Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


IE launching without my consent

  • Please log in to reply
3 replies to this topic

#1 lt_dan


  • Members
  • 45 posts
  • Local time:08:12 AM

Posted 28 September 2004 - 09:28 AM

I thought I had cleared out the culprits, but apparently not.

I have a pop-up blocker running, and often I'll see an MSIE ad-sized window trying to pop up, but it gets squelched. When I check to see what processes are running, IEXPLORER.EXE is always running (I don't use it as my default browser, but I have it on this system because I occasionally need one bit of its functionality). When I end the process, it goes away, but it always comes back.

What malware will do this? I just removed some junk that was being malicious, but there must be something else I can't find.

BC AdBot (Login to Remove)


#2 jgweed


  • Members
  • 28,473 posts
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:08:12 AM

Posted 28 September 2004 - 11:17 AM

iexplorer - iexplorer.exe - Process Information

Process File: iexplorer or iexplorer.exe
Process Name: RapidBlaster parasite

iexplorer.exe is the executable for a virus that is a variant of the RapidBlaster parasite that downloads and displays advertising from an Internet location. This process should be removed to ensure your personal privacy.

Source: http://www.liutilities.com/products/wintas...rary/iexplorer/

iexplorer.exe RapidBlaster is a task run on Windows startup.
When an internet connection is present it periodically connects to its servers to fetch advertising.
Typically pop-ups for porn sites.
Can download and execute arbitrary unsigned code pointed to by its controlling servers.

RapidBlaster/Rnd is an update which uses pseudo-random filenames.
If it fails to contact its server it will just use 'RapidBlaster\rb32.exe' as with older variants.
If you remove it, it will reinstall itself using a new name.

Installed with ActiveX drive-by download on affiliate pages, including misleading download links (eg. 'megamovieblaster') and pop-ups.
Also can installed by the ISTBar parasite.

Manual removal
Open the Task Manager and end the RapidBlaster process (rb32.exe, or, in the Rnd variant)

Find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the 'Something lptt01' entry.
'Something' will be the same as the filename of the RapidBlaster program - you can now delete the folder containing this.

Or remove it from startup by RegRun Startup Optimizer.
Source: http://www.greatis.com/regrun3di.htm#iexplorer.exe

Whereof one cannot speak, thereof one should be silent.

#3 Grinler


    Lawrence Abrams

  • Admin
  • 43,640 posts
  • Gender:Male
  • Location:USA
  • Local time:09:12 AM

Posted 28 September 2004 - 11:28 AM

If the advice John gives does not work, post a hijackthis log in the hijackthis logs forum and we will take a stab at it.

#4 lt_dan

  • Topic Starter

  • Members
  • 45 posts
  • Local time:08:12 AM

Posted 28 September 2004 - 11:34 AM

Thanks. But I don't have an rb32.exe in processes, and don't have one listed in a search of .exe files on the hard drive.

I'll have to go get hijack this and do that.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users