Abs.Net web Page

Share Your Knowledge, Build your Network..

isi32.exe removal, in case it is not show up in your Task Manager

Posted by absnet on 28 November 2009


Well, this is the second part of my first isi32.exe removal. Unluckily, in my first post, my isi32.exe isn’t run in my memory yet, then I think this is false alarm. I really know that this is virus when I look at my friends computer and found isi32.exe there. Trying to straight delete in my Total Commander is failed, because virus still working. After trying a while, I found the way to remove this thread.  

To cut my explanation short, you can’t use Task Manager, Extended Task Manager or such task manager program to see this virus. Instead, use the program i show you. But remember, USE THIS PROGRAM WITH DEEP CAUTION, because you only RUIN your WINDOWS if you DONE wrong.

a. Deleting Hidden Registry Start-up 

  1. Make sure your computer infected by searching isi32.exe in your HARD DRIVE and USB DRIVE. Better use Total Commander.
  2. Unplug your USB Drive.
  3. Download the program here
  4. EXPLORE the zip file, double clicks AUTORUNS.exe
  5. click EVERYTHING tab, and push CTRL + F to find a file
  6. write isi32.exe on search box. You’ll find a registry in recyler bla bla bla pointing this file.
  7. Push  DELETE and confirm
  8. (I don’t know if this virus triggering wscript.exe or not, but this step is just making sure). Repeat step 6, but search wscript.exe. Do step 7.
  9. CLOSE autoruns.exe

b. Searching Registry Trigger

  1. Open your registry by writing regedit in start/run
    • if message box inform that registry editing is disabled, enabled it with the script here
  2. Search every occurence of isi32.exe (there’s more than 5 in my computer), by pushing CTRL+F and write isi32.exe on it.
  3. Delete every occurence of isi32.exe
  4. Repeat this step using F3 key

c. Killing autorun function

It’s important to kill your autorun function in your computer, because many viruses use this function to spread. The only drawback is, when you insert your USB or CDROM, it won’t play automatically. I suggest to use Total Commander at first time opening file, to snapshot hidden file. Follow this step to  turn off this function

  • a. On start-run write  “gpedit.msc”. If you use Windows XP Home, gpedit isn’t available, please download here   I found that using any tools I know, for windows home edition, it’s not success!. Any Ideas? (edited : March 19, 2009)
  • b. On gpedit, choose  “computer configuration/administrative templates/system”
  • c. Click “turn off autoplay/choose enabled”
  • d. Choose ” all drives” at drop down menu
  • e. push “apply and OK”

 

When you finish steps above, please restart your computer. On computer restart, do this steps

  1. Plug your USB DRIVE
  2. Open Total Commander
  3. Search isi32.exe on Total Commander in your C: and USB drive
  4. Delete that file

If you still can’t use Total Commander, please see this overview

Congratz,  your computer is free from that virus.. If you’re not sure, check again using autoruns.exe.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: