Topic: Problem with BartPE
started by: inside
Posted by inside on Apr. 20 2006,07:48
I made a DVD iso for backup my PC, it's menu:
"restore" functin and "Hiren's boot" functin work fine, but when i run BartPE , error occured:
Help me plz, i'm new to boot issue.
Many thanks.
Posted by eureka on Apr. 20 2006,10:49
To inside
ATTENTION!!!!!!!! Watch out!!!!I don’t think this “isass.exe” are related to Easyboot or BartPe. I think this is a virus or Trojan.
Isass.exe is registered as the Optix.Pro virus which carries in it's payload, the ability to disable firewalls and local security protections, and a backdoor capability.
< http://www.auditmypc.com/process/isass.asp >
Recommendation for isass.exe:
DISABLE AND REMOVE IMMEDIATELY. This process is most likely a virus or trojan. You have it most likely somewhere in your computer (and probably on every CD/DVD that you lately have made by your self).
To get control over your running programs this could bee your solution
< http://www.liutilities.com/products/campaigns/plib/wintasks/ >
More links according to this:
< http://castlecops.com/postt13642.html >
< http://www.spyany.com/files/Isass_exe.html >
eureka
Posted by eureka on Apr. 20 2006,10:59
To insidePlease note that: ”Isass.exe is a file related to trojan. Notice the difference between Isass.exe and Lsass.exe. Isass.exe (in lower case, isass.exe) is related to trojan, while Lsass.exe (in lower case, lsass.exe), is a legitimate Windows file.”
Question is: did you use lower case or uppercase in name isass.exe. If it’s Lsass.exe, you don’t need to whorry.
eureka
Posted by eureka on Apr. 20 2006,11:56
To insideCould it be this one …
< http://www.911cd.net/forums....%5C.exe >
Regards eureka
Posted by inside on Apr. 21 2006,01:14
(Guest @ Apr. 20 2006,14:59)
QUOTE
To inside
Please note that: ”Isass.exe is a file related to trojan. Notice the difference between Isass.exe and Lsass.exe. Isass.exe (in lower case, isass.exe) is related to trojan, while Lsass.exe (in lower case, lsass.exe), is a legitimate Windows file.”
Question is: did you use lower case or uppercase in name isass.exe. If it’s Lsass.exe, you don’t need to whorry.
eureka
Please note that: ”Isass.exe is a file related to trojan. Notice the difference between Isass.exe and Lsass.exe. Isass.exe (in lower case, isass.exe) is related to trojan, while Lsass.exe (in lower case, lsass.exe), is a legitimate Windows file.”
Question is: did you use lower case or uppercase in name isass.exe. If it’s Lsass.exe, you don’t need to whorry.
eureka
hi, it's LSASS.EXE in I386\system32 folder.
THanks for your help, however i stiill stuck at that error
Posted by mionica on Apr. 22 2006,07:13
@insideIt's a problem with some plugin of BartPE, I assume. I received that same message while attempting to access environment variables before the Session Manager (smss.exe) would be fully initialized (in my own attempt to writing a shell), using a REG_EXPAND_SZ registry value; I've heard it can also be produced by a corrupt registry hive.
Try disabling all plugins and test in VMware, then add them one by one, testing after each.
@eureka
It's unlikely that a virus/trojan would target BartPE - at least I haven't hear of any. lsass.exe is just that, the Local Security Authority Subsystem Service.
Posted by eureka on Apr. 22 2006,08:02
To mionicaI do agree with you. I later analysed “LSASS.EXE” and found out that it was a “legitimate Windows file”
eureka