Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
3528 Views 5 Replies Latest reply: Mar 20, 2012 10:36 AM by Ex_Brit RSS
tapper100 Newcomer 1 posts since
Mar 4, 2012
Currently Being Moderated

Mar 4, 2012 12:34 PM

iSecurity malware

Hi,

 

On Thursday, the iSecurity malware basically took over my laptop (installed a desktop icon and ran without any prompting).  I ran McAfee full scan, but it didn't find it (and it didn't stop it from loading-I have the firewall on).  Additionally in safemode, McAfee, Spybot and SuperAntiSpyware did not find it.  I finally ran Norton Power Eraser and that took care of the problem.  I don't see anything on McAfee about this malware.  So my question is, why didn't McAfee find it and why didn't my firewall keep it from coming in? 

Do I need to reload McAfee?  I'm wondering if it is corrupted.

 

Thanks!

  • Ex_Brit Volunteer Moderator 59,556 posts since
    May 6, 2004
    Currently Being Moderated
    1. Mar 4, 2012 1:31 PM (in response to tapper100)
    Re: iSecurity malware

    hi,

     

    That's unfortunate I know and believe me, I'm willing to bet that Norton's regular antivirus wouldn't detect it either.  None of the major antivirus applications are any good against these things.   McAfee has it's own tool - Stinger.  It and several other tools are listed here:  https://community.mcafee.com/docs/DOC-2168

     

    iSecurity is like so many fake anti-malware pests out there, it requires the user to click on something bad to activate it and the way they work isn't detectable by regular antivirus.

     

    If your SecurityCenter is green and says it's protecting when you open it then you are OK.


    https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-143933-5189/78-49/Peter.gif
    Toronto • Canada
    Volunteer Moderator
    I can't help you privately - please post in the Forums
    Use Advanced Forum Search To Find Answers
    Beta Test McAfee Products For PC & MAC
    How To Fix File Associations in Windows
    XP & Office 2003 End-Of-Life - 08 April, 2014
    Anti-Spyware/Malware & Hijacker Tools
  • KatherineYH Hayes Newcomer 28 posts since
    Jul 20, 2011
    Currently Being Moderated
    2. Mar 9, 2012 7:12 PM (in response to Ex_Brit)
    Re: iSecurity malware

    In order to the delete the files associated with the virus, you will need to stop the processes of security tool in task manager.


    Life without knowledge is death in disguise
  • Ex_Brit Volunteer Moderator 59,556 posts since
    May 6, 2004
    Currently Being Moderated
    3. Mar 9, 2012 7:44 PM (in response to KatherineYH Hayes)
    Re: iSecurity malware

    KatherineYH Hayes wrote:

     

    In order to the delete the files associated with the virus, you will need to stop the processes of security tool in task manager.

    Who mentioned security tool?

     

    The OP already stated that the problem had been dealt with,   Posting a one-liner like you do in many threads I've observed and not explaining how to do what you are saying is at best useless and certainly isn't very helpful..


    https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-143933-5189/78-49/Peter.gif
    Toronto • Canada
    Volunteer Moderator
    I can't help you privately - please post in the Forums
    Use Advanced Forum Search To Find Answers
    Beta Test McAfee Products For PC & MAC
    How To Fix File Associations in Windows
    XP & Office 2003 End-Of-Life - 08 April, 2014
    Anti-Spyware/Malware & Hijacker Tools
  • preinie Newcomer 1 posts since
    Mar 20, 2012
    Currently Being Moderated
    4. Mar 20, 2012 10:29 AM (in response to Ex_Brit)
    Re: iSecurity malware

    I recently had to remove a couple of these from laptops.

     

    Supposedly the reason that the normally installed virus tools like Symantec and McAfee let isecurity through is because the user clicks on something (sometimes even to dismiss the window) and that click is considered an acknowledgement to, shall we say, "attack". (OK, maybe install is a better word.)

     

    On the machines I've removed these from, (all having Symantec with firewall), clicking on the Symantec Endpoint Protection logo displays the window for a second and then it's killed. Many other programs are also killed, like TaskMgr, Start->Run->Command, etc.

     

    Our users do not have admin priviledges so it only affects the non-admin user or users (we only have one user per laptop), so if one can log in as Admin they can remove the isecurity.exe file and that usually gets them far enough along to continue more removal.

     

    One removal was from a remote user. We couldn't log in because the user couldn't VPN to corporate for us to PCAnywhere to his laptop.

     

    Booting into "Last Know Good Configuration" contained the isecurity malware, so I had him boot into Safe Mode with Command Prompt (F8 prior to windows XP loading). As soon as the command prompt is available, continue:

     

    Change Directory to the places isecurity.exe is usually placed, and delete them... %CommonAppData%\ and/or %AppData%\ . Possibly also C:\Documents and Settings\<current user>\Desktop. Delete any links (.lnk) too which look like "Internet Security".

     

    One machine had a couple of <numbers>.exe files (like 70394524.exe) which I deleted too, but I don't know if they were isecurity.exe reinstalls of what. They were just too suspicious.

     

    I also had him edit the registry, to remove the Run entry which starts iscurity at booting, but with it removed, that likely didn't matter. I think you have to be Admin to remove the real key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run <any thing that looks like "Internet Security">. Also check RunOnce and remove if found there.

     

    Clean the Temp files and browser history, cookies, etc. (I won't bore you with the details of this - look it up.)

     

    The key was to find "isecurity.exe" and hard-delete it... do not move to the recycle bin! Shift-delete when selected does hard-delete when in a windows mode. I believe DEL from the command prompt normally does a hard-delete. Please correct me if I'm wrong on that! Many of the write-ups on this malware (I used www.bleepingcomputer.com/virus-removal/remove-internet-security-2012) recommend the use of their tool for removal, but our users don't have install priviledges, so I just used the removal instructions as a guide.

     

    There, no one-liners (many one-liners, each of which may be dissected)!

  • Ex_Brit Volunteer Moderator 59,556 posts since
    May 6, 2004
    Currently Being Moderated
    5. Mar 20, 2012 10:36 AM (in response to preinie)
    Re: iSecurity malware

    Thanks for posting.   That could help a lot of people.


    https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-143933-5189/78-49/Peter.gif
    Toronto • Canada
    Volunteer Moderator
    I can't help you privately - please post in the Forums
    Use Advanced Forum Search To Find Answers
    Beta Test McAfee Products For PC & MAC
    How To Fix File Associations in Windows
    XP & Office 2003 End-Of-Life - 08 April, 2014
    Anti-Spyware/Malware & Hijacker Tools

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points