Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    3 Star Lounger
    Join Date
    Sep 2003
    Location
    Creston, Br. Columbia
    Posts
    251
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Malware called iesecurity

    This may not be the correct place to post this ...but I'll ask anyway. It has happened to my Win 7 machine.

    Has anyone run into a fake security trojan called iesecurity? It suddenly popped up on me while doing Twitter through TweetDeck. I don't recall clicking on any but familiar links ... but then maybe someone else was infected.

    Now I cannot access any program or file on this particular computer. Fake warnings pop up every few seconds. Every program is blocked, and I am informed every program I attempt to use is infected by w32/blaster worm.

    I am currently running malware bytes from a second computer on my local network.

    Any suggestions?

    Al

  2. #2
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Looks like Malwarebytes Anti-Malware should take care of it, but there's more information here: How to remove the IE-Security Rogue (Uninstall Instructions)

    Bruce

  3. #3
    3 Star Lounger
    Join Date
    Sep 2003
    Location
    Creston, Br. Columbia
    Posts
    251
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the info. I can't, apparently, run anything on the infected computer .. so malwarebytes is running over my network. That is slower than it would be running on a "local" machine. ...I hope it works this way.

    Al

  4. #4
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    S.F. Bay Area, California, USA
    Posts
    735
    Thanks
    15
    Thanked 80 Times in 78 Posts
    Al,

    ??Did you try running MBAM in safe mode??

    Zig

  5. #5
    3 Star Lounger
    Join Date
    Sep 2003
    Location
    Creston, Br. Columbia
    Posts
    251
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Not yet. MBAM is not installed on the infected computer. And with iesecurity blocking any software from opening, I can't find a way of installing it and going from there. The best I can do at the moment is run MBAM from a second computer over the network. So far it has found 1 of the bad files. Whether it can remove it/them will remain to be seen. The trojan has an item sitting on the screen offering a choice of clicks. I don't really want to click on it. But while it is open, Windows will see the program file as being in use, and I suspect MBAM will be unable to touch it. ... iesecurity.exe appears to have planted itself under 'documents and settings". Access to this is usually, under normal circumstances, rejected from outside of this computer (it is not a shared folder), so that may also prove to be a problem in removing the trojan.

  6. #6
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    6,793
    Thanks
    117
    Thanked 798 Times in 719 Posts
    The other option is to start in safe mode with networking. call up task manager (ctrl, shift, esc), and kill any suspicious process. Then, if the start button and task bar is missing, run explorer.exe from task manager's file menu. You should now be able to execute mbam.

    Jerry

  7. #7
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Slough, Berkshire UK
    Posts
    924
    Thanks
    55
    Thanked 52 Times in 50 Posts
    Maybe you can download and install on a USB stick (from a clean machine) the portable AVG virus scanner this will allow you to boot from the USB and scan for virus without windows running which overcomes the virus attempts to stop you..
    Hope this helps the link is in the name.

    There is a bootable version of Mbam also but not sure where to find it.
    Last edited by curiousclive; 2012-03-12 at 13:18.
    Clive

    All typing errors are my own work and subject to patents pending. Except errors by the spell checker. And that has its own patients.

  8. #8
    3 Star Lounger
    Join Date
    Sep 2003
    Location
    Creston, Br. Columbia
    Posts
    251
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Okay, I'll add this to my "to try" list. Thanks.

  9. #9
    3 Star Lounger
    Join Date
    Sep 2003
    Location
    Creston, Br. Columbia
    Posts
    251
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Good suggestions. Thanks.

  10. #10
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    S.F. Bay Area, California, USA
    Posts
    735
    Thanks
    15
    Thanked 80 Times in 78 Posts
    The other option is to start in safe mode
    That's what I meant.

    Zig
    Last edited by Zig; 2012-03-12 at 22:29.

  11. #11
    3 Star Lounger
    Join Date
    Sep 2003
    Location
    Creston, Br. Columbia
    Posts
    251
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Frustrating. ... Okay. In safe mode I installed MBAM. Tried running it. Freezes when trying to update definitions. Freezes in quick scan mode after 3 seconds. Can't even get out of it with Task Manager. Task Manager freezes. Reboot and try again. Same results. Internet connection okay ... FF works fine. For some reason, now, Documents&Settings is locked. ... Found two instances of WinDefender. Tried to just delete ... insists permissions needed from "TrustedInstaller" whatever that is. ... Otherwise, don't see any suspicious processes with Task Manager.

    Al

  12. #12
    3 Star Lounger
    Join Date
    Sep 2003
    Location
    Creston, Br. Columbia
    Posts
    251
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Interesting ... While in Safe Mode.. tried using recovery. Went back 2 weeks to "safe" point. Listed programs that would be deleted. No problem. Ran recovery. Booted up. Trojan is still there. So are the programs that were listed as "going to be deleted". Nothing changed.

    Al

  13. #13
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    When running a system restore from Safe mode, you must return to Safe mode to complete the system restore.

    I you don't, you won't have run the restore: the Trojan and all your programs that were going to be affected will still be present.

  14. #14
    3 Star Lounger
    Join Date
    Sep 2003
    Location
    Creston, Br. Columbia
    Posts
    251
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Oops .. I didn't see that. or know that. Tried again. However, when it comes back from doing the "restore/recover" from some earlier date, there is a message to say it could not be completed, nothing was removed, because "probably an antivirus program was running". No legitimate anti-virus is running. The only one likely running that calls itself anti-virus is the Trojan, and apparently it has itself hooked in to block recovery efforts. -- Just tried Malwarebytes again ... it won't run. I suspect the trojan is blocking again. ... So at the moment, after a full day of messing with this thing, it appears I am stuck with an almost useless computer.

    Al

  15. #15
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Try running the System Restore from Safe Mode Without Networking. i.e plain old Safe Mode, without the networking requirements.

    I have seen several times that these fraudulent AV tools are activated by a Windows networking component and disabling it (or rather not enabling in the first place) prevents the malware from loading from loading. I know others here have seen them active in Safe Mode Without Networking, but I believe it is less frequent.

    If that fails, download Autoruns and prevent the malware from loading at boot time. You would be looking for a random .exe filename, normally stored in you app data folder, without a publisher. When you see it, it normally sticks out like a sore thumb. Then try run the System Restore.

    Another trick is to change the MBAM executable filename to something else such as "goaway.exe", or even changing the .exe extension to such as "goaway.com" - malware is known to attack MBAM from time to time.

    Don't give up, the solution is normally straightforward.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •