I have windows XP SP1 installed, What is the cause of this and my PC hangs between exploring Internet Explorer and orther programs. here is the error i take a picture of it..
http://rapidshare.com/files/43938742/DSC...
Error " System Process 'C\Windows\system32\Isass.exe. Terminated unexcpectedly with status code 1073741819.
You need to make sure exactly what the file name is...... Because one spelling is a legitimate windows file and the other is a virus......
LSASS.EXE %26lt; normal windows file
ISASS.EXE %26lt; Optix.Pro virus
Post a new message back to Yahoo Answers with which one is causing the error, the one with the "L" (L as in Love) or the one with the "I " (I as in Icecream)
Reply:Any errors that are caused by Lsass.exe are usually connected to a virus, because the file itself (assuming your computer even uses that file) doesn't have enough of a "duty" to cause such a crash. It's probably the new "sasser" or variant, or maybe the old "blaster" worm.
Here's the info on the newer one:
The Sasser worm attempts to exploit the LSASS vulnerability
discussed in Microsoft Security Bulletin MS04-011. To kill
the worm before proceeding, boot into Safe Mode and
start your registry editor:
Start / Run / regedit
Navigate to:
HKEY_LOCAL_MACHINE
+Software
+Microsoft
+Windows
+CurrentVersion
+Run
In the right-hand pane, look for any entry/ies that include
AVSERVE.EXE, AVSERVE2.EXE .
DELETE it/them.
These are the files associated with the different variants:
Variant A - avserve.exe
Variant B - avserve2.exe
If the above was done already, start HERE.
You have now disabled the worm from running at startup, so
boot into normal mode again, and turn off ALL system restores
to purge your system of any remnants.
Open Windows Explorer to the
..\Windows\
..\WinNT\
..\Windows\System32\
..\WinNT\System32\
folder and DELETE *any* of the files named above.
(you will have only TWO of the above folders)
Next, go to the ..\Windows\Prefetch\ or ..\WinNT\Prefetch\
folder and find the reference to the above file/s (any reference
will be similar to: %26lt;filename.exe%26gt;-%26lt;alphanumerics%26gt;.PF), for
example, avserve.exe-0235D8H6.pf, and DELETE it/them.
Update your virus scanner and run a FULL system scan.
Now you can download and install the patch from Microsoft.
Microsoft Security Bulletin MS04-011
http://www.microsoft.com/technet/sec.../...
W32.Sasser.Worm
http://www.sarc.com/avcenter/venc/da...s...
W32.Sasser.B.Worm
http://www.sarc.com/avcenter/venc/da...e...
Some users have also stated that the Sasser worm removes the shutdown
button from the Start menu. If you find this to be the case, start your
registry editor:
Start \ Run \ regedit
Navigate to:
HKEY_CURRENT_USER
+Software
+Microsoft
+Windows
+CurrentVersion
+Policies
+Explorer
In the right-hand window, look for:
"NoClose" with a value of 0x0000001 (1)
If the entry exists, double-click on it, and change the
value to 0 (zero).
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment