Depending on the font you use ... "l" is not uppercase "i" ("I"), but a lower case "L"
so the "good" one is "LSASS.EXE" (or lsass.exe)
and the "bad" one is "ISASS.EXE" (or isass.exe)
Ann Fennell
"If you have men who will exclude any of God's creatures from the shelter of compassion and pity,
you will find that these are men who will deal likewise with their fellow man." -St. Francis of Assisi
----- Original Message -----
From: Tom Mayer
To: [log in to unmask]
Sent: Wednesday, September 01, 2004 2:27 PM
Subject: Re: [PCSOFT] Sasser Worm?
I did not know the previous referral was for a sales pitch. Here is another
site I found that has a free on line scan with detailed removal
instructions.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_ISAPASS.A
In reviewing this matter, there may be a difference between the files
Isass.exe and isass.exe. I did not think file names were case sensitive, but
now I'm not too sure.
Good luck.
Tom Mayer
The Isass.exe file does show up as a process in task manager (I am updated
except for SP2) and I run a hardware firewall, zone alarm, spywareblaster,
spybot, adaware, and Norton Anti-virus. Online scans indicate all my ports
are stealthed and that my PC is invisible to the internet.
I went to the website suggested below
http://www.onlinepcfix.com/virushelp/sasser.htm
and it is a site wanting to sell a fix for the sasser worm for $24.
Shouldn't Symantec have a free fix if its protection allowed this in?
Spybot and AdAware say I have no malware (yet there is Isass.exe).
I don't know what to do.
Ann Fennell
Hi,
I'll bet if you look under the hood so to speak by using something like
task manager or a third party utility for showing up processes running
you might just see something in that list called "lsass.exe" which might
point to the culprit.
Paul.
Here is some information that might help:
http://www.onlinepcfix.com/virushelp/sasser.htm
Tom Mayer
I have been trying to help a retired fellow with his computer woes. His
machine runs fine until he logs onto his ISP, then it will shut down
within minutes. The error message has to do with lsass.exe, and the
windows displayed conform exactly to those with a Sasser worm problem.
Yet, we can find no worm! Symantec's tool to remove the worm finds none
existing. A Norton's AV scan says his machine is clean. None of
Microsoft's list of processes that are indicative of the worm are
running on his machine.
Any tips? Could this be other than a Sasser Worm?
Thanks for any help.
Gordon
Do you want to signoff PCSOFT or just change to
Digest mode - visit our web site:
http://freepctech.com/pcsoft.shtml
The NOSPIN Group is now accepting donatations
to continue providing PCSOFT and our website.
Visit http://freepctech.com to donate using Paypal
|