virus problem, PLEASE HELP!

[YouAgain87]

Hi guys, could do with your help here.

A couple of days ago I got infected by the ise32 virus/trojan. As far as I understand it, it travels via portable devices. I've since cleaned up my system using Super Antispyware and formatted the drives, used the show hidden files and protected system files options in vista to also delete the recycler and desktop.ini files on the drives.

The problem however seems to have come back again. Now I only use the USB drive for data transfer between my PC and Laptop and both of them are clear of the ise32 virus, yet my pc got infected again. No other USB stick is used as I rely on Skydrive for accessing documents outside of home. Any ideas how this infection is spreading?

And well most importantly, Im using the latest version of AVG Free which now also has the auto removable drive scanning feature, but it has consistently failed to detect this virus. I always get the all clear. It's only after reboots when I get prompted to restore the ise32 file after logging in that I realise I've been infected. Anyone else have this problem? As far as I know the lack of anti-rootkit protection in AVG Free compared to AVG Pro shouldn't affect it's ability to detect this, even with an on demand scan.

I've used Norton 2009. It's a good product and it does protect me against that virus however it also deletes 39 registry files associated with the autorun feature so I'm left out without any autorun in vista, and no way of turning it back on without restoring the threat from the quarantine!

Please Help.

If I've posted in the wrong area, sorry and please could you place this in the right section.

[+BudMan MVC]

Autorun is how these viruses spread -- if your wanting to prevent infection of this kind of crap.. turn off autorun -- its been a security issue since DAY ONE.. Who in their right mind would setup a system to AUTORUN anything :rolleyes: WTF was MS thinking???

It's a virus writers wetdream -- we put put info in a file and every windows box that sees it will RUN IT ;) without any interaction from the user at all..

One of the first things I do when I touch a system is disable that autorun crap -- you have already been infected by it once, and you still want it on???

What I suggest is you read this

http://www.us-cert.gov/cas/techalerts/TA09-020A.html

National Cyber Alert System

Technical Cyber Security Alert TA09-020A archive

Microsoft Windows Does Not Disable AutoRun Properly

and this is another good read

http://www.cert.org/blogs/vuls/2008/04/the...ws_autorun.html

The Dangers of Windows AutoRun

And make SURE its disabled! ;)

[goretsky Supervisor]

Hello,

AutoRun was introduced with Microsoft Windows 95 and from what I recall, did not start to pop up as a vector for malware until 2007-2008, so that does mean that for a dozen years it was not used--or, at least, underutilized--as a technique to spread malicious code. From what I recall, the goal was it easier for users to run or install software from CD-ROMs.

As one might expect, Wikipedia has a detailed article on the subject here.

Regards,

Aryeh Goretsky

[YouAgain87]

Thanks, disabled autorun. Anyone have any experience with AVG not detecting the Ise32 virus? I've read loads of forums where people have claimed AVG has detected (and this was version 7.5) I can't understand why my AVG 8.5, a whole version up is giving me the all clear when there clearly is something wrong.

[+BudMan MVC]

"did not start to pop up as a vector for malware until 2007-2008"

Does not mean it was not a threat from its inception.

Only in the last few years have thumbdrives become so popular that it becomes an effective method of movement for the malware.

With the cost of portable drives in the dirt and the sizes getting bigger and bigger, everyone has one and uses them almost daily on any machine they touch (portableware, etc. etc.) shoot I picked up a 16 giger for less than $20, etc. EVERYONE has them - CDrom are not really writeable to the code such as this, etc. So not an effected mode of transport, after cd's took off who used floppies any more, etc. etc.

yes only in the last few years have you seen the threat hit the mainstream, does not mean that the problem with autorun could not be seen coming miles ahead. It was given that with such a method it would not be long before some malware writer was using it to spread his code.

[YouAgain87]

Ok well I've just cleaned my system yet again and reformatted the USB drives, manually cleaned the ise32 and used different AV's. It still comes back!

[Subject Delta]

"did not start to pop up as a vector for malware until 2007-2008"

Does not mean it was not a threat from its inception.

Only in the last few years have thumbdrives become so popular that it becomes an effective method of movement for the malware.

With the cost of portable drives in the dirt and the sizes getting bigger and bigger, everyone has one and uses them almost daily on any machine they touch (portableware, etc. etc.) shoot I picked up a 16 giger for less than $20, etc. EVERYONE has them - CDrom are not really writeable to the code such as this, etc. So not an effected mode of transport, after cd's took off who used floppies any more, etc. etc.

yes only in the last few years have you seen the threat hit the mainstream, does not mean that the problem with autorun could not be seen coming miles ahead. It was given that with such a method it would not be long before some malware writer was using it to spread his code.

Autorun isn't the problem. The fact that before Vista the autorun application on disks just ran without any prompting is the problem. A simple solution would be a UAC style popup (without the screen greyout) saying You have just inserted a drive containing XYZ application... Do you wish to allow it to launch.

Still in Vista, I think that even with signed application installers you get a message coming up asking you if you want to autolaunch which negates the issue somewhat.

[Sean2989]

One more tip, it sounds like the virus is replicating out of system restore. Disable system restore and and delete all saved restore points. Run your virus software, then see if everything is gone. If it is, re-enable system restore! Hope that helps.

[YouAgain87]

I think I found the source of the problem and it wasn't system restore. But all is well, seems to have been fixed. Thanks guys for all your help.

[+BudMan MVC]

Well how about sharing what you found the issue was -- so the next poor schmuck that finds this thread might have some help.