virus !!!
- Thread starter vir-k
- Start date
Norton is a resource grabbing... whatever that's not very effective. The first item "spoolsv.exe" is an actual printer spooler executable found in the "C:\Windows\system32\" folder. There are several computer related viruses that will use this file to hide themselves and manipulate your system. More information is seen at http://process.networktechs.com/Spoolsv.exe.php
It seems like you managed to have a few pests decide to pay you a visit as described at http://www.2-spyware.com/file-isass-exe.html In fact you should have started this thread in the security section due to finding a third "uninvited guest" hiding on your machine there. http://www.spyany.com/files/dlm_exe.html
Are you ready to say goodbye to norton to have a doctor make a "House call" as seen at http://housecall.trendmicro.com/ ?
First you try the methods described at the links there but installing some real protection is what is needed. A quick to go on and free pair of virus and spyware remover are provided by Grisoft namely the AVG 7.5 free virus remover and the AVG Anti-Spyware Remover both available at http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
Trend Micro's PC-cillin also seen in one of the stickys iin the security was recently found to be more effective then AVG when tested here. The house call test will require PC-cillin to be installed first to run that system scanner. Another free scan can be performed at Symantec's own online site. http://security.symantec.com/sscv6/...d=22&pkj=NCGSCKMRKRFPECDMEYI&setjsax=1&bhcp=1
The recommendation here is to download the 30day trial version of PC-cillin and give that one a good run. Once your system is clean again the other programs which are free to download without expiration are good tools. If you still have problems removing these a few other tools like HiJack This show entries these viruses have made in the system registry.
It seems like you managed to have a few pests decide to pay you a visit as described at http://www.2-spyware.com/file-isass-exe.html In fact you should have started this thread in the security section due to finding a third "uninvited guest" hiding on your machine there. http://www.spyany.com/files/dlm_exe.html
Are you ready to say goodbye to norton to have a doctor make a "House call" as seen at http://housecall.trendmicro.com/ ?
First you try the methods described at the links there but installing some real protection is what is needed. A quick to go on and free pair of virus and spyware remover are provided by Grisoft namely the AVG 7.5 free virus remover and the AVG Anti-Spyware Remover both available at http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
Trend Micro's PC-cillin also seen in one of the stickys iin the security was recently found to be more effective then AVG when tested here. The house call test will require PC-cillin to be installed first to run that system scanner. Another free scan can be performed at Symantec's own online site. http://security.symantec.com/sscv6/...d=22&pkj=NCGSCKMRKRFPECDMEYI&setjsax=1&bhcp=1
The recommendation here is to download the 30day trial version of PC-cillin and give that one a good run. Once your system is clean again the other programs which are free to download without expiration are good tools. If you still have problems removing these a few other tools like HiJack This show entries these viruses have made in the system registry.
PC-cillin might still not find everything while being evaluated here as a good combination with adware/spyware/virus removal. Is that "winspool" file seen woth a "drv" or "exe" three letter extension? If you are seeing an "exe" at the end you will want to look over the information on a trojan downloader by that name seen at http://www.greatis.com/appdata/d/w/winspool.exe_Removal.htm
A trojan downloader works like the fabled "trojan horse" where it arrives and other things are then downloaded to your machine. You can remove the other pests and that will simply download more as it creates new startups. When cleaning there this has to be found and removed. First make sure it's not a default winspool.drv put there by the Windows installer. If it turns out to be the trojan described removal instructions are also seen on a link provided at the site there.
A trojan downloader works like the fabled "trojan horse" where it arrives and other things are then downloaded to your machine. You can remove the other pests and that will simply download more as it creates new startups. When cleaning there this has to be found and removed. First make sure it's not a default winspool.drv put there by the Windows installer. If it turns out to be the trojan described removal instructions are also seen on a link provided at the site there.
In what manner? Are you refering to the second link?
Meanwhile for some added protection I've been trying a good run of a free spyware/adware program someone wanted information after reading about it on PC World's site. The Spyware Terminator as it is called also includes a personal firewall. You wouldn't have to worry about the expiration after 30 days on PC-cillin and losing a firewall with this one. http://www.spywareterminator.com/
devilswing5
New Member
how can i delete the spoolsv.exe coz i cant delete in the Task manager. and about the Issas.exe wat should i do to it.
Buzz1927
Digaredd
If it's Issas.exe, it is
Post a Hijackthis log.
http://www.computerforum.com/24672-hijackthis-logs.html
First you have to know if the file is a genuine system file or a virus posing as one. The links above give the instructions for removing those files if found to be the specified virus. The task manager is used primarily for showing what processes and applications are running along with internet connection, network activity, and system performance in general. The option to end a specific process is used to free up a system lock not remove anything. Viruses often need special tools to remove them.
pdc76
New Member
If it's Issas.exe, it is
Post a Hijackthis log.
http://www.computerforum.com/24672-hijackthis-logs.html
i happen to personally have both of those in my task manager. they are not viruses. i did a fresh install of xp pro 3 days ago and they have been there since the install.
(btw, i install windows with sp2 while not connected to the internet.)
Rambo
New Member
i happen to personally have both of those in my task manager. they are not viruses. i did a fresh install of xp pro 3 days ago and they have been there since the install.
(btw, i install windows with sp2 while not connected to the internet.)
Look closely at the spelling. The normal, non-virus version of the file is spelt lsass (with a L at the beginning). However, this one is spelt with an I.
Look closely at the spelling. The normal, non-virus version of the file is spelt lsass (with a L at the beginning). However, this one is spelt with an I.
That fact might elude him there.
But nice try anyways! If you go to the links posted earlier you can see the info on them and removal information there. Whenever you see some file name flagged run a good search. A good number of viruses and other trojans are made to look like the typical system files. Currently the Spyware Terminator is proving to be a good one for prompting on "anything" tries to start up even games!
pdc76
New Member
wow, very clever virus-makers out there. i just clicked on the image name tab to alphabetize the processes, and you're right. mine starts with L.
sorry about that, but you gotta admit, that's not easy to spot unless you've seen it before. i'll always know to look for that from now on.
sorry about that, but you gotta admit, that's not easy to spot unless you've seen it before. i'll always know to look for that from now on.
When you get a flag pointing a specific file name the exact spelling has to be taken note of so as to avoid confusing some bogus system looking file for the genuine article installed by Windows. This is where people get tripped up when noticing the disguise that this stuff goes under. This is one area I'd had some fun in when using an alternate program to spot things missed by others.
The fact that three not one single virus was detected points at something else like a trojan downloader being there to download the rest. Viruses are often geared to go through your contacts to generate new mail with copies of themselves attached. The wonders of firewalls that alert you to any new startups! Once you have an odd name run a search on it and you will quickly find a few sites if it is a known infection of some type.
The fact that three not one single virus was detected points at something else like a trojan downloader being there to download the rest. Viruses are often geared to go through your contacts to generate new mail with copies of themselves attached. The wonders of firewalls that alert you to any new startups! Once you have an odd name run a search on it and you will quickly find a few sites if it is a known infection of some type.
pdc76
New Member
Iluvpenguins
New Member
kinda like the svchost things
That's another one that gets you going when you come across that one. If you start seeing that showing up in the processes section of the task manager you most likely got stuck with it somehow. It has the same spelling as the default svchost.exe file but found outside of the "Windows\system32" sub directory usually unless the real file gets overwritten.
In that case you manually overwrite that bug from the recovery console by manually expanding a fresh copy off of the installation disk. Or you can "ask Leo" at http://ask-leo.com/svchost_and_svchostexe_crashs_cpu_maximization_viruses_exploits_and_more.html as one site with information on removal. This one goes back further then XP however since WIN 2000 also has the same file in it.
In that case you manually overwrite that bug from the recovery console by manually expanding a fresh copy off of the installation disk. Or you can "ask Leo" at http://ask-leo.com/svchost_and_svchostexe_crashs_cpu_maximization_viruses_exploits_and_more.html as one site with information on removal. This one goes back further then XP however since WIN 2000 also has the same file in it.