issass.exe

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Has anyone actually figured out what needs to be done to recover from this
virus without reformatting the entire drive? I can't get online to download
any of the tools......the Recovery tool isn't working.......the laptop is in
a re-occuring reboot state.

Any useful input would be greatly appreciatedPlease help????
 
From: "Anthony" <[email protected]>

| I meant Isass.exe, not Issass.exe.
| Sorry.........Anthony

Do you know what you are talking about ?

You said... "...what needs to be done to recover from this virus..."

What virus ?

What is your problem ? Lets get at the root of the problem and not make wild assumptions or
notions.
 
Anthony said:
Has anyone actually figured out what needs to be done to recover from this
virus without reformatting the entire drive? I can't get online to
download
any of the tools......the Recovery tool isn't working.......the laptop is
in
a re-occuring reboot state.
Click to expand...

If you can't get online how did you mange to post this message?

Virus issues are best asked in a virus related newsgroup such as
microsoft.public.security.virus

Making Good Newsgroup Posts
 
Has anyone actually figured out what needs to be done to recover from this
virus without reformatting the entire drive? I can't get online to download
any of the tools......the Recovery tool isn't working.......the laptop is in
a re-occuring reboot state.

Any useful input would be greatly appreciatedPlease help????
Click to expand...


Interesting. Well this week I got the message

Isass.exe - System Error
Security Accounts Manager initialization failed because of the
following error: The security ID structure is invalid. Error status:
0xC0000078. Please click OK to shutdown this system and reboot to
Safe Mode , check the event log for more information.

When I tried to reboot to safe mode the machine continued to reboot
itself. This was on a machine that was recently loaded. Norton
Antivirus 2003 was also loaded onto it with updated definitions. After
searching at www.microsoft.com a page suggested the likely cause is
the sasser virus. If it is indeed the sasser virus, this proves NAV
is lame.
 
From: "Phisherman" <[email protected]>


|
| Interesting. Well this week I got the message
|
| Isass.exe - System Error
| Security Accounts Manager initialization failed because of the
| following error: The security ID structure is invalid. Error status:
| 0xC0000078. Please click OK to shutdown this system and reboot to
| Safe Mode , check the event log for more information.
|
| When I tried to reboot to safe mode the machine continued to reboot
| itself. This was on a machine that was recently loaded. Norton
| Antivirus 2003 was also loaded onto it with updated definitions. After
| searching at www.microsoft.com a page suggested the likely cause is
| the sasser virus. If it is indeed the sasser virus, this proves NAV
| is lame.

The Sasser woem is long since gone. Indeed if it were around it would exploit TCP port 445
and a buffer overflow in the LSASS module. That's LSASS not ISASS and it makes a big
difference !

Now when I say the Sasser is dead, that doesn't mean the exploitation of the LSASS buffer
overflow is as well. The Sasser worm was replaced by numerous other worms that exploit the
vulnerability such as; AGOBot, SDBot, RBot, etc.

Now IF/F it was such an exploit it would generate the following message...


NT AUTHORITY\SYSTEM
'c:\windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819

or

NT AUTHORITY\SYSTEM
'c:\winnt\system32\lsass.exe' terminated unexpectedly with status code -1073741819


Even still, the above NT AUTHORITY shutdown in 60 sec. message can be auto-generated by the
OS and have nothing to do with an attempt at exploiting TCP port 445 and the associated
buffer verflow exploitation condition.
 
I am having a similiar problem. My Windows XP HOme edition froze the other
day and it would not reboot. It got as far as the Windows XP logo then the
screen went blank, black.

I've tried to repair using the XP disk but now I have the following error
message:

"LSASS.exe system error. An invalid paramert was passed to a service or
function"

Nothing seems to fix this -- tried running Norton Ghost cd with its virus
protection feature with no luck.

Any ideas are most welcome.

Thanks,

Chris
 
Chris said:
I am having a similiar problem. My Windows XP HOme edition froze the other
day and it would not reboot. It got as far as the Windows XP logo then the
screen went blank, black.
Click to expand...

I ran into this a couple of weeks ago. It's likely that the SAM file, or
one or more of the five system files is damaged.

Follow the instructions at "http://nordicgroup.us/xprecovery/recoveryxp.pdf"

You may have problem in Recovery with the administrator password, so
you'll want to have Hiren's CD ready (get 8.8 not 8.9 if possible, as I
heard that 8.9 may have a virus.
 
Back
Top