RUNDLL Error loading iSecurity.cpl at Windows XP Startup

Question

System: Dimension 2400. WinXP Home, SP2.  Running: McAfee Security Suite (incl VirusScan 12.1), Webroot SpySweeper (Ver 5.5.7.124), and SuperAntiSpyware Free Edition (Ver 4.0.1154).   Please advise if this topic should be posted elsewhere.  (Saw direction to a link for another forum for these types of issues, but it seemed to be for Windows Vista.)   Symptom:  After quarantining (in SuperAntiSpyware) 16 'infections' (including 'iSecurity.cpl'), the above error message is displayed at Windows startup.  To which you must click OK.   Question:  I know I can 'restore' the quarrantined items (with SuperAntiSpyware), but should I?  Or just restore the   iSecurity.cpl    entries?   (I have been told that these are remnants of malware that had been removed from by PC last week.)   Quarantined item details below:    I need to figure out how to post screen print of items.  I can not copy/paste them. The most relevant entries say:Trogan-Downloader.gen        C:\WINDOWS\SYSTEM32\ISECURITY.CPL            C:\WINDOWS\SYSTEM32\ISECURITY.CPL   (yes, there are 2 such entries) There are many other entries with 'isecurity' in the name.       Next screen down, leftmost portion of entries visible           Same screen as above, but with rightmost portion of entries visible

ky331 · Answer

from your description, it appears that SAS removed part, but not all, of the iSecurity.cpl problem.

(the most likely scenario is that it removed the infected file itself, but left over a "calling card" that's still trying to access that deleted file [via a RUNDLL32 command on startup].)

while another scanner might be more effective in removing any "remnants", I think the most prudent thing for you to do at this point is generate and post a HiJackThis log, in the HJT forum. That will reveal what "portions" of the problem still remain.

.

Download the latest version of Trend Micro's HiJackThis (HJT) [version 2.0.2] installer from

http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

.

Save it to your Desktop.

.

Double-click on the HJTInstall.exe file you just downloaded, and click on the Install button, to install HJT in the suggested/default folder,

C:\Program Files\Trend Micro\HijackThis

.

( As part of the installation, a shortcut to the HJT program will be placed on your Desktop, and another shortcut in your START menu [for easy-access to using HJT in the future ---

you only need to run the program again, but not the installer ] ).

.

After installation, HJT will automatically open and start running.

[If this is your first time running HJT, please read and accept the EULA (End-User License Agreement)]

.

Click on Do a System Scan and Save a LogFile

This will automatically open NotePad

Copy the entire file from NotePad: EDIT/SelectAll, EDIT/Copy

Then go to the forum dedicated for HiJack This logs (**NOT** back here), and PASTE the results there:

http://forums.us.dell.com/supportforums/board?board.id=si_hijack

Be sure to include a detailed description of any problems/errors/warnings you are encountering.
Also, please indicate the steps you've already taken, if any, in terms of running anti-malware scanners or malware removal tools.

When you submit your HJT log, please make sure the box under your text which shows "Automatically convert carriage returns to HTML line breaks" is checked, or your log may not format correctly... it should consist of separate/readable lines, not one large "jumble".

Hopefully, one of the HJT experts will get to it as quickly as possible.

WARNING: HiJack This is a VERY POWERFUL tool. While it's completely safe for you to download, generate, and post your log (as described above), you should *NOT* attempt to do anything else (in particular, do NOT use it to delete/fix any entries) until you are advised to do so by a forum expert!! Improper use of this tool can severely damage your system.

Virus & Spyware

Was this post helpful?