When starting my fujitsu amilo laptop ,windows xp will not run rather an error message pops up saying Isass.exe unable to initalise. The computer then shortly afterwards shuts down. I have tried re booting windows however during the re boot the computer shutsdown roughly at the same time. Please Help!
Isass.exe unable to initialise
0
JANINE 33 When starting my fujitsu amilo laptop ,windows xp will not run rather an error message pops up saying Isass.exe unable to initalise. The computer then shortly afterwards shuts down. I have tried re booting windows however during the re boot the computer shutsdown roughly at the same time. Please Help!
do u have any install or setup disks? u need to install the file again and therefore install windows
0
Dantheman do u have any install or setup disks? u need to install the file again and therefore install windows
I have used the setup disks to reinstall windows, however as setup runs the computer shuts down. I therefore think it must be a hardware problem as the computer continues to shut down without warning, what do you think
0
JANINE 33 I have used the setup disks to reinstall windows, however as setup runs the computer shuts down. I therefore think it must be a hardware problem as the computer continues to shut down without warning, what do you think
ok. does the pc shut down and then restart itself? if yes this should be perfectly normal as with a lot of things if windows or another program needs to install fully sometimes it will shut down. let it go thru its proper install process from start to finish and then try again to see if the file will initialize.
good luck:twisted:
0
Catweazle 140 http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.f.worm.html#removalinstructions
Sounds very much like you may have the 'Sasser worm'. Those instructions should help you remove it if that's the case.
0
JANINE 33 i was trying to say that if it wasnt a worm, the shutting down and restarting of windows during install would be normal in some instances.
however this time i was wrong. it is sasser and you need to get rid of her. follow cat's advice and please accept my apologies here.:o
sorry about the inconvenience caused.;)
lsass.exe is the file name for sasser.
0
JANINE 33 forget about my last post... I come back to this forum completely refreshed and with a revised mind.
I have researched lsass.exe. this is a running system process on xp systems. go into task manager/processes and it will be there somwhere. Now then worms like sasser and sobig will piggyback onto this and cause it to fail unless it has been disabled in msconfig somehow. You yourself cannot disable it because its a system process
http://www.computing.net/security/wwwboard/forum/14693.html
http://www.google.co.uk/url?sa=U&start=14&q=http://www.windowsstartup.com/wso/browse.php%3Fl%3D12%26start%3D75%26end%3D100&e=9800
LSASS.EXE: a process corresponding to local security and user authentication policies. If this process is closed, a countdown message is displayed and then the computer will be restarted.
- SVCHOST.EXE: a process that handles services run from DLLs (Dynamic Link Libraries).
http://www.cambridgenetwork.co.uk/pooled/articles/BF_NEWSART/view.asp?Q=BF_NEWSART_132383
isass.exe is a viral program. delete it.:cool: Lsass.exe is not. this IS A VITAL SYSTEM PROCESS AS EXPLAINED ABOVE.
IT WILL BE FOUND ON ALL WINDOWS XP MACHINES.:D
i rest my case.:D
0
Catweazle 140 eerrrmmmm............
The 'Sasser worm' (the one which infects a lot of systems even immediately they are freshly installed and connected to the internet) does a whole heap of things on the system, none of which involve isass.exe.
isass.exe is a different beastie, known as the 'OpticPro virus'.
The instructions given in the Symantec bulletin indicate how to get past the Sasser worm and get a system operable. right now, the important thing here is for Dantheman to make use of those instructions and see if they help to get his system working, not some silly argument about which files mean what.
Despite the high probability that this is a Sasser infection, should it actually prove not to be other avenues will need to be explored.
0
Dantheman Thank you for your replies i think the problem could well be a worm, however i cannot download a stinger program to remove it as my laptop will not stay on long enough and windows will not run. Does anyone have a solution to this problem or a way around it, any advice would be more than welcome.
0
Catweazle 140 If you download McAfee's 'Stinger' on a different PC and save it to CD, you should be able to boot your system into 'Safe Mode' and load/run Stinger from there. Should work.
0
Dantheman My man i do believe you are a genius, i will download it onto a cd and see how i get on form there, thank you
0
JANINE 33 eerrrmmmm............
The 'Sasser worm' (the one which infects a lot of systems even immediately they are freshly installed and connected to the internet) does a whole heap of things on the system, none of which involve isass.exe.
isass.exe is a different beastie, known as the 'OpticPro virus'.
The instructions given in the Symantec bulletin indicate how to get past the Sasser worm and get a system operable. right now, the important thing here is for Dantheman to make use of those instructions and see if they help to get his system working, not some silly argument about which files mean what.
Despite the high probability that this is a Sasser infection, should it actually prove not to be other avenues will need to be explored.
ok, thanks for that information. what does the opticpro virus actually do? i havent ever heard of it. i know i can trust you to tell me cat.
0
Catweazle 140 Buggered if I know. I got the info from a website that listed 'nasty' startup entries. The entries that the Sasser worm puts in the startup list are neither Lsass or Isass but something completely different.
I only familiarise myself with the widespread ones and leave the rest up to the Security experts :D
0
JANINE 33 Buggered if I know. I got the info from a website that listed 'nasty' startup entries. The entries that the Sasser worm puts in the startup list are neither Lsass or Isass but something completely different.
I only familiarise myself with the widespread ones and leave the rest up to the Security experts :D
i'll be completely honest with you and agree that these things are best left to the security experts. to be frank i'd never even heard of this Isass.exe thingy before looking at this thread.
i think dantheman actually meant Lsass all along, which is why i went away and researched it in a little more depth to discover what it was and why it would fail to initialise. the things i quoted before were what i found out through either talking to experienced techies or via the www.:)
we'll wait and see what dan comes back to us with. thinks that probably the best option.:)
0
Dantheman Right first my apologies, it could well be Lasass.exe which is failing to initalise, i really am not sure as the error message does not stay on screen long enough for me to be sure. Either way i have downloaded the stinger on to cd using a friends computer. I have then turned my computer on and attempted to run the cd through the boot menu however the computer continues to boot using the default settings and the original problem continues to persist. How can i run the stinger program to remove the worm?
0
Catweazle 140 Boot in Safe mode. Do that by pressing F8 repeatedly as soon as the BIOS memory test is finished and until you get a boot menu. choose Safe mode and log in as administrator
Then use the CD to install and run stinger.
0
JANINE 33 Right first my apologies, it could well be Lasass.exe which is failing to initalise, i really am not sure as the error message does not stay on screen long enough for me to be sure. Either way i have downloaded the stinger on to cd using a friends computer. I have then turned my computer on and attempted to run the cd through the boot menu however the computer continues to boot using the default settings and the original problem continues to persist. How can i run the stinger program to remove the worm?
catweasle you are absolutely right.
what are your default settings? I take it that this is a bootable cd drive yes???
!!!!THIS IS ONLY AS A LAST RESORT IF CATS ADVICE WONT WORK!!!!!
to boot from a cd you will need to set the BIOS to boot from the cd drive first. this isnt hard. you just need to access your boot priorites and change them to boot from cd first. however you may need to clear the CMOS setting first (occasionally). clearing the settings is a little more tricky and theres a jumper on the mobo for this.:!:
how long is the error msg staying up for?:)
0
Catweazle 140 No need to boot from CD here, Janine, or to reset CMOS. Not at this point in time, anyway.
0
JANINE 33 No need to boot from CD here, Janine, or to reset CMOS. Not at this point in time, anyway.
i'm looking into the future in case things at this point dont work. hopefully they will do. i only just caught the last post you made which is why i made an edit to it. hopefully dan wont need to boot from the cd or reset CMOS:o .
this is only as an absolute last resort.:cool:
0
Dantheman Have pressed f8 & selected safe mode, computer begins to function in safe mode however after 30 seconds (ish) the computer turns off! I am still unable to run the stinger and back to the opinion it is a hardware problem as the computer continues to shut down without warning. Thank you for your help but beginning to think it is a more terminal problem.
0
Catweazle 140 Is the laptop under warranty?
I'm also now suspecting it needs to be looked at by a technician.
0
Catweazle 140 Okay. I've reread the topic and now I'm unsure. Perhaps Safe mode doesn't bypass the effects of this worm.
Did you follow the instructions in the Symantec article linked earlier? They contain specific instructions for 'forcing' the system not to shut down, and if Safe mode bypassed the effects I can't see why Safe mode wouldn't have been suggested instead.
Those instructions need to be typed, according to the article, within a very short space of time after reaching the desktop. If you can't reach the desktop in Normal mode, perhaps you could reach it in 'Safe mode with networking'.
I don't claim to understand the specific details of how Sasser operates, but this behaviour certainly seems indicative of it.
Another option is to wipe the system and freshly install everything clean. The laptop should have recovery CD or some other mechanism to restore it to original state, and if Service Packs are installed afterwards before the laptop is connected to the internet it would no longer be vulnerable to such an infection.
0
dlh6213 27 Since you have so little time to do this before your system shuts down, I thought I'd post the instructions Catweazle referred to here; if you can print them out on another computer, that would probably help.
You may have to try this several times, as you only have about 20 seconds to do this.
To prevent the shut down, do the following:
Disconnect the computer from the network/Internet connection (disconnect the cable if necessary).
Restart the computer.
As soon as Windows opens and you see the Windows desktop, click Start > Run.
Type: cmd
and press Enter.
Type: shutdown -i
and press Enter.
In the Remote Shutdown Dialog that opens, do the following:
Click Add, type your computer name into the Add Computers dialog box, and then click OK.
In the "Display warning for" field, type: 9999.
Type the following text in the Comment box:
Delay Lsass.exe shutdown.
Click OK.
Reconnect the network/Internet connection.
Connect to the Internet, and get the patch. Then continue with the steps described below.
When you have patched your computer and removed the threat, you can re-enable the 20 second default warning if you wish.
0
JANINE 33 Okay. I've reread the topic and now I'm unsure. Perhaps Safe mode doesn't bypass the effects of this worm.
Did you follow the instructions in the Symantec article linked earlier? They contain specific instructions for 'forcing' the system not to shut down, and if Safe mode bypassed the effects I can't see why Safe mode wouldn't have been suggested instead.
Those instructions need to be typed, according to the article, within a very short space of time after reaching the desktop. If you can't reach the desktop in Normal mode, perhaps you could reach it in 'Safe mode with networking'.
I don't claim to understand the specific details of how Sasser operates, but this behaviour certainly seems indicative of it.
Another option is to wipe the system and freshly install everything clean. The laptop should have recovery CD or some other mechanism to restore it to original state, and if Service Packs are installed afterwards before the laptop is connected to the internet it would no longer be vulnerable to such an infection.
certainly looks as though he might have to do this. lets see if the advice that dlh has offered works first though. if not then i would go for a total reformat/install of the system. Dan - reformatting should rid everything including the worm, hopefully.
0
Dantheman Once again thanks guys and gals for your help but no luck. Windows will not run and this is the heart of the problem even in safe mode. When running normally i get as far as waiting for the log in to Windows before the error message is shown and the computer shuts down. In safe mode the computer begins to operate but then shuts down before windows is running. The computer is new and still under warranty so guess its back to the shop. Cheers Dan.
0
JANINE 33 Once again thanks guys and gals for your help but no luck. Windows will not run and this is the heart of the problem even in safe mode. When running normally i get as far as waiting for the log in to Windows before the error message is shown and the computer shuts down. In safe mode the computer begins to operate but then shuts down before windows is running. The computer is new and still under warranty so guess its back to the shop. Cheers Dan.
no problem. :cool:
This topic has been dead for over six months. Start a new discussion instead.
Recommended Topics
