shows Lsass and the virus form of the file is called isass. according to: lsass.exe or isass.exe - virus or system file? Find out which process is good and which is evil. Last edited by Trigunner; 11-28-2006 at 10:44 PM.

12-06-2006	#6
Barendje68 Bronze Member Join Date: Dec 2006 Location: Maarssen Posts: 3	To Solve the problem I did a system restore to a point one day earlier when I had not that virus. And that helps me to sovle this problem Ofcourse you have to scan your computer again for a virus

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode