ISASS.EXE - Dangerous

What you should do about ISASS.EXE:

Check Your PC Now
Your PC is infected. The file called ISASS.EXE is considered unsafe and there may be other infections on your PC.


You should urgently check your PC and remove any malicious software including ISASS.EXE as soon as possible. The free version of Prevx CSI will scan your PC for millions of spyware and malware infections in less than 2 minutes. Don't take the risk, check your PC now by clicking the green button.

Download Prevx CSI Now

Who Uses Prevx CSI?

Prevx has been detecting the threats that others miss since 2004.

More than 2,076,580 people have scanned with Prevx CSI and between them have checked 30.4 billion files. 68% of the PCs scanned had malware present.

What we know about ISASS.EXE:

The filename ISASS.EXE was first seen on May 16 2007 in The UNITED KINGDOM. It has also been seen in the following geographical regions of the Prevx community:

  • PAKISTAN on Dec 27 2007
  • SPAIN on Oct 18 2007
  • ITALY on May 8 2008
  • The UNITED STATES on May 16 2007
  • HUNGARY on Jan 7 2008
The filename ISASS.EXE is used by multiple object types including executable programs,Dynamic Link LIbraries.

The most common file size is 101,376 bytes. But the following file sizes have also been seen:

  • 234,496 bytes
  • 1,343,925 bytes
  • 6,277,261 bytes
  • 91,648 bytes
  • 337,920 bytes

The filename is associated with the malware group Worm.Ircbot.Gen.Some files using the name ISASS.EXE are also associated with the malware groups:
  • Malware.Optix.Pro
  • Trojan.SystemPoser
  • Dropper.Generic.THT
 These files have no vendor, product or version information specified in the file header.

ISASS.EXE has been seen to perform the following behavior(s):

  • The Process is packed and/or encrypted using a software packing process
  • This Process Deletes Other Processes From Disk
  • Executes a Process
  • This Process Creates Other Processes On Disk
  • The Process is polymorphic and can change its structure
  • Adds a Registry Key (RUN) to auto start Programs on system start up
  • Writes to another Process's Virtual Memory (Process Hijacking)
  • Opens pop up browser windows
  • Connects with IRC chat rooms
  • Can make outbound communication to other computers, IM chat rooms and other services using IRC protocols
  • Can communicate with other computer systems using HTTP protocols
  • Makes outbound connections to other computers using NETBIOSOUT protocols

ISASS.EXE has been the subject of the following behavior(s):

  • Created as a process on disk
  • Executed as a Process
  • Created as a new Background Service on the machine
  • Deleted as a process from disk
  • Added as a Registry auto start to load Program on Boot up
  • Has code inserted into its Virtual Memory space by other programs
  • Terminated as a Process
  • Copied to multiple locations on the system

ISASS.EXE can also use the following file names:

  • IMAGES.EXE
  • KHOYA KHAOYA CHAND.EXE
  • MOUJA HI MOUJA.EXE
  • OM SHANTI OM.EXE
  • WELCOME.EXE
  • SANWARIYA.EXE
  • OM SHANTI OM INSTRUMENTAL.EXE
  • LSSAS.EXE
  • DPTRNEWWHB-207.PMS.EXE
  • F8D6FA2F81A353036F9238B81AE4BD00.EXE
  • SPOOISV.EXE
  • HCYD.EXE
  • ALGS.EXE
  • DPTRRSLYQS-637.PMS.EXE
  • 9EFBE9742D80AC7194F544E5B1E8C4A0.EXE
  • IEXPLORE.EXE
  • SSTQN.EXE
  • 91143156.SVD

Virus, Spyware & Malware Center