Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 malevolent iexplore.exe processes


  • This topic is locked This topic is locked
3 replies to this topic

#1 Crius

Crius

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 15 July 2010 - 12:02 PM

(Problem solved!.. please read below)


My system has recently been infected by 2 malevolent IEXPLORE.exe processes. I have tried many things ton get rid of them but to no avail. Posting in this forum is my final hope..

A brief history of what I have tried to get rid of the and what I have learned so far:

Symptoms:

-Two Iexplore.exe (system) processes at startup that use memory, cause pop-ups and infect the drivers of my sound card, ceasing its function. The pop-ups cannot be stopped with zone-alarm or windows firewall. Processes immediately restart when terminated in task manager. In process-explorer they are listed and said to belong to the E:\program files\internet explorer path as normal but are listed as a system process.

-The processes persist in windows safe mode with internet connection enabled but not in windows debug mode and normal safe mode.

Treatment:

-Ran superantispyware, spybot S&D and malwarebytes in safe mode (without internet), with system recovery disabled and all temporary files and documents on my hard disks removed: None of the detections solved my problem.

-i did a complete system scan with avira and avast both in normal mode and safe mode: no detections.

-In desperation i deleted the entire internet explorer folder at one time yesterday (when I was getting really fed up tongue.gif) but this caused failure to boot and I had to go back to safe mode and do a system restore. Remarkably this did seem to prevent the malevolent processes to start in safe mode with network options.

-I deleted suspicious startup entries with hijackthis but this did not solve the problem. Nor does manually disabling any programs that are set to autostart with windows.


Im at loss now how to proceed, any help from experts on this board is GREATLY appreciated.

As requested i added the dds file. The rootkit list I will try to add later, because the program provided on these boards crashed my computer somewhere during the scan, when I used it a moment ago. Also added hijackthis file just in case.

My system is an oldie btw but I use it because it has some useful programs for my current work/ internship still installed and I would like to prevent reinstalling windows, if possible:
AMD athlon XP 2500+
512mb RAM
windows xp home edition, service pack 3.

Again, many thanks in advance for any provided help
.

Thomas

Attached Files


Edited by Crius, 15 July 2010 - 04:13 PM.


BC AdBot (Login to Remove)

 


#2 Crius

Crius
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 15 July 2010 - 02:06 PM

After closer inspection I notice several other recent topics that report similar problems. I will try to keep track of them myself but if a moderator with posting ability could link me to the correct thread that would be awesome!

(so iexplore (system) processes under svchost, affecting sound and causing pop-ups).

#3 Crius

Crius
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:24 AM

Posted 15 July 2010 - 03:46 PM

I finally, finally managed to fix this problem. Since about 8 similar topics are unanswered atm moment I want to take the liberty to tell how I resolved it.

After studying under what circumstances the virus does and does not load during startup, I came to the conclusion that it had to do with some process that executes exclusively during computer startup, but has nothing to do with the entries under startup in msCONFIG. So apperently this bugger targets the bootkit command. There is a little program freely available called bootkit remover, that easily fixes this.

Thank god I managed to figure it out in the end. Some solace for my 1,5 wasted day smile.gif. Hopefully this information will be useful for others as well.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:24 AM

Posted 15 July 2010 - 04:42 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users