0

I was just wondering if anybody here knows anything about this file. I have been trying to figure out what's going on with my machine for over a week now. I recently located the problem; a program file that loads in the windows startup sequence.

I'm assuming that this file is some kind of spyware, but it doesn't register with my McAfee Virusscan or my version of adaware. I located it when running msconfig to check what's in the startup sequence, but disabling it has no effect. Even deleting the file, which can only be accomplished after booting to DOS, it always returns.

The file, called isle.exe, has the very disturbing effect of disabling my virus shield, and my ZoneAlarm firewall.

The file is located in C:\windows\allusers\startmenu\programs\startup

Any help would be much appreciated, as a search of any of the search engines has yielded nothing about this particular file.

8
Contributors
11
Replies
12
Views
14 Years
Discussion Span
Last Post by gahan
0

Nasty thing. I've never heard of it. I have a few lists of common processes that run on Windows and it doesn't appear. Also did a search, and nothing.

What Windows do you have? I say get a better AntiVirus like Norton (I've never been a fan of McAfee) Make sure it's up to date. Have you searched your registry to see if it's being called from there? Also, for now, try putting an empty file in that directory where it copies to and name it isle.exe. Make it readonly and hidden so it doesn't try to copy itself there and try to overwrite. But who knows, the trojan or virus you got might be smart.

Also, try to open the exe file in notepad and see if you can find any readable words that might help your search.

0

The file, called isle.exe, has the very disturbing effect of disabling my virus shield, and my ZoneAlarm firewall.

First, since this seems to be some sort of trojan, a virus scanner won't help much. Second, which version of ZoneAlarm are you using? Is it up-to-date?

I don't recommend McAfee or Norton as virus checkers any more; the first works poorly and the second is a resource hog. Currently, I recommend Grisoft AVG, since it's updated regularly, very effective, and free for personal use.

I would also cross-check for spyware using Spybot Search & Destroy. Check http://Security.Kolla.de for news, forums, and download links. You might ask your question there, as well.

0

If you're really paranoid, I suggest you try more than one Antivirus. I've tried AVG, McAfee, and several other free and cheaper Antiviruses. In my opinion, none of them were as good as Norton. (The rest seemed to miss a few rare viruses.) Also, Norton does a good job at scanning, and can constantly scan (the other can too, but not as good I think). I don't think it sucks as much resources as you say. It is a big program compared to the other ones though, so I see your point. If you have 32 Megs of RAM, then it would be a problem though.

Also, try another firewall like Tiny or BlackIce.

0

Thanks for all your advice, everyone. I'll give your suggestions a try, and let you know how it goes. I wish I knew where this file came from, so I could put up a warning about it, but this computer is used by the whole family, so it could have come from virtually anywhere. As for the version of Windows I use, it's Windows 98SE.

I'll look at getting another Virus scanner...I've been meaning to do so anyways. The version of Zone Alarm I have is up to date (whatever the latest free version is), but I may try another of the firewalls...I've heard good things about Outpost.

I've also heard a few good things about SpyBot Search and Destroy. I'll download that one as well, and see if it finds anything.

Anyways, thanks again for the suggestions, and I'll let you know how it goes.

0

Well, I managed to at least confuse the program for awhile, but I know I haven't gotten rid of it.

I downloaded that SpyBot: Seek and Destroy program, and it's great...I'll have to send a donation to the creator for that one....It seems to be worth it. It did find a few items on my computer that Ad-Aware missed, though, unfortunately, it did not find the Isle.exe program I wanted it to find.

I'll still have to find myself another Virus Scanner, as Mcafee is not allowing me to download updates anymore anyways. I'll give that free one a try, and then look at purchasing Norton.

The file was definitely a smart one. Just creating a new, empty file named isle.exe didn't fix the problem. At startup, I'd get the message that Isle.exe is not a valid Win32 application, and then I'd look to find out that my fake had been replaced by the same, aggravating program. Finally, I created a fake in DOS, and made it a hidden, archive, read-only file as was suggested. This has managed to confuse the program enough that things are working again. I can even connect to my mail and FTP servers again.

Thanks again for all your suggestions...and I hope that nobody else manages to pick up this file; It has caused me over a week and a half of aggravation.

0

Glad to hear that you are making some headway. Personally, I used to use McAfee, and then switched to Norton and loved it. However, I found that it likes to creep into just about everything in Windows and practically invade the registry. The last time I reformatted, I installed McAfee VirusScan Online, figuring that it might be better considering McAfee is endorsed by Microsoft while Norton isn't (e.g. McAfee technology is built-into MSN and Hotmail, etc). So far I haven't had any problems with it. :)

0

I think you should check the registry. you can look into the "run" key to see if this software make itself autorun when windows starts. or you can search for the name of this one and delete related keys. of course, you should backup the registry before you make any change.

0

Thanks for the tip, laoli. I've checked through the registry, but wasn't able to find the entries that this program makes. Most likely, they are under a different name, or even a numbered entry. I'm not familiar enough with what should be there to start deleting things. For now, I've managed to keep the thing in check, but eventually I do hope to purge it from the system.

I'll be sure to continue visiting this forum...it's been great help. Thank you all.

0

i think its a trojan that has been renamed so it is harder to detect an cure. personaly my advise on virus scanners would have to be avg i have used others and i like it best. besides its free and you should give it a try if you dont like it you can always remove it.
but remember not to use both virus scanners at the same time it could work in a negative way. meaning not in ur favor.

i think the simple sulotion to ur problem would be to get the cleaner from this site.
http://www.moosoft.com/thecleaner/

this software is designed to pick up trojans. so it is sorta unique unlike virus scanners. i'm almost certain it will solve ur problems plz let me know what happens.

0

I had a lot of problems with Norton. Tried BullGuard and had better success. It updates an average of twice a day. You do have to pay to keep the system updating ($39/year), but it seems worth it to me - it has caught it's fair share of bugs coming through - but no anti-virus software is 100%, nor will they ever be. It is the mind of the virus creator against the computer and the brain will always win eventually.

0

Dear people,

The isle.exe is in fact the Bugbear virus. See this quote from virus info from McAfee:

"Installation

The worm copies itself to the START UP folder using a random file name (such as):

* Win98 : C:\WINDOWS\Start Menu\Programs\Startup\BSFS.EXE
* 2k Pro : C:\Documents and Settings\(username)\Start Menu\Programs\Startup\BSFS.EXE "

It uses a random file name. Sometimes this is isle.exe.

I helped my neighboors because the were suffering from a slow pc. So I took out their hard drive, and attached it in my computer running McAfee VirusScan Online. It had no trouble removing the bugbear virus (and several other virusses...). My neighbours used a really old Norton version with old scan engine. I'm going to suggest to them to buy a proper virus scanner.

Cheers

Gahan

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.