Dealing with isi32.exe

About “isi32.exe”, if a PC is infected, when we insert the USB pendrive, the pendrive will automatically be written with an “autorun.inf” and a “RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013“. However we delete the “autorun.inf” and “RECYCLER”, they will be written again and again.

And the “isi32.exe” is duplicated inside the “RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013”. Thus, the antivirus like AVG cannot detect the file, since it is in the recycle bin.

When the pendrive plug into other PC, and when the pendrive is run with “Autoplay”, the virus will be duplicated in C: drive again. So that another PC will be infected.

Therefore, to remove the virus is easy. First, we need Unlocker. Then, in the C: drive, “unlock” the “RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013”, so that we can delete the folder. After deleting the recycle, we need to restart the computer. This is because “isi32.exe” is still running. The incoming pendrive will still be infected. Finally, the PC is cleaned.

To clean the pendrive, remember not to “autoplay” the pendrive. Because it will run with “autorun.inf” that calls the isi32.exe in RECYCLER. Therefore, right-click the drive in Windows Explorer, and “open” the drive, then remove the “RECYCLER” and “autorun.inf”.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s