Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Isass.exe-system error 2

Status
Not open for further replies.
statpine2

statpine2

Technical User
Oct 11, 2007
2
US
My computer boots up to this message. The specified file did not have the correct format, it did not have an initial MZ. Even if I hit f8 and try to do a system restore or get into safe mode, I still get this message. I have XP pro and have not added any new hardware or software lately.

Any help please.
 
Sort by date Sort by votes
Its called the sasser worm. Get in windows if you can and immediately bring up start, run, and type shutdown -a.



Let us know if you are not able to get into windows. If you can install these patches and do a windows update. You are infected with the sasser worm.


There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
Upvote 0 Downvote
Download hijack this from the link below.Please do this. Click here:


to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.


Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Welcome back pechenegs, glad to see you back!

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
Upvote 0 Downvote
cheers electronics!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
electronicsfreak, thanks for your time and response. The problem is, no matter what I try I can not get into windows. Not even in safe made.
 
Upvote 0 Downvote
You may be better then to just do a reformat!

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Yeah from this point you have 3 choices. 1 you can do a reinstilation, 2 format and new install, or 3 slave the drive to another machine and fix it that way. If you choose option 3 be sure the machine you hook it up to is completely updated on windows updates and has antivirus and anti spyware going.

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
Upvote 0 Downvote
Hi There,

When I open the internet as I surfing Explorer 7.0 suddenly shuts down especially when I enter a site. I suspected that it might be spyware - downloaded/ran hijackthis and this is the log it generated. Is there anything unusual that I should be concerned about? Thanks much

Logfile of HijackThis v1.99.1
Scan saved at 7:28:47 PM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ

Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ

Antivirus\VetMsg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ

Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ

Antivirus\CAVRID.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Marissa\Local

Settings\Temp\wz9c8d\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

=


o.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =


o.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =


o.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =


o.com
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D}

- C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO -

{00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program

Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} -

C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

- C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} -

C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: dcads - {C7C90A5E-BE0A-44DD-83D2-1BE138460BAC} -

C:\WINDOWS\system32\nss1A0.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}

- C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Try2Find Toolbar -

{90BAEB8B-47C2-44B4-A5A6-B99D34F1D4C5} - C:\Program

Files\Try2Find\Try2Find.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar -

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} -

C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark

X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0

-k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program

Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet

Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet

Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet

Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware

Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program

Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program

Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software

Updater.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program

Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Launch High Impact eMail 3.0 -

{670F87A1-88B0-11d4-9030-000021D9C559} - C:\Program Files\KMT

Software\High Impact eMail 3.0\HIE3.exe
O9 - Extra button: (no name) - {C4A67F75-88B2-11d4-9030-000021D9C559}

- C:\Program Files\KMT Software\High Impact eMail 3.0\HIE3.exe
O9 - Extra 'Tools' menuitem: Launch High Impact eMail 3.0 -

{C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\KMT

Software\High Impact eMail 3.0\HIE3.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: sptbaxcab -

O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft

SmartIssue) - O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script

Runner Class) - O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl

Class) -


p://O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

Advantage Validation Tool) -

O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure

Postal Account Registration) -


cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)

- C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney

Internet Group Hardware Control) -

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) -

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn

ContactFinderControl) -

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object)

- O16 - DPF: {85C6BF10-C016-4071-A0B7-EF2E3DFCEF51} (BLDM DLMCtl Class)

- O16 - DPF: {8AD922B1-E91A-49C9-B22F-1FB3411F954B} (ATInetBoot2.Loader)

- O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -


ete.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -

O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) -

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo

Class) - O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class)

- O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader

Object) - O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}

- C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: CAISafe - Computer Associates International, Inc. -

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ

Antivirus\ISafe.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program

Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates

International, Inc. - C:\Program Files\CA\eTrust Internet Security

Suite\eTrust EZ Antivirus\VetMsg.exe
 
Upvote 0 Downvote
First thing, please never space that log again lol. Spacing it makes it very hard to go through. Now check these and click fix checked. Then post another log, not space please lol.

O20 - Winlogon Notify: ldr64 - ldr64.dll (file missing)

O3 - Toolbar: Try2Find Toolbar -

{90BAEB8B-47C2-44B4-A5A6-B99D34F1D4C5} - C:\Program

Files\Try2Find\Try2Find.dll (file missing)

O2 - BHO: dcads - {C7C90A5E-BE0A-44DD-83D2-1BE138460BAC} -

C:\WINDOWS\system32\nss1A0.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}

- C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} -

C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL (file missing)

{00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program

Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D}

- C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL

There is a point in wisdom and knowledge that when you reach it, you exceed what is considered possible - Jason Schoon
 
Upvote 0 Downvote
Also: Please start a new thread if you are a new poster!!

Steve [The sane]: Delphi a feersum engin indeed.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SBiddulph
  • Locked
  • Question
System Center 10.1.4.x - EOL: Future dat availability?
Replies
0
Views
81
SBiddulph
SBiddulph
kjv1611
  • Locked
  • Question
Anyone used Microsoft Standalone System Sweeper Offline Virus Scanner?
Replies
7
Views
151
kjv1611
kjv1611
RichinMN
  • Locked
  • Question
Problems with Iobit Advanced SystemCare v. 6.0 update??
Replies
9
Views
156
BadBigBen
BadBigBen
omarv
  • Locked
  • Question
IE 9 ShoppingBHO.dll Error Message
Replies
2
Views
85
BadBigBen
BadBigBen
jwaffe
  • Locked
  • Question
Automatically deleting .exe s on a system running NIS 2010
Replies
0
Views
83
jwaffe
jwaffe

Part and Inventory Search

Sponsor

Back
Top