Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

If you see iexplore running on startup ...


  • Please log in to reply
No replies to this topic

#1 for.shore

for.shore

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 21 February 2009 - 04:32 PM

In case you notice iexplore.exe running in the background at startup in the Task Manager list

This seems new since most of the software is missing it ... Dr Web caught it:

iexplore.exe runs in the background on startup. depending on your config you might (or might not) notice it visiting a website such as p4FD96C53.dip.t-dialin.net. you can (probably) kill the process.

if the syste has folder & file c:\windows\system32\win32ini\svchost.exe (or similar in the windows dir), you may have this
you may also see extra copies of iexplore.exe where they're not supposed to be (search the c drive).

The newly created Registry Values are:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{803458AF-6312-B648-9593-7E7F006F550D}]
stubpath = "%System%\win32ini\svchost.exe s"

so that svchost.exe runs every time Windows starts


Lots more info at http://www.threatexpert.com/report.aspx?md...9597c97dbfada6c

Edited by for.shore, 21 February 2009 - 04:33 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users