error mesage at start up

Discussion in 'Windows Vista Performance' started by Martin, Nov 9, 2007.

  1. Martin

    Martin Guest

    hi everyone!

    I am receiving an error messege whe windows starts up. I have windows vista
    premium on my notebook. The error says:
    "ERROR
    Execution of the specified command has failed"

    It doesn't even say which command :-(. I have search in the windows journal
    for errors in the applications and system but it doesn't show anything. I
    suspect it might be a virus but Norton didn't find anything neither.
    Searching in the web I have found that the AWF folder in the program files
    folder may be a virus. Anybody have a clue about this, the files there may be
    virus (setup and service?). Or how I can resolve the error message? Thank you
    very much in advance!!

    Martin.
     
    Martin, Nov 9, 2007
    #1
    1. Advertisements

  2. Martin

    Dwarf Guest

    Hi Martin,

    Next time you start your computer, make sure you have no other applications
    running. When the error that you describe appears, bring up the Task Manager
    using Ctrl, Shift and Esc. In the applications tab, you should find this
    application listed. Right click on it and select 'Go To Process' in the menu
    that appears. Make a note of the name that is highlighted. Close the Task
    Manager. Reply to this post and remember to include the full name (including
    extension) of the process that you noted above. Please ensure that you post
    the EXACT spelling AND case.
    Dwarf
     
    Dwarf, Nov 9, 2007
    #2
    1. Advertisements

  3. Martin

    Martin Guest

    Hi Dwarf,

    Thank you very much for your tip. How do I stop the applications to run at
    the start up, I am afraid I remove some important window process. And I can't
    find an start up manager. I know in the regedit, under windows, current
    version run, there are some, in fact there are some process unknown. For
    example the h3yb0y and h3yb0y1 poitning to awf/LSASS.exe with I think might
    be souspicius. Thanks again;

    Martin.
     
    Martin, Nov 10, 2007
    #3
  4. Martin

    Dwarf Guest

    Hi Martin,

    It looks as though you have got a variant of the SASSER malware on your
    machine. Determining whether lsass.exe is a virus or a legitimate Windows
    process depends on the directory location it executes or runs from. LSASS.exe
    is a legitimate Windows component, but it should ONLY exist in the System32
    folder. The legitimate version is a system process of the Microsoft Windows
    security mechanisms. It specifically deals with local security and login
    policies. This program is important for the stable and secure running of your
    computer and should not be terminated. When this file is in any other
    location(s) it is malware and a security risk and should be removed from your
    system. In these cases, it is malware which can take on a number of forms. It
    can be a process which is registered as a trojan which allows attackers to
    access your computer from remote locations, stealing passwords, Internet
    banking and personal data. It can also be a process registered as a
    downloader which usually comes bundled with a virus or spyware and its main
    role is to do nothing other than download other viruses/spyware to your
    computer.
    Removal of this malware can be tricky, but it can be done. Most anti-virus
    vendors usually have software on their websites which can be used to detect
    and remove it, but the problem with doing it that way is that you need to be
    connected to the Internet whilst you do it (some variants can detect if you
    are visiting an anti-virus site and redirect you to one that looks like it
    but is fake). Of course, the best way of removing any malware like this on
    your system is to do a complete reinstallation (including a full disk format)
    of Vista. If your anti-virus subscription is nearing its end and you are
    contemplating changing vendors, then this is probably the best option as
    anti-virus programs are notoriously difficult to remove even with the
    vendor's removal tools (they need to be, to prevent malware from doing so).
    I enclose 2 links, both to the Kaspersky website. The first is to a page
    entitled 'Virus Removal Tools', which allows you to download a number of
    tools to remove different forms of malware. The second is a direct link to
    the SASSER removal tool. When using such a tool, you need to follow the given
    instructions to the letter, as failure to do so can leave the malware with a
    sufficient foothold on your system to reinstate itself. Even if you follow
    the instructions to the letter, there is no guarantee that the malware will
    be removed entirely, so be prepared to do a reinstallation of Vista if this
    turns out to be the case.
    Dwarf

    http://www.kaspersky.com/removaltools

    http://www.kaspersky.com/removaltools?vtopen=146410248#open
     
    Dwarf, Nov 10, 2007
    #4
  5. Martin

    Martin Guest

    Hi Dwarf,

    Thank you very much for your complete answer and your time. I'll follow the
    links and try to do as u say. I have made a complete scan of my PC and Norton
    antivirus won't detect the malware. I imagine I'll have to do it in the hard
    way :-(. Thanks again!

    Martin.
     
    Martin, Nov 11, 2007
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.