AVG-IS9 : E:\OBJESI\sise.exe Threat detected!
Closed
JB
-
Nov 5, 2010 at 07:00 PM
Biggles7 Posts 1 Registration date Tuesday November 9, 2010 Status Member Last seen November 9, 2010 - Nov 9, 2010 at 04:40 AM
Biggles7 Posts 1 Registration date Tuesday November 9, 2010 Status Member Last seen November 9, 2010 - Nov 9, 2010 at 04:40 AM
Related:
- AVG-IS9 : E:\OBJESI\sise.exe Threat detected!
- Avg tuneup - Download - Cleaning and optimization
- Download avg free - Download - Antivirus
- Avg - Guide
- Need to calculate monthly avg and yearly miles from odometer ✓ - Excel Forum
4 responses
Biggles7
Posts
1
Registration date
Tuesday November 9, 2010
Status
Member
Last seen
November 9, 2010
1
Nov 9, 2010 at 04:40 AM
Nov 9, 2010 at 04:40 AM
Problem: USB flashdrive/pendrive/stick can NOT be formatted if there is a folder OBJESI/sise.exe stored there. This executable file WILL infect ANY and all USB flashdrives connected to the affected computer. And when these infected USB flashdrives are connected to another "clean" computer, this infection will be passed ON to this computer, spreading the infection. Furthermore, the KEY elements of this infection create changes in the Windows REGISTRY. And until these registry keys are deleted....the infection can NOT be eradicated. And USB flashdrives with the OBJESI folder can NOT be formatted...remember.
Step 1: To SEE the OBJESI folder you must change the Windows setting in the Tools/Folder Options/View window. UNCHECK the box "hide protected operating system files".
Step 2: On my PC, I was able to track down the precise location in the registry thanks to one of the best Anti-Spyware + Anti-Virus programs on the Web : SPYWARE TERMINATOR. And it's freeware.....NO catch !!
(I"ve been using it for years, and this software has come to my rescue countless times....)
Step 3: Back up the registry BEFORE any changes or deletions are made, please!!
Step 4: Now carefully go to these TWO registry keys using these two pathways:
HKCU\Software/Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*g E:\OBJESI\sise.exe
HKCU\Software/Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe\j E:\OBJESI\sise.exe
Step 5: DELETE these two keys.
Step 6: Reboot the computer.
Step 7: Insert the infected USB flashdrive and you can now FORMAT this flashdrive/pendrive/USB stick.... Use QUICK-FORMAT.
IMPORTANT: You may have to repeat this process if you have two or three USB flashdrives/pendrives/sticks. Every time ONE infected USB flashdrive is inserted...the computer Registry can be instantly changed with the infected registry keys. But when ALL your USB flashdrives are cleaned out from OBJESI, the infection has been eradicated.
Keep these notes handy in case the infection reappears when you inadvertently insert some newly infected flashdrive. Perhaps one used by a colleague or lent to you by a friend.
The OBJESI folder is highly contagious: all it takes is just ONE connection to an infected computer.
Step 1: To SEE the OBJESI folder you must change the Windows setting in the Tools/Folder Options/View window. UNCHECK the box "hide protected operating system files".
Step 2: On my PC, I was able to track down the precise location in the registry thanks to one of the best Anti-Spyware + Anti-Virus programs on the Web : SPYWARE TERMINATOR. And it's freeware.....NO catch !!
(I"ve been using it for years, and this software has come to my rescue countless times....)
Step 3: Back up the registry BEFORE any changes or deletions are made, please!!
Step 4: Now carefully go to these TWO registry keys using these two pathways:
HKCU\Software/Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*g E:\OBJESI\sise.exe
HKCU\Software/Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe\j E:\OBJESI\sise.exe
Step 5: DELETE these two keys.
Step 6: Reboot the computer.
Step 7: Insert the infected USB flashdrive and you can now FORMAT this flashdrive/pendrive/USB stick.... Use QUICK-FORMAT.
IMPORTANT: You may have to repeat this process if you have two or three USB flashdrives/pendrives/sticks. Every time ONE infected USB flashdrive is inserted...the computer Registry can be instantly changed with the infected registry keys. But when ALL your USB flashdrives are cleaned out from OBJESI, the infection has been eradicated.
Keep these notes handy in case the infection reappears when you inadvertently insert some newly infected flashdrive. Perhaps one used by a colleague or lent to you by a friend.
The OBJESI folder is highly contagious: all it takes is just ONE connection to an infected computer.
Most likely OBJESI is hidden by default.
Turn it on by changing the "Show hidden folders" option in the Folder Options in your Control Panel.
Turn it on by changing the "Show hidden folders" option in the Folder Options in your Control Panel.
I just found this on my backup drive as well. Showing hidden folders doesn't make it visible. I found it because I was using a spatial analysis program that showed me this OBJESI folder in its catalog system. I also couldn't delete the folder because it said it was being used by a process. Although it appears as nothing is being stored in that folder it was actually taking up about 1.5 gigs of space. So any files in it must be hidden. The IT guy didn't have a solution except to reformat my computer. The McCaffee virus software did not find this sise.exe file. And I definitely infected other computers buy moving my flash drive to them. However I didn't infect my laptop with it don't know why. Possibly because I have Comodo or could be because my laptop wasn't connected to the internet. IT guy thinks the purpose is too use other people's available disk space.
I used a linux(ubuntu 10.04) machine to mount the drive, I can see the \OBJESI folder and sise.exe inside it. The autorun.inf was modified to run this virus when you connect it to your windows computer. I can easily delete them from linux computer. I also get a lot of music which are stored in the RECYCLER folder by the hacking program. I guess they're shared online when you connect your drive to your computer. If you don't have linux machine, you can use some bootable CD to delete them.