PDA

View Full Version : isass.exe



ravage13
16-01-2004, 01:48 AM
just noticed a program called isass.exe trying to access the internet
zonealarm informed me and I blocked it. Ran avg free in case it was a virus but nothing showed up. Still suspicious though.
Net alluded to it been reminants of a virus or trojan which opens up a port for hackers to access....
Anyone know anything about it and how I might get rid of it

thanks

ravage

piva
16-01-2004, 06:26 AM
You didnt say what o/s you are using. I had a look in XP and there is no official program by that name only LSASS.EXE. Aas you said isass.exe mayu be trajan remanent. Do a search for the file name and look at creation date- see if agrees with the other o/s files.

godfather
16-01-2004, 08:28 AM
Process File: isass or isass.exe

Process Name: isass

Description:
Added to the system as a result of variant of the OPTIX PRO TROJAN which is opens TCP port 3410 and allows a hacker to control an infected computer.

Babe Ruth
16-01-2004, 08:33 AM
If you REALLY mean isass - isass.exe - then you have a Trojan installed on your PC

You can use the STINGER tool (Stinger is a stand-alone utility used to detect and remove specific viruses/trojans) available from NAI Stinger Tool (http://vil.nai.com/vil/stinger/) to help remove this.


Cheers, Babe.

ravage13
16-01-2004, 09:18 AM
running xp home
that was the quote I saw GF
downloading stinger now
hope it works...

thanks

ravage

ravage13
16-01-2004, 04:09 PM
ran stinger
didn't come up with anything
did a search for isass and isass.exe on my computer but couldn't find anything
ctrl-alt-del brings up the processes and shows isass.exe running which can not be ended as is comes up as critical process
zonealarm shows it as LSA shell (export version)
found in C:\WINDOWS\system32\Isass.exe

ravage13
16-01-2004, 04:13 PM
oops posted too early
checked above location but no file of that name to be found
does that mean its gone???? (wonders ever hopefully)

thanks
ravage

dumdum
16-01-2004, 04:17 PM
Go to run....type in...... services-msc......
scroll down list until you see .......IPSEC services---Policy Agent--Isass.exe.

right click and disable.

May help
DD.

dumdum
16-01-2004, 04:21 PM
While you are there you might also have a look at
....NTLM -security support provider--NTLM.Ssp-Isass....
Put on manual

DD.

ravage13
16-01-2004, 04:33 PM
did that
now wait and see what happens I guess

thanaks

ravage

dumdum
16-01-2004, 04:54 PM
If you find that something isn`t working now it`s been disabled, go back and put it on manual.The default for this is auto.I have it disabled on my machine,and have suffered no ill effects.

DD.