Isass.exe Application Error Referenced

Hello,

What is your Anti Virus Software????
Can you access the internet???
What is your Operating System???

Thanks,

Cohen

Okay - it looks like I'm out of the woods. I actually have PC Tools Spyware Doctor and Trend Micro PCcillin on my machine.

I powered up while hitting f8 over and over until I had the option to click last known configuration. That seemed to get me past the original error message.

Once past the dreaded black screen I immediately ran Spyware Doctor under advanced mode. I noticed that everything was unchecked so my previous scan prior to the the error message wasn't really a scan at all. The virus must have outsmarted the software and effectively turned it "off".

So in "advanced" I checked off every drive (including external hard drive) and had it run the scan. Turns out the computer had more viruses and trojans in her than a 42nd street prostitute! As it was scanning, my computer was getting hit 4x/second with this freakin' Trojan Vundos that was trying to get in - I could actually see it attacking me from the internet! It was insane- Trojan Vundos and Trojan Virtumonde seemed to be the culprits here.

Anyway after it quarantined 40+ instances of this virus - the soft ware had me reboot. Reluctantly I did and after a few hail mary's and our fathers, it booted right up.

I did notice that my Microsoft automatic updates was x'd out and red so as I write this it is downloading more updates than I can ever recall it downloading. The virus must have shut this down behind the scenes as well.

I hope this fix sticks and helps others - to recap - Spyware Doctor was the software I used and I had to go into advanced options and select everything that had been deselected by this virus.

Now windows is asking me to reboot for their automatic updates to take effect. Fingers x'd.

Hopefully you won't hear from me with this issue again.

Just to be sure, was this an Isass.exe or an lsass.exe error?

I'm wanting to just make sure that there is nothing still wrong with your system... i just want to know that it's completely gone.... and crunchie can make sure it's all gone....

Then i'll be happy, lol.

And then, i know that there is another problem fixed.

Cohen

Just to be sure, was this an Isass.exe or an lsass.exe error?

still working (sound of wood knocking in the background) even after the MS updates were downloaded and it rebooted.

I believe it was Isass with an "eye".

When I was researching the internet to see if anyone else had this issue, seems like there has been a recent surge in the error message I received as most of the issues were within the last 3 days or so.

hope my experiences with this nasty helps and thank goodness I had that software already installed on my computer.

If thats the case, it's a definite nasty. You should probably go to Kaspersky and do an on-line scan.

I've never used it. Jeez... I already have two anti-virus and spyware programs running. Shouldn't that suffice or do you really think I need a third?

I've never used it. Jeez... I already have two anti-virus and spyware programs running. Shouldn't that suffice or do you really think I need a third?

WOW!!! NO NO NO!!!!

Having 2 anti-virus software packages running is a big NO NO!!!!

Select one....

Now, just to be sure that it is completely gone.

Can you pls do the following:

1. - Download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

2. - Download hijackthis and post the log.

In your reply, post the logs (in this order):
1. - Malware Bytes Log
2. - Hijackthis Log

Thanks,

Cohen

WOW!!! NO NO NO!!!!

Having 2 anti-virus software packages running is a big NO NO!!!!

Select one....

Now, just to be sure that it is completely gone.

Can you pls do the following:

1. - Download Malwarebytes' Anti-Malware (http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

2. - Download hijackthis and post the log.

In your reply, post the logs (in this order):
1. - Malware Bytes Log
2. - Hijackthis Log

Thanks,

Cohen

So there is a chance it's still there, huh? Bummer.

I don't have the antivirus engine in PC Spyware activated, but I do have the PC-Cillin antivirus active.

I'll have to do this tomorrow, as I've got a late night at work.

Thanks for all the help and insight! I'll post again on Wed. night.

Which of the two that i've purchased is better?

You can still have the two, but you need to disable one from startup and use it solely as an on-demand scanner with the other being used as an on-access scanner.

I just resolved one of these that arrived at the same time as the rest of these recent (13.December 2008) infections. As a result, I found out that it's several iterations of a trojan (Vundo); as near as I can tell, it appears to have arrived the person working on the workstation received a fake infection alert popup while logged into Hotmail, and they clicked an available Cancel button to clear it. As has been suggested in several web sites, using the Last Known Good Configuration successfully allowed me to log into an infected workstation, then AVG v7.5 immediately detected the first component. I used MalwareBytes to assist me in removing the infection. I also used Symantec's FixVundo virus removal tool but it didn't detect anything, which simply indicates that the specific Vundo infection it scans for wasn't found.

If Last Known Good Configuration doesn't work, I would suggest taking the drive and attaching it to another workstation (directly or via an external USB attachment) with antivirus and antispyware installed and updated, then thoroughly scan the infected drive. That won't get rid of the registry entries, but it will remove the infecting agents; upon re-attaching the drive to it's parent computer and logging into Windows, you may still face artifacts and dialogs about missing files, but you should be able to scan the system and remove those traces.

By way of information, this Vundo trojan attaches itself to the WinLogon Notify process; after talking with the person who was logged into the workstation at the time of the infection, I was able to identify the time of the infection and I found a WinLogon error in the system event logs which indicated that it crashed Explorer.exe; for those of you who don't know, Explorer.exe represents your Desktop, your file browser, your logon interface ... so by attaching itself to Explorer.exe in the WinLogon process, it's able to successfully lock out the workstation.

Here's a sampling of the files I found that were associated with the infection:

digeste.dll
hggfddb.dll
jkklm.dll
jkklj.dll
vtutu.dll
ddcyx.dll
iiffCTkK.dll

Something I've found useful when looking for infecting agents (spyware, adware, viruses) is to go through the \Windows and \Windows\System32 folders doing dir <initial letter>*.* /o:d; this will do a sort of files (a*.*, b*.*, ... z*.*) by date. It's old school, it's tedious, and while it doesn't always remove the agent, by looking for patches of files from the suspected time and date of the infection, you can often find file names to google so a nameless infection can be identified.

At this point, the workstation is back online. This log from MalwareBytes.com (http://www.malwarebytes.org/forums/index.php?showtopic=8281&pid=39338&st=0&#entry39338) is very similar to the one generated during my removal process (the files names must have been changed to protect the ...).

I've never used it. Jeez... I already have two anti-virus and spyware programs running. Shouldn't that suffice or do you really think I need a third?

It's an on-line scan, not an AV installation.

Up to you.

Sorry, my bad: I was referring to the downloadable tool, available at http://www.malwarebytes.org/mbam.php.

Sorry, my bad: I was referring to the downloadable tool, available at http://www.malwarebytes.org/mbam.php.

highly recommended!!!

Just remember to update before scanning and to run a full scan all of the time.

It is a great free program!

Cohen