W32.Bropia.M

[Guest]

Hi All,
NAV detected that I have been infected with the virus mentioned. NAV
had deleted the following files it had found. I am not sure wether to delete
this file "Anti = %system%\ISASS.EXE in the registry. Symantec technical
details states to do so but I have seen this file ISASS.exe on my PC before
any of this started. Can anyone tell me what the file relates to and should I
delete it. Would it be advisable to then do a System Restore.

 

[Rick \Nutcase\ Rogers]

Hi,

It's a tricky one, but the instructions you are reading are correct. The
virus creates a file and entries referring to Isass.exe (begins with an
"I"), the true system file is lsass.exe (begins with an "L"). This was done
to disguise itself. You need to delete the registry entries referred to by
Symantec:

http://securityresponse.symantec.com/avcenter/venc/data/w32.bropia.m.html

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[Guest]

Thanks for the reply. I need to ask one more ? In NIS network connections has
2 lsass.exe with UDP protocol, on local host JDCS:4500, JDCS:500 do you think
this looks right or am I open to attacks.

Thanks Again

 

[Rick \Nutcase\ Rogers]

Hi,

Looks normal, and it's not related to the virus.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org