error mesage at start up

hi everyone!

I am receiving an error messege whe windows starts up. I have windows vista
premium on my notebook. The error says:
"ERROR
Execution of the specified command has failed"

It doesn't even say which command :-(. I have search in the windows journal
for errors in the applications and system but it doesn't show anything. I
suspect it might be a virus but Norton didn't find anything neither.
Searching in the web I have found that the AWF folder in the program files
folder may be a virus. Anybody have a clue about this, the files there may be
virus (setup and service?). Or how I can resolve the error message? Thank you
very much in advance!!

Martin.

Hi Martin,

Next time you start your computer, make sure you have no other applications
running. When the error that you describe appears, bring up the Task Manager
using Ctrl, Shift and Esc. In the applications tab, you should find this
application listed. Right click on it and select 'Go To Process' in the menu
that appears. Make a note of the name that is highlighted. Close the Task
Manager. Reply to this post and remember to include the full name (including
extension) of the process that you noted above. Please ensure that you post
the EXACT spelling AND case.
Dwarf

"Martin" wrote:

> hi everyone!
>
> I am receiving an error messege whe windows starts up. I have windows vista
> premium on my notebook. The error says:
> "ERROR
> Execution of the specified command has failed"
>
> It doesn't even say which command :-(. I have search in the windows journal
> for errors in the applications and system but it doesn't show anything. I
> suspect it might be a virus but Norton didn't find anything neither.
> Searching in the web I have found that the AWF folder in the program files
> folder may be a virus. Anybody have a clue about this, the files there may be
> virus (setup and service?). Or how I can resolve the error message? Thank you
> very much in advance!!
>
> Martin.

Hi Dwarf,

Thank you very much for your tip. How do I stop the applications to run at
the start up, I am afraid I remove some important window process. And I can't
find an start up manager. I know in the regedit, under windows, current
version run, there are some, in fact there are some process unknown. For
example the h3yb0y and h3yb0y1 poitning to awf/LSASS.exe with I think might
be souspicius. Thanks again;

Martin.

"Dwarf" wrote:

> Hi Martin,
>
> Next time you start your computer, make sure you have no other applications
> running. When the error that you describe appears, bring up the Task Manager
> using Ctrl, Shift and Esc. In the applications tab, you should find this
> application listed. Right click on it and select 'Go To Process' in the menu
> that appears. Make a note of the name that is highlighted. Close the Task
> Manager. Reply to this post and remember to include the full name (including
> extension) of the process that you noted above. Please ensure that you post
> the EXACT spelling AND case.
> Dwarf
>
> "Martin" wrote:
>
> > hi everyone!
> >
> > I am receiving an error messege whe windows starts up. I have windows vista
> > premium on my notebook. The error says:
> > "ERROR
> > Execution of the specified command has failed"
> >
> > It doesn't even say which command :-(. I have search in the windows journal
> > for errors in the applications and system but it doesn't show anything. I
> > suspect it might be a virus but Norton didn't find anything neither.
> > Searching in the web I have found that the AWF folder in the program files
> > folder may be a virus. Anybody have a clue about this, the files there may be
> > virus (setup and service?). Or how I can resolve the error message? Thank you
> > very much in advance!!
> >
> > Martin.

Hi Martin,

It looks as though you have got a variant of the SASSER malware on your
machine. Determining whether lsass.exe is a virus or a legitimate Windows
process depends on the directory location it executes or runs from. LSASS.exe
is a legitimate Windows component, but it should ONLY exist in the System32
folder. The legitimate version is a system process of the Microsoft Windows
security mechanisms. It specifically deals with local security and login
policies. This program is important for the stable and secure running of your
computer and should not be terminated. When this file is in any other
location(s) it is malware and a security risk and should be removed from your
system. In these cases, it is malware which can take on a number of forms. It
can be a process which is registered as a trojan which allows attackers to
access your computer from remote locations, stealing passwords, Internet
banking and personal data. It can also be a process registered as a
downloader which usually comes bundled with a virus or spyware and its main
role is to do nothing other than download other viruses/spyware to your
computer.
Removal of this malware can be tricky, but it can be done. Most anti-virus
vendors usually have software on their websites which can be used to detect
and remove it, but the problem with doing it that way is that you need to be
connected to the Internet whilst you do it (some variants can detect if you
are visiting an anti-virus site and redirect you to one that looks like it
but is fake). Of course, the best way of removing any malware like this on
your system is to do a complete reinstallation (including a full disk format)
of Vista. If your anti-virus subscription is nearing its end and you are
contemplating changing vendors, then this is probably the best option as
anti-virus programs are notoriously difficult to remove even with the
vendor's removal tools (they need to be, to prevent malware from doing so).
I enclose 2 links, both to the Kaspersky website. The first is to a page
entitled 'Virus Removal Tools', which allows you to download a number of
tools to remove different forms of malware. The second is a direct link to
the SASSER removal tool. When using such a tool, you need to follow the given
instructions to the letter, as failure to do so can leave the malware with a
sufficient foothold on your system to reinstate itself. Even if you follow
the instructions to the letter, there is no guarantee that the malware will
be removed entirely, so be prepared to do a reinstallation of Vista if this
turns out to be the case.
Dwarf

http://www.kaspersky.com/removaltools

http://www.kaspersky.com/removaltool...146410248#open

"Martin" wrote:

> Hi Dwarf,
>
> Thank you very much for your tip. How do I stop the applications to run at
> the start up, I am afraid I remove some important window process. And I can't
> find an start up manager. I know in the regedit, under windows, current
> version run, there are some, in fact there are some process unknown. For
> example the h3yb0y and h3yb0y1 poitning to awf/LSASS.exe with I think might
> be souspicius. Thanks again;
>
> Martin.
>
> "Dwarf" wrote:
>
> > Hi Martin,
> >
> > Next time you start your computer, make sure you have no other applications
> > running. When the error that you describe appears, bring up the Task Manager
> > using Ctrl, Shift and Esc. In the applications tab, you should find this
> > application listed. Right click on it and select 'Go To Process' in the menu
> > that appears. Make a note of the name that is highlighted. Close the Task
> > Manager. Reply to this post and remember to include the full name (including
> > extension) of the process that you noted above. Please ensure that you post
> > the EXACT spelling AND case.
> > Dwarf
> >
> > "Martin" wrote:
> >
> > > hi everyone!
> > >
> > > I am receiving an error messege whe windows starts up. I have windows vista
> > > premium on my notebook. The error says:
> > > "ERROR
> > > Execution of the specified command has failed"
> > >
> > > It doesn't even say which command :-(. I have search in the windows journal
> > > for errors in the applications and system but it doesn't show anything. I
> > > suspect it might be a virus but Norton didn't find anything neither.
> > > Searching in the web I have found that the AWF folder in the program files
> > > folder may be a virus. Anybody have a clue about this, the files there may be
> > > virus (setup and service?). Or how I can resolve the error message? Thank you
> > > very much in advance!!
> > >
> > > Martin.

Hi Dwarf,

Thank you very much for your complete answer and your time. I'll follow the
links and try to do as u say. I have made a complete scan of my PC and Norton
antivirus won't detect the malware. I imagine I'll have to do it in the hard
way :-(. Thanks again!

Martin.

"Dwarf" wrote:

> Hi Martin,
>
> It looks as though you have got a variant of the SASSER malware on your
> machine. Determining whether lsass.exe is a virus or a legitimate Windows
> process depends on the directory location it executes or runs from. LSASS.exe
> is a legitimate Windows component, but it should ONLY exist in the System32
> folder. The legitimate version is a system process of the Microsoft Windows
> security mechanisms. It specifically deals with local security and login
> policies. This program is important for the stable and secure running of your
> computer and should not be terminated. When this file is in any other
> location(s) it is malware and a security risk and should be removed from your
> system. In these cases, it is malware which can take on a number of forms. It
> can be a process which is registered as a trojan which allows attackers to
> access your computer from remote locations, stealing passwords, Internet
> banking and personal data. It can also be a process registered as a
> downloader which usually comes bundled with a virus or spyware and its main
> role is to do nothing other than download other viruses/spyware to your
> computer.
> Removal of this malware can be tricky, but it can be done. Most anti-virus
> vendors usually have software on their websites which can be used to detect
> and remove it, but the problem with doing it that way is that you need to be
> connected to the Internet whilst you do it (some variants can detect if you
> are visiting an anti-virus site and redirect you to one that looks like it
> but is fake). Of course, the best way of removing any malware like this on
> your system is to do a complete reinstallation (including a full disk format)
> of Vista. If your anti-virus subscription is nearing its end and you are
> contemplating changing vendors, then this is probably the best option as
> anti-virus programs are notoriously difficult to remove even with the
> vendor's removal tools (they need to be, to prevent malware from doing so).
> I enclose 2 links, both to the Kaspersky website. The first is to a page
> entitled 'Virus Removal Tools', which allows you to download a number of
> tools to remove different forms of malware. The second is a direct link to
> the SASSER removal tool. When using such a tool, you need to follow the given
> instructions to the letter, as failure to do so can leave the malware with a
> sufficient foothold on your system to reinstate itself. Even if you follow
> the instructions to the letter, there is no guarantee that the malware will
> be removed entirely, so be prepared to do a reinstallation of Vista if this
> turns out to be the case.
> Dwarf
>
> http://www.kaspersky.com/removaltools
>
> http://www.kaspersky.com/removaltool...146410248#open
>
> "Martin" wrote:
>
> > Hi Dwarf,
> >
> > Thank you very much for your tip. How do I stop the applications to run at
> > the start up, I am afraid I remove some important window process. And I can't
> > find an start up manager. I know in the regedit, under windows, current
> > version run, there are some, in fact there are some process unknown. For
> > example the h3yb0y and h3yb0y1 poitning to awf/LSASS.exe with I think might
> > be souspicius. Thanks again;
> >
> > Martin.
> >
> > "Dwarf" wrote:
> >
> > > Hi Martin,
> > >
> > > Next time you start your computer, make sure you have no other applications
> > > running. When the error that you describe appears, bring up the Task Manager
> > > using Ctrl, Shift and Esc. In the applications tab, you should find this
> > > application listed. Right click on it and select 'Go To Process' in the menu
> > > that appears. Make a note of the name that is highlighted. Close the Task
> > > Manager. Reply to this post and remember to include the full name (including
> > > extension) of the process that you noted above. Please ensure that you post
> > > the EXACT spelling AND case.
> > > Dwarf
> > >
> > > "Martin" wrote:
> > >
> > > > hi everyone!
> > > >
> > > > I am receiving an error messege whe windows starts up. I have windows vista
> > > > premium on my notebook. The error says:
> > > > "ERROR
> > > > Execution of the specified command has failed"
> > > >
> > > > It doesn't even say which command :-(. I have search in the windows journal
> > > > for errors in the applications and system but it doesn't show anything. I
> > > > suspect it might be a virus but Norton didn't find anything neither.
> > > > Searching in the web I have found that the AWF folder in the program files
> > > > folder may be a virus. Anybody have a clue about this, the files there may be
> > > > virus (setup and service?). Or how I can resolve the error message? Thank you
> > > > very much in advance!!
> > > >
> > > > Martin.