What are these Isass processes?

Mesh / Xtreme gps
April 27, 2009 at 01:39:35
Specs: WinXP Home SP2, Quad Q9450/4GB
I'm trying to work out why I sometimes get such slow performance on this Quad Core Q9450 2.66 GHz, 4 GB, running XP Pro. I just ran Process Monitor (ProcMon) and even though I'm not actively *doing* much in any of the applications currently loaded, I see hundreds if not thousands of the following types of entry dominating activity. What are they and do they offer the experts any clues please?

Process = Isass.exe, PID = 804

Operation Path Result
--------- ---- ------
RegOpenKey HKLM\SECURITY\Policy SUCCESS
RegOpenKey HKLM\SECURITY\Policy\SecDesc SUCCESS
RegQueryValue HKLM\SECURITY\Policy\SecDesc\(Default) BUFFER OVERFLOW
RegCloseKey HKLM\SECURITY\Policy\SecDesc SUCCESS
RegOpenKey HKLM\SECURITY\Policy\SecDesc SUCCESS
RegQueryValue HKLM\SECURITY\Policy\SecDesc\(Default) SUCCESS
RegCloseKey HKLM\SECURITY\Policy\SecDesc SUCCESS
RegCloseKey HKLM\SECURITY\Policy SUCCESS
RegOpenKey HKLM\SECURITY\Policy SUCCESS
RegOpenKey HKLM\SECURITY\Policy\SecDesc SUCCESS
RegQueryValue HKLM\SECURITY\Policy\SecDesc\(Default) BUFFER OVERFLOW
RegCloseKey HKLM\SECURITY\Policy\SecDesc SUCCESS
RegOpenKey HKLM\SECURITY\Policy\SecDesc SUCCESS
RegQueryValue HKLM\SECURITY\Policy\SecDesc\(Default) SUCCESS
RegCloseKey HKLM\SECURITY\Policy\SecDesc SUCCESS
etc

--
Terry, East Grinstead, UK


See More: What are these Isass processes?

Report •


#1
April 27, 2009 at 06:40:03
Isass.exe is part of a the virus Optix.Pro. So in other words you are infected with a virus. MalwareBytes should remove it. You can download it at www.malwarebytes.org

Report •

#2
April 27, 2009 at 06:57:55
You have the Backdoor.Futro virus.

Note – do not confuse this with LSASS which will most times show as “lsass” in your Task List where the first letter is in fact a lowercase “L” rather than an “i”.
---------------------------
To find out what each Startup(or Process) item
does or means, and any recommendation as to if you should close the process:
http://www.answersthatwork.com/Task...
Task List Programs
OR
http://www.processlibrary.com/
The Process Library


Report •

#3
April 27, 2009 at 11:08:30
Thanks both. It is in fact Lsass.exe, my mistake.

Any thoughts on why there should be so much of that sort of activity please?

--
Terry, East Grinstead, UK


Report •

Related Solutions

#4
April 27, 2009 at 12:01:30
Is your WinXP fully updated?

Report •

#5
April 27, 2009 at 13:54:39
Use start, run type in cmd and enter key.

Type attrib. If you see lsass.ese you have a virus.Could be other places and wrong sizes.

I think they said that.

"Best Practices", Event viewer, host file, perfmon, antivirus, anti-spyware, Live CD's, backups, are in my top 10


Report •


Ask Question