Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Isecurity Virus


  • Please log in to reply
1 reply to this topic

#1 gben123

gben123

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 PM

Posted 04 September 2008 - 05:46 AM

I have a virus that has taken many forms as it evolved. It appears to be related to (or is) the iSecurity virus. In its current manifestation, it starts IE with the "Embedding" parameter via svchost.exe (RPC) then if I don't start my network interface, it will kill explorer, restart it and then restart IE. I have found a few holes in the virus what allow me to browse via TaskManager and also I can suspend IE using ProcessExplorer and that can let me use explorer.

I like to find out who is sending the RPCs that start IE and also who is killing explorer. It is being restarted by winlogon according to PE. Does that mean win;ogon is infected? How else does winlogon know to restart explorer? The infected drive is removable and I have a second removable with a clean XP hence I can boot either one and access the other as drive E:

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:30 PM

Posted 04 September 2008 - 12:17 PM

Please follow the instructions from this self help tutorial

How to remove the iSecurity (iSecurity.cpl) Trojan (Removal Instructions)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users