Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Windows 2003 Small Business Server multiple iexplore.exe processes

  • Please log in to reply
1 reply to this topic

#1 B-Mass


  • Members
  • 1 posts
  • Local time:01:15 AM

Posted 09 February 2010 - 04:07 PM

I am working on a Windows 2003 Small Business Server. The server will using 2.03 GB of virtual memory and the processor will be running at 98% when no one is logged on. Many iexplore.exe processes are running under the administrator account. Approximately every 20 minutes a pop up with "http://cdn.optmd/com/?g=Af////8=&r/=whatismyip.com - Screensavers - Windows Internet Explorer" in the header appears. Malware bytes and a-squared find nothing but minor tracking cookies. Below is the Hijack This log.

EDIT: Removed log-not allowed in this forum-MG

Edited by garmanma, 10 February 2010 - 04:05 PM.

BC AdBot (Login to Remove)


#2 groovicus


  • Security Colleague
  • 9,963 posts
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:15 AM

Posted 09 February 2010 - 05:51 PM

You have this posted in the wrong section for Hiajckthis analysis. You need to post it in the correct location. However, since this is a potentially infected server, your best option is to reformat. Out removal team can only remove known infections, and the fact that you feel your server is infected is a strong argument for there being an infection that will not be detected. Servers are a favorite target for rootkits.

Additionally, if your anti-virus is finding tracking cookies, then you have been using your server to surf the web, which is a huge no-no. My suggestion, from someone who has run their own server for a few years now, reformat, lock down the box, and leave it as a server.

If you still want to get help, go here:

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users