Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Respawning iexplore.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 Flossgodtko

Flossgodtko

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 12 January 2013 - 09:31 PM

So a while ago I had a Google redirect virus that I'm sure a lot of people are familiar with. Around this time I was also noticing my laptop was overheating more frequently so I checked my CPU usage and seen there were multiple instances of iexplore.exe running and one of them was hogging up quite a bit of memory, almost 200,000K or so. The other instances stuck around 3K but all they tended to fluctuate randomly. After some time the redirects stopped without even removing the virus, nevertheless I scanned anyways using Microsoft Security Essentials and this is what was found:

Tracur.BB

Zbot

Zbot.gen!A

FakeSysDef

Blacole.GS

CVE-2012-1723.AHN

Blacole.GD

Provis!rts

Tracur.BB

CVE-2012-4681.HG

Blacole.GP

Blaocole.GB

CVE-2012-1723!generic

CVE-2012-1723

Tracur.BB

Zbot

Woohoo so I removed those and looked a few up and found that some of them actually ìnject themselves or attach themselves or have some sort of naughty relationship with iexplore.exe that is literally so hot it overheats my laptop!! So I thought I got rid of the pest and I looked in task manager and the instances were gone and I was feeling quite swell about it for about 3 seconds until I saw a bunch respawning again! It might be worth noting (or not, I really don't know if this effects anything or has any value to identifying it) that depending on which iexplore.exe is closed, either only one will close and immediately respawn like it's a damn Call Of Duty match or it'll take out both and take a few seconds only to have it re-lubricate itself before respawning and continuing to *AHEM* my CPU.

Posted Image
INSET: The mighty iexplore.exe in it's natural habitat lying dormant before striking it's prey.

Other than this I haven't noticed any unusual behavior. No browser hi-jacks, no weird pop ups, no error messages, no blue screens, no turquoise or magenta screens, nothing. Just iexplore.exe randomly using up a lot of CPU, creating many instances of itself and then disappearing for a while before coming back with it's troops. That can only mean one thing... it's sitting there.. waiting... waiting for the right moment to strike!

Edited by Benzel Flossington, 12 January 2013 - 09:38 PM.


BC AdBot (Login to Remove)

 


#2 Flossgodtko

Flossgodtko
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 14 January 2013 - 12:49 AM

A little update.

Posted Image
iexplorer.exe strikes it's prey viciously.

Also, I must have jinxed myself when making this post yesterday because after I did the Google browser hi-jacks returned. After googling "malware black market" to find some more info on the whole society dedicated to computer tomfoolery, my browser was hijacked to "www.driver-select.com/malware-alert/?x=1" and it notified me that Firefox was "distributing malware" (LOL, sure bro) and gave me the option to click a link to download something. As I returned to the site to take a screenshot of it for this post, the site switched to some "Spyhunter 4" bovine feces.

Any help regarding this iexplorer.exe virus? I've scanned with MalwareBytes, Windows Security Essentials and Avast to no avail.

Edited by Benzel Flossington, 14 January 2013 - 12:53 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:34 PM

Posted 15 January 2013 - 02:02 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Before I can suggest any remedial fix I need the following information.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Posted Image

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.


Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users