isass.exe and Isass.exe

Discussion in 'Trojan Defence Suite' started by Antarctica, Mar 17, 2005.

Thread Status:
Not open for further replies.
  1. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Hello,

    First question, would TDS-3 detecting this Trojan?

    I have this Process running in Taskmanager which I never seen before. I know one is a legitimate Windows process but how to find out between the good one and the bad one?

    I did a scan with TDS-3 and it was negative.

    Thanks to clarify this. :)
     
  2. savagemyth

    savagemyth Guest

    Don't you mean "Lsass.exe"?

    This is the local security server used for microsoft logins. It's not a trojan.
     
  3. NunzioSaigon

    NunzioSaigon Guest

    I had the same confusion when I saw lsass.exe on my task manage processes. So I did a file search for isass.exe (with an "i" and which is the trojan) and came up with nothing. Then I searched for lsass.exe (with an "l") and came up with the proper Windows file.

    I usually run a search for any suspect file on my task manager before ending the process.
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    And when in doubt scan with TDS, look with Port Explorer if it makes hidden connections, look if ProcessGuard does anything special with it and you can put the file name of the nasty in the WormGuard block list and you can surf to www.kaspersky.com/remoteviruschk and see it scanned and if still in doubt zip and submit to submit(AT)diamondcs.com.au (replace (AT) with @ )
     
Thread Status:
Not open for further replies.