Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IEXP.EXE problem


  • This topic is locked This topic is locked
3 replies to this topic

#1 stanman61

stanman61

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 13 July 2005 - 01:07 PM

Can't get rid of iexp.exe that's causing problems on our server. Remove from registry, everything seems fine, but comes back and slows the server down. Any help is appreciated. Have run Ad-Aware and Spybot, Ad-aware found three items and Spynot none.

Logfile of HijackThis v1.99.1
Scan saved at 10:20:52 AM, on 7/13/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\IEXP.exe
C:\Documents and Settings\nf\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NAV\VPTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [System Service] IEXP.exe
O4 - HKLM\..\RunServices: [System Service] IEXP.exe
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = D:\PVSW\Bin\W3DBSMGR.EXE
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = int.creamcity.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = int.creamcity.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = int.creamcity.com
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Backup Exec Remote Agent for Windows NT/2000 (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\bentaa\beremote.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\PROGRA~1\NAV\DefWatch.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: mr2kserv - Unknown owner - C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\PROGRA~1\NAV\Rtvscan.exe
O23 - Service: Disk Management Service (VxSvc) - VERITAS Software Corp. - C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe

Edited by stanman61, 13 July 2005 - 01:31 PM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:27 PM

Posted 15 July 2005 - 12:49 AM

Hello stanman61 and welcome to the BC malware forum. After reviewing your log I see a few items that require our attention. Please print these directions and then proceed with the following steps in order.

Step #1

Start HijackThis and follow these steps:
  • Click on Config button
  • Click on the Misc Tools button
  • Click on the Open Process Manager button
Find the following items and click on each one to select it and then click on the Kill Process button to stop the process.:C:\WINNT\system32\IEXP.exe
Step #2

Now click the Back button and then the Scan button. Look for the following items and click in the checkbox in front of each item to select it:O4 - HKLM\..\Run: [System Service] IEXP.exe
O4 - HKLM\..\RunServices: [System Service] IEXP.exe

Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

Step #3

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Find the following files/folders and delete them (don't worry if they are already gone):C:\WINNT\system32\IEXP.exe
Step #4

OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 stanman61

stanman61
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 19 July 2005 - 12:49 PM

Worked like a charm. It's been a few days and it still hasn't returned. Thanks for your help OldTimer! :thumbsup:

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:03:27 PM

Posted 20 July 2005 - 07:01 PM

You're very welcome stanman61. I'm glad that we could help.

Now that your malware issues have been resolved I will close this topic. If you need it reopened for this same issue then please PM me. If you have any new issues in the future then please start a new topic.

Cheers.

Keep on computing!

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users