Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Isass.exe

Status
Not open for further replies.
mambonuts

mambonuts

Technical User
Jul 27, 2004
7
CA
I have this buried somewhere in my system, and can't get rid of it.

The system will shut down in 60 seconds at any time while I'm on the Internet...and reboot.

There is another window which pops up saying about the LSA Shell (Export Version) having a problem...

You probably recognize all this already...

I have tried a Virus Removal program, The stinger removal tool from Symantec, and the Sasser Worm removal tool from Symantec...but still the computer does the shutdown...and all these programs state that there is no virus on my computer.

Also, I've noticed som files in my directories have duplicates with the number 1 next to them...what is this from...?




I have to fix this problem...can anyone give me a solid answer?

Can I go into a folder directly and delete some files?

Or do I have to do a full disk format and start from scratch...

Thanks in advance...
 
Sort by date Sort by votes
If I remember correctly, it says the virus is in the:

Windows\windows32\system\isass.exe

I think this is right...if not...I'll post when it happens again...
 
Upvote 0 Downvote
Corrected:

D:\Windows\system32\Isass.exe

And it says...

terminated unexpectadly with status code 107374819
 
Upvote 0 Downvote
You have the sasser worm mate.

Go to on the left hand side you'll see a link 'Sasser Removal', in the quick links section. Click on that, and it will show you an example of the shutdown message you're experiencing, plus details on the Sasser worm and it's removal.

When the 60 second timer comes up by the way, you can abort it but clicking on start, then run, and typing 'shutdown -a'.

Ed.
 
Upvote 0 Downvote
Sorry I've just noticed that you said you've already run the Sasser worm removal tool from symantec. Try going to clicking on 'more downloads' at the botton of 'popular downloads' on the right, and the 4th one down is a tool that searches and removes variants A-F of the sasser worm. Unusual if it doesn't detect anything, as the symptons you are describing is 100 percent Sasser.
 
Upvote 0 Downvote
I followed the reply from Dawnrayd and that tool didn't detect anything either...

Maybe I should just re-format the whole drive to get rid of this...?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

allodds1
  • Locked
  • Question
lsass.exe or Isass.exe -system error
Replies
3
Views
64
bcastner
bcastner
isha
  • Locked
  • Question
Isass.exe - System shuts down after 60 sec when using internet
Replies
2
Views
30
ASG0856
ASG0856
JeanetteM
  • Locked
  • Question
Isass.exe. With XP Pro & McAfee
Replies
5
Views
30
JeanetteM
JeanetteM
isha
  • Locked
  • Question
isass.exe Virus- System shuts down on its own within 60 seconds
Replies
4
Views
28
Mike2287
Mike2287
multiplex77
  • Locked
  • Question
Isass.exe terminated unexpectedly - then shutdown 2
Replies
9
Views
41
bcastner
bcastner

Part and Inventory Search

Sponsor

Back
Top