Isass.exe – Application Error 0xC00000005


Name: Clair Garrett

As soon as i turn my PC on I get a box up saying Isass.exe – Application error on the top. Inside the box it says: This application as failed to initalize properly (0XC00000005).

ANY ADVICE YOU COULD GIVE ME WOULD BE GRATEFULLY RECIEVED!

THANK YOU!

____________________________________

Does the computer finish booting up after you receive this error message and then function normally, does it not proceed any further, or does it shut down after you click OK? If you boot into Safe Mode do you still get the error message?

Also, and this is VERY important: Is it Isass or Lsass? If the answer is I, then you likely have a virus. (The W32.Sasser worm is notorious for creating this file.) The reason being is that Lsass.exe is a legitimate Windows file used to verify user accounts, security profiles, and login sessions for the various users; (LSASS being an acronym for Local Security Authority Subsystem Service) which the virus takes advantage of by making an executable file that looks very similar to when casually glancing at the running system processes via the Task Manager.

In the event that it is the Sasser virus, there are a few removal tools available. Microsoft’s Sasser removal tool (original) has been replaced by Microsoft’s Windows Malicious Software Removal Tool, which can be downloaded directly here via the Microsoft Download Center, or via Windows Update. Instructions for downloading via Windows Update are provided on the MS Malicious Software Removal Tool information page that was linked to. AntiVirus companies like Symantec have also have released removal tools for Sasser, but most of these are quite old so you’re likely better off trying MS’s much more up-to-date app.

Of course, those removal tools will do no good if Sasser, or some other form of malware that the MS tool is designed to correct is not present. You may want to try booting to Safe Mode With Networking and then downloading McAfee’s SuperDAT command-line virus scanner in order to see if your system is, in fact, infected with something.

If possible, the following information will be useful in order to be able to assist you more efficiently -

Computer Make: (Dell, HP, Alienware, Homebuilt, etc)
Computer Model: (Inspiron 1501, Latitude 1200, etc)
CPU: (Intel Core 2 Duo E6600, AMD Athlon X2, etc)
RAM: (512 MB, 1 GB, 2 GB, etc)
Graphics Adapter: (nVidia GeForce 8800 GTS, ATi Radeon HD 5800, Intel GMA 3150, on-board graphics, etc)
Operating System: (Windows XP, Vista, 7)
Type of Anti-Virus Software: (Symantec Norton AntiVirus 2010, McAfee Total Protection, Kaspersky Internet Security, AVG Free, etc)
Latest Anti-Virus Updates/Definitions Installed?: (Yes/No – Note: This usually requires an active, paid subscription to the software manufacturer. Most trial antivirus software suites that come pre-installed on computers only have demo subscriptions that are good for appx three months, after which definition updates are suspended)

All of the requested information can easily be found by running CPU-Z by Franck Delattre of CPUID.

READERS: Have any of you been infected by Sasser? If so, how did you remove it? Have you ever seen Isass.exe in instances other than a Sasser worm infection?

1 Comment

  1. Roberto Stasi says:

    Microsoft is not doing a good job about security because they are a sort of dumb bells in a way.
    Now they appear to return to Unix way of doing things with their /etc directory in Windows 7. They are not publishing the MD5 or SHAW checksum for important files of the OS. We have to always wonder if it’s a good file or a virus or if a antivirus program is being good enough to find a virus. Also there is no control of BIOS code from antivirus makers. Thus the AV programs are half good and a few of them even block internet connections without telling they are blocking it. I have 100 percent confirmation of this becuase when I disable the web protection offered by an anti-AV software my IE-8 does not lock while surfing. I rather surf the web with a non-administrator user account until they continue to be dumb bell.

Leave a Reply