I wanted to ask them xk avast! not detect a worm virus nod32 if that be??? and and and analyzed the folder where avast and nothing and no and carried me in memory to another pc and if you have nod32 detects it is ¿¿? and it is not because this date because if it suffers the most updated
hey and welcome to the forum.
name of the file?
and a virustotal report could be good if you can post so we have something more to go one.
but I can not give you a report of the other virus xk has nod32 pc is not mine and I have much time to watch it but I will try and see how they notice!
I got hit by this virus also and obviously was not detected. The link that infected me was ‘desk-airline.ru/ais/ditante.php’
The file was isecurity.exe. I think I got rid of it - 2 places. startup folder and registry - do a google search for ‘internet security virus’
Hi talla-sharon,
Thanks for the feed-back, the site indeed is a known phishing site, and 100/100 malicious: htxp://zulu.zscaler.com/submission/show/8861ede00cd4341a283423d8a1d4c626-1331554947
recently threat also added to Sucuri’s : http://sitecheck.sucuri.net/results/http://desk-airline.ru/ais/ditante.php
Website seems now been disabled by hoster because of security reasons,
isecurity.exe is indeed a fake av installer, it is the main process of internet-security-2012
You could click “Start"and select “Run”, then in the window insert excactly this txt without the surrounding”"
“taskkill.exe /F /IM isecurity.exe”.
Manual removal. Make hidden files viewable, instructions how to:
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/
Rename the existing file “isecurity.exe” to any random given name and reboot your computer.
Now the malware process is not active any longer…
Open your Registry Editor and search for this registry entry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Internet Security 2012″
Delete mentioned registry entry when there, and then finally also delete the file you previously had renamed,
polonus