Dealing with isi32.exe


About “isi32.exe”, if a PC is infected, when we insert the USB pendrive, the pendrive will automatically be written with an “autorun.inf” and a “RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013“. However we delete the “autorun.inf” and “RECYCLER”, they will be written again and again.

And the “isi32.exe” is duplicated inside the “RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013”. Thus, the antivirus like AVG cannot detect the file, since it is in the recycle bin.

When the pendrive plug into other PC, and when the pendrive is run with “Autoplay”, the virus will be duplicated in C: drive again. So that another PC will be infected.

Therefore, to remove the virus is easy. First, we need Unlocker. Then, in the C: drive, “unlock” the “RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013”, so that we can delete the folder. After deleting the recycle, we need to restart the computer. This is because “isi32.exe” is still running. The incoming pendrive will still be infected. Finally, the PC is cleaned.

To clean the pendrive, remember not to “autoplay” the pendrive. Because it will run with “autorun.inf” that calls the isi32.exe in RECYCLER. Therefore, right-click the drive in Windows Explorer, and “open” the drive, then remove the “RECYCLER” and “autorun.inf”.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s