isass

Hi
I am new to the forum and apologize if this issue is covered elsewhere. I am an amateur (heavy on amateur) when it comes to virus issues. I am having problems with fake alarms and explicit content shields popping up as well as some alert about sys-something, sorry it is not happening right now. But the biggest problem is my computer keeps doing shutdowns and it says a isass.exe is the problem and mentions kernel321.dll. If this isn't enough info I will try and post more info.
Thanks
Amanda

 

Okay I just saw that there are steps to take before asking stuff so i will try the steps
Thanks

 

Okay so I do need help,
Nothing about removing isass on the procedures page.
thanks for any help
Amanda

 

Hi amandarae,
Welcome to Major Geeks!

Please continue on through the entire set of instructions in the READ & RUN ME FIRST. At the bottom of the first page, you'll see instructions specific to your operating system. After you've done what is requested on the first page, go on with these more specific instructions. In most cases, people find some relief from the symptoms their computers are exhibiting and I expect you'll have that experience as well. After you finish, you'll have a set of logs to attach to your next two posts which will give us the specific information we need to help you.

Thanks.
abri

 

Okay, I ran all the scans and am still getting the critical error msg and what not as well as the computer shutdown due to isass. I have attached the logs.

 

Okay so maybe there is an easier way to attach more than three files but here is the other attachment I was told to do.
Thanks and I hope there is help.

 

Hi amandarae,

Combofix didn't run. Did you get an error message when you ran it? Did it run to completion? Did you click in the window when it was running? It seems to be installed correctly. See if you can get it to run in safe mode. To get to safe mode, click on the F8 key during bootup until you get the alternate menu. Select safe mode and go into your user name. Before you run Combofix
please run CCleaner at the default setting with the Windows tab as the one on top. Then double click on the cf.exe program and see if you can get it to run properly.
If so, attach the new log it produces. In the meantime, I'll look at the rest of your logs.

Also, can you tell me what's in the following two folders? (you can open the folder but don't open any files)

C:\WINDOWS\system32\FxsTmp
C:\Program Files\Common Files\iS3

Thanks.
abri

 

Okay so in the Fxstmp file there is nothing
in the Is3 file there is a folder labeled Anti-Spyware

I tried running combo fix in safe mode and I have virus popups during the scan and then a popup that says couldn't run due to some memory issue.

 

Hi amandarae,

After you complete the instructions in Post 7, please continue with this set. I want to first remove the known malware that I'm spotting on your computer and see if that will get rid of these files. If not, we'll work on those next.

Please do the following:


1) Please disable your guest account if this hasn't already been done.

2) Go to add/remove programs and uninstall the below:

J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 5


3) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


4) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - (no file)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: (no name) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - Winlogon Notify: vubfwejf - C:\WINDOWS\SYSTEM32\vubfwejf.dll

After you click fix, just close hijackthis.

5) Download and install Erunt. Use it to create a backup of your registry.

6) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

7) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the 'Execute' button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

8) Now run CCleaner at the default setting with the Windows tab as the top one.

9) Install the current version of Sun Java from: Sun Java Runtime Environment

10) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log. and don't forget the answers to the questions in post 7.


Let me know how things are running now?

abri

 

okay so i got all the way to running analys.exe and i removed all that you told me to but this one
O20 - Winlogon Notify: vubfwejf - C:\WINDOWS\SYSTEM32\vubfwejf.dll
it seems that whenever I try and fix it in analys.exe the computer imediatly shuts down. I wanted to let you know before finishing the rest of the directions you gave me.

 

Sorry if this is a stupid question but what is ccleaner?

 

Okay so i ran CCleaner and installed the java and attached the logs.
I am not sure how the pc is running as I just completed all this and have yet to see any virus stuff pop up. I will let you know after a couple hours.

 

Hi amandarae,

I want you to run HijackThis (analyse.exe) again as described below. The file we're trying to get rid of is partially damaged, but not yet gone. See if it goes this time without causing your computer to crash.

If it does cause a shutdown as before, then try this instead: Disconnect your computer from the internet and disable all your antivirus/antispyware/firewall protection. Then try it again. Then before you reconnect to the internet, be sure to re-enable all your protection software again.

1) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O20 - Winlogon Notify: vubfwejf - vubfwejf.dll (file missing)

After you click fix, just close hijackthis.

2) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

3) Now run CCleaner at the default setting with the Windows tab as the top one.

4) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip and let me know if you get a success message for the registry patch.


Let me know how things are running now?

abri