Isecurity Virus

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Important Announcement: The winners of the BC Million Post contest have been announced. You can read who the winners are at this post.

- BleepingComputer Management

BleepingComputer.com > Security > Am I infected? What do I do?

When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

Isecurity Virus

Options

gben123 View Member Profile	Sep 4 2008, 05:46 AM Post #1
New Member Group: Members Posts: 1 Joined: 4-September 08 Member No.: 235,892	I have a virus that has taken many forms as it evolved. It appears to be related to (or is) the iSecurity virus. In its current manifestation, it starts IE with the "Embedding" parameter via svchost.exe (RPC) then if I don't start my network interface, it will kill explorer, restart it and then restart IE. I have found a few holes in the virus what allow me to browse via TaskManager and also I can suspend IE using ProcessExplorer and that can let me use explorer. I like to find out who is sending the RPCs that start IE and also who is killing explorer. It is being restarted by winlogon according to PE. Does that mean win;ogon is infected? How else does winlogon know to restart explorer? The infected drive is removable and I have a second removable with a clean XP hence I can boot either one and access the other as drive E:

boopme View Member Profile	Sep 4 2008, 12:17 PM Post #2
To INSANITY and BEYOND !! Group: Moderator Posts: 9,297 Joined: 10-September 04 From: NJ USA Member No.: 2,608	Please follow the instructions from this self help tutorial How to remove the iSecurity (iSecurity.cpl) Trojan (Removal Instructions) -------------------- Can you spare some PC cycles to help FIND A CURE .. BC FOLDING TEAM Click me /info.. ThoughtVent a goodplace to discuss.<<>>>Staying Updated Calendar of Updates. For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....

« Next Oldest · Am I infected? What do I do? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 22nd November 2008 - 10:30 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides