Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Iexplore.exe


  • Please log in to reply
12 replies to this topic

#1 cor3

cor3

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 01 August 2007 - 10:29 PM

ok, well recently i got infected by something, and it left the virus protect pro malware thing on my computer

i got rid of that with avg spyware remover

but when i looked in process manager i noticed that there were 2 iexplore.exe processes running

i did a search for iexplore.exe in my files and folders and found it in 3 different places

one is in program files

the other is in C:\i386

and the last one is in C:\WINDOWS\BricoPacks\SysFiles and that one is called 68_iexplore.exe

so are those supposed to be there or am i infected with something :thumbsup:

btw im using windows xp

Edited by cor3, 01 August 2007 - 10:40 PM.


BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:12:28 PM

Posted 01 August 2007 - 10:40 PM

Internet explorer can be in several places: C:\I386, C:\WINDOWS\ServicePackFiles\i386\, C:\Program Files\Internet Explorer\,

C:\windows\prefetch\ are a few, the best thing that I could say to do is to upload the file to Virus total or Jotti and see what results you get.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\BricoPacks\SysFiles 68_iexplore.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 cor3

cor3
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 01 August 2007 - 10:50 PM

ok i scanned it at the site you recommended and it found nothing and said the file was OK

also i noticed something else, in my C:\WINDOWS folder there is an iexplorer.exe file and the icon is a little piece of paper with the corner torn and next to it is a iexplorer.exe-up.txt, now i read online that iexplorer.exe is not safe, so should i delete those files??

its also in my startup selection

Edited by cor3, 01 August 2007 - 11:06 PM.


#4 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:12:28 PM

Posted 01 August 2007 - 11:41 PM

Give the machine a scan with dr web cure it
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#5 cor3

cor3
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 01 August 2007 - 11:55 PM

[Scan path] c:\documents and settings\all users\application data\16 new ping long\license multi 16.exe
c:\documents and settings\all users\application data\16 new ping long\license multi 16.exe infected with Trojan.Swizzor - deleted

[Scan path] c:\documents and settings\all users\application data\long slow road itch\drv bin.exe
c:\documents and settings\all users\application data\long slow road itch\drv bin.exe infected with Trojan.Swizzor - will be cured after reboot

[Scan path] c:\documents and settings\all users\start menu\programs\startup\desktop.ini
[Scan path] c:\documents and settings\miljo\application data\test great send\wiperect64.exe
c:\documents and settings\miljo\application data\test great send\wiperect64.exe infected with Trojan.Packed.149 - incurable - moved



3 of the viruses found, so should i delete the file that is quarantined?
all 3 of them are still on my startup list, should i remove them?

btw, after i used the dr.cure it, i was able to end the iexplore.exe processes

Edited by cor3, 02 August 2007 - 01:12 AM.


#6 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:12:28 PM

Posted 02 August 2007 - 01:34 AM

I would recommend that you download and install Spybot Search and Destroy, if you dont have it.

To eliminate startup items,
  • click mode,
  • click advanced,
  • in the menu on the left side, click tools find system startup,
  • double click the system startup words, find the item( s) that you no longer want to run at startup
  • click once to select
  • then click on the Red X at the top to kill that item.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#7 cor3

cor3
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 02 August 2007 - 01:37 AM

ok, ill do that

but my question is SHOULD i kill those items?

#8 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:12:28 PM

Posted 02 August 2007 - 01:42 AM

I would get rid of them, as all you will get is an error message saying the file cant be found at the next startup. Don't kill anything that you cannot identify in that list. also, empty the quarantine that dr web created, and scan with another online scanner, such as the F-Secure online scanner. This only works in Internet Explorer. Let us know if anything else is found.

Also we need to address these three things, as they don't seem "right"

C:\WINDOWS \iexplorer.exe aNd iexplorer.exe-up.txt these are bulldookey

and this: C:\WINDOWS\BricoPacks\SysFiles\68_iexplore.exe "que Lights and alarms, even though it has no virus"

Edited by oldf@rt, 02 August 2007 - 01:48 AM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#9 cor3

cor3
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 02 August 2007 - 01:51 AM

well i deleted the iexplorer.exe files already

so should i also delete the thing in bricopacks?

#10 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:12:28 PM

Posted 02 August 2007 - 02:03 AM

Try to run the f secure online scan, and while I am looking for more information on the Brico Packs stuff.

finished the research.
Brico packs are what are called universal shell packs, or add ons that are used to change the look of XP here is a link
http://www.crystalxp.net/bricopack/en-precautions.htm
If you do not play world of warcraft, or if you have not changed windows xp to a new shell, it could be a trojan of some kind or a downloader to pull in a trojan .
I was only able to finds sites in french that had references to the actual file, and it was identified there as the conhook trojan downloader.
see if f secure kills it.

Edited by oldf@rt, 02 August 2007 - 02:21 AM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#11 cor3

cor3
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 02 August 2007 - 04:18 AM

ok.... new problem

i was doing the fsecure scan and it crashed, so i had to reboot my comp
and when i did, and the windows loaded again... the freaking virusprotectpro was back on :thumbsup:

i restarted in safe mode, and used S&D and it said it got rid of it, but when i went back to normal mode... its still there

how do i get rid of this thing

EDIT: i think ive removed it using the smithfraud tutorial, but im a little scared to restart my comp

also after the smithfraud thing when i booted normally into windows, my desktop wallpaper was just blue... is this normal?

sorry if im asking dumb questions and being too paranoid.... im just really frustrated

Edited by cor3, 02 August 2007 - 04:46 AM.


#12 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:12:28 PM

Posted 02 August 2007 - 06:25 AM

Download and run Rogue Remover Free and Superantispyware, from safe mode, once that is done, re select your wallpaper.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#13 cor3

cor3
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 06 August 2007 - 05:24 AM

ok, i think everything is back to normal, i restarted my comp and virus protect pro didnt pop up and my computer has been working normally

thanks a lot for your help oldfart :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users