Sign in to follow this  
blinkandyoumissme

isamini.exe, isamonitor.exe, IE "protection toolbar"

Recommended Posts

I recently clicked an obvious malware installer by mistake and have managed to make a real mess of my system.

 

My IE homepage has been changed to some dodgy security centre and I have a new toolbar I didn't want called the "protection toolbar".

 

I have checked the processes in the task manager and i also have isamini.exe and isamonitor.exe running. These are new to me. I have tried to end process, but they stay there.

 

Ad-Aware SE (all up to date), Spy-bot search and destroy and Windows Defender don't pick it up and my up to date McAfee virus scan doesn't either.

 

Help me, please!

 

Dave

Share this post


Link to post
Share on other sites

Hi ,

 

Apologies for the late reply, we've been quite swamped in here as you can probably see.

 

Are you still needing help?

 

I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic.

 

If you still need help we need two things:

 

1. Your Adaware Scan log with the latest reference file update.

 

Please make sure that you are using

Ad-aware SE Build 106r1

Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.

 

[if not Uninstall your old Ad-aware first then install SE]

Then use the WebUpDate

to get the latest Definition file

SE1R123 14.09.2006

To do this Open Ad-aware

Click the WebUpDate

button at the top right hand side of the Ad-aware screen (The world globe).

Click "Connect"

Ad-aware will then download the latest Definition file for you.

To make sure it is updated , look at the main

Ad-aware screen, and look under "Initialization Status"

It should say the Latest Definition file.

then scan doing a "Full Scan"

and then post your logfile here by using the Add-Reply Feature .

As Logs are stored in :

C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.

An easy way to get there is to

click Start,

click Run

And type in and press ENTER: %appdata%

then click Lavasoft

then Ad-Aware

and then Logs.

scroll down to find the latest one that you have

(by date & time)

and open it right Click select all

copy and then paste the contents of it here.

(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)

...............

2. A diagnostic log from this free tool called HijackThis

Instructions on creating a HijackThis Log

http://www.lavasoftsupport.com/index.php?showtopic=216

Share this post


Link to post
Share on other sites

Due to lack of response from the original poster, this topic will now be archived in the "Resolved" (read only) section, as Ad-Aware now removes this variant that the OP had.

 

If Ad-Aware with the latest update reference files does not resolve the problem, then you may have a new variant that is not detected yet. Please download and run this free tool:

 

1. Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

 

How to extract (decompress) zipped or compressed files

http://www.lvsonline.com/compresstut/index.shtml

 

Note : process.exe is part of the SmitFraudFix tool and is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky, Panda) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

 

 

2. Reboot into Safe Mode

You can usually do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

 

How to start the computer in Safe mode

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

 

3. Once in Safe mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd

 

Select option #2 - Clean by typing 2 and press Enter.

Wait for the tool to complete and disk cleanup to finish.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

 

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. If this still does not resolve your problem post the following logs into a new topic.

 

4. Once back into normal mode, please scan with HijackThis to produce a log. Post that log into your topic along with the other requested logs named below.

 

Logs needed in your next post are:

 

rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed

 

Fresh HijackThis log

Instructions on creating a HijackThis Log

http://www.lavasoftsupport.com/index.php?showtopic=216

 

 

 

New variants are released constantly so for anyone else having similar issues, you need to start your own new topic.

Share this post


Link to post
Share on other sites
Sign in to follow this