Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplorer.exe popup + sound issues.. Please help


  • This topic is locked This topic is locked
5 replies to this topic

#1 alias10

alias10

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 25 July 2010 - 04:52 AM

Hi everyone,

I've been trying to assist a relative of mine via phone over the last 24 hours to rid his pc (running XP) of what I worked out to be a 'bug' relating to iexplorer.exe. This process is appearing x2 in Task Manager, and any efforts to end it results in it starting back up again after a few seconds. Also, his system sound cuts out, and he gets bombarded with Internet Explorer popups, even though he uses Firefox as his browser.

This is what I've got him to do thus far:
Avast! Antivirus scan - No infected files reported.
MalwareBytes Anti Malware scan - No infected files reported.
SuperAnti Spyware scan - No infected files reported.
Simply Super Software Trojan Remover scan - No infected files reported.
ComboFix - "MBR is infected with the Whistler Bootkit !!"

I tried to use the following thread as a guide, but hit a wall when I reached the section on using the Microsoft Windows Recovery Console to 'fixmbr'. http://www.bleepingcomputer.com/forums/t/331577/infected-with-bootkit-whistler/
My relative told me a warning box appeared saying something to the effect of 'Proceed at your own risk. If you screw this up, it could have catastrophic consequences', at which point I advised him to cancel and let me seek advice from the BleepingComputer community.

So, How do we proceed from here?
I can post a copy of the ComboFix log file if required.

Any assistance would be very much appreciated.


EDIT: Apologies for having started my thread in the wrong section. Thanks to the mods for moving it accordingly. :thumbsup:

Edited by alias10, 25 July 2010 - 08:15 AM.
Moved from XP to Am I Infected forum ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:15 AM

Posted 25 July 2010 - 01:10 PM

Please note the message text in blue at the top of this forum.

No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

With that said, ComboFix logs are not permitted outside the Virus, Trojan, Spyware, and Malware Removal Logs forum and then only when requested by a Malware Response Team member. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

:thumbsup: ComboFix logs, where should I post them?


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 alias10

alias10
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 25 July 2010 - 06:30 PM

No one should be using ComboFix[/b] unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs.

I certainly understand this now, that's why I got him to cease using ComboFix before he progressed any further, and I've come here for advice/assistance.

I read the pinned topic prior to posting my thread. I haven't posted any logs as outlined, but have started this thread because we need help to get this issue resolved.

I would sincerely appreciate help in ridding this computer of this highly annoying and frustrating bug.
Please let me know what information I can provide to help get the ball rolling.

Thanks in advance.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:15 AM

Posted 25 July 2010 - 06:45 PM

I certainly understand this now, that's why I got him to cease using ComboFix before he progressed any further, and I've come here for advice/assistance.

Combofix has already been run as you said the log indicated "MBR is infected with the Whistler Bootkit!!"

:thumbsup: ComboFix logs, where should I post them?

ComboFix logs are not permitted outside the Virus, Trojan, Spyware, and Malware Removal Logsl forum and then only when requested by a Malware Response Team member. However, if you ran ComboFix on your own due to malware infection, please be aware that a ComboFix log is only one part of the disinfection process. Therefore we ask that you please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". When you have done that, post the required logs to include your ComboFix log in that forum, NOT here, for assistance by the Malware Response Team Experts.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 alias10

alias10
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 25 July 2010 - 06:55 PM

Thanks for your assistance quietman7. I shall post back as required shortly. :thumbsup:

Edited by alias10, 26 July 2010 - 12:14 AM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:15 AM

Posted 28 July 2010 - 06:19 AM

Your log is posted here.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusion, I am closing this topic until you are cleared by the Malware Response Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users