Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplore.exe virus


  • This topic is locked This topic is locked
10 replies to this topic

#1 studentRik

studentRik

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 18 March 2013 - 02:55 PM

Mod Edit: Moved to appropriate forum ~~ boopme

 

Attached File  ComboFix.txt   33.99KB   10 downloadsAttached File  TDSSKiller.2.8.16.0_18.03.2013_19.05.55_log.txt   141.67KB   6 downloadsHi,

I picked up a virus from the news groups. The kids was getting games... A window appeared saying something about the registry and click ok to fix the issue. I never clicked on the messageBox and ran task manager to see what was wrong. AVG popped up and said that iexplore was consuming lots of memory (or something as it flashed up and didnt read it properly due to looking at task manager).

On the advance tab I watched iexplore.exe and was pointing at a server in germany. I entered the server address and it was just like a page for php, Linux, Nginx and different technologies.

 

What I did next. I was looking at this post http://www.bleepingcomputer.com/forums/t/450184/system-iexploreexe-virus/ and thought I would try what was suggested.

 

Downloaded TDssKiller and ran the program. Nothing showed up.

Downloaded Combofix . the C:\ Combofix.txt came up and after a few seconds went off. every time I try and access the file it says: Illegal operation on a registry key that has been marked for deletion.

 

So this is where I am at.

 

I would like so help please.

I did originally run all the spybot, malwarebytes, and the usual spy programs and nothing came up, but all the time watching it consume lots of memory still on the task manager.

 

The task manager after the combofix has ran doesn't show the iexplore.exe on the list of services but everything i click on in (C:) is marked for deletion.?

 

Thanks

 

EDIT:  After looking at the resource monitor, riaiccape.exe constantly making new threads and windows defender suspended the thread. AVG came up and knew there was a virus but couldnt remove it. Did a scan and it says nothing is there.

Uploaded a picture of resource monitor: webforms.eu


Edited by studentRik, 18 March 2013 - 04:38 PM.


BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:35 PM

Posted 20 March 2013 - 07:08 AM

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to this topic so that you can see when there are new responses.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.


    Having said that.... vegeta_zps7f4345cf.gifLet's get going!!
    ----------

    To start....if you are having problems with the registry key marked for deletion, just reboot your system once or twice and that will clear it up.
    ---------

    Please download DDS from either of these links

    LINK 1
    LINK 2
    and save it to your Desktop.
    • Disable any script blocking protection
    • Right-click and Run as Administrator dds to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt

    Attach.txt
    ----------

    aswmbr-1-1.jpg
    • Please download aswMBR to your desktop.
    • Double click the aswMBR icon to run it.
    • Click the Scan button to start scan.
    • If you are asked to update the Avast Virus database please allow it to do so.
    • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.
    aswmbrscan.jpg
  • Click the image to enlarge it

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 studentRik

studentRik
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 20 March 2013 - 02:55 PM

Hi Jeff,

Thank you for helping me out. I am at uni as well but on placement this year creating web forms in c#. 

I have disconnected the infected laptop from the net but update the avast checker to run the tests. I am getting the programs on my mac and transferring them to the dell.

When I switched it on today it says my copy of windows is not genuine and gave me the black screen(it is though) and opens a messageBox up saying "Please insert the last disk of the multi volume set and click ok to continue" when I right click the explorer window on the task bar to close it doesnt close so to browse the pc I have to go through start > myComputer > c:

Attached are my files.

 

Thank you 

Attached Files



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:35 PM

Posted 20 March 2013 - 03:51 PM

Ok thanks for letting me know how your system is running.

Download CKScanner by askey127 from Here & save it to your Desktop.
  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 studentRik

studentRik
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 20 March 2013 - 04:06 PM

Hi Jeff,

 

Find attached my File.

Attached Files



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:35 PM

Posted 20 March 2013 - 04:38 PM

Looks like you may have some unauthorized software on your system?  You need to remove it before we continue.  Once you have removed the unauthorized software, run a new scan with CKScanner and post the new log that is made.  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:35 PM

Posted 22 March 2013 - 06:59 AM

Still with me?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 studentRik

studentRik
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 22 March 2013 - 10:19 AM

Yes I am Jeff, I wasn't sure which piece of software you were on about, as I think all the software was legit on the dell. Which was is it?

I will remove it. 

Also I am away for the weekend until monday evening. So if you let me now what to remove i will carry on with your help.

Thank you.



#9 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:35 PM

Posted 22 March 2013 - 02:45 PM

Hi,

 

Let's move on....   :)

 

 

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.
 
Disable your AntiVirus and AntiSpyware applications.
 
Right-click and Run as Administrator on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.
---------

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:35 PM

Posted 24 March 2013 - 07:19 PM

Still with me?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:35 PM

Posted 26 March 2013 - 09:56 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users