Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiples iexplorer.exe running in taskbar


  • This topic is locked This topic is locked
4 replies to this topic

#1 Twizu11

Twizu11

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 21 February 2016 - 09:03 PM

Hi, I have a problem with 4 iexplorer.exe running multiple in taskbar couple days now upon startup windows 7 when I notice my malware-bytes anti-exploit bar keep popping internet explorer (add-on) is now protected. The other thing is when I run active malware-bytes anti-exploit on my browsers doesn't open at all.Please help!



BC AdBot (Login to Remove)

 


#2 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 22 February 2016 - 07:03 AM

Hello Twizu11, welcome to Bleeping Computer's Malware Removal forum!
 
My name is Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 

======================================================
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach (not copy/paste) the file in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached!)

Posted Image

#3 Twizu11

Twizu11
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 22 February 2016 - 05:35 PM

Hi Adam, thank you for time to take a look at topic and here are the requested two logs and TDSSKiller log included. It looks like I don't have permission to post my reply copy&pastes so I just attached them instead if that ok.

Attached Files


Edited by Twizu11, 22 February 2016 - 05:55 PM.


#4 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 23 February 2016 - 03:43 PM

Hello,
 
This computer is badly compromised - to name some of the malware present, Miuref, Zbot and Fleercivet - which warrants the following warning: 
 

goGMWSt.gifBackdoor Warning
 
------------------------------
 
One or more of the identified malware is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal system, financial & personal information.
 
If your computer has been used for online banking, has credit card information or other sensitive data, using a non-compromised computer/device you should immediately change all account information (including those used for Email, eBay, Paypal, online forums, etc).
 
Banking and credit card institutions should be notified of the possible security breach. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
 
Whilst the identified malware can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your hard drive and reinstall your Operating System. This is due to the nature of the malware, which allows a remote attacker to make any number of modifications. Many experts in the security community believe that once compromised with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.

 
Unfortunately, this has likely been self-inflicted from your use of cracked/pirated/keygen software, such as the cracked Internet Download Manager, Fallout 4, uTorrent Pro, etc present on your computer. Please refer to the following information on the dangers of such software. 
 

goGMWSt.gifCracked Software

------------------------------

One or more of the identified issues may be a result of downloading cracked/pirated/illegal software. Participating in the use of such software is a security riskWe do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread malware. I strongly recommend you refrain from participating in this activity; your computer will be re-exposed to malware otherwise. Simply visiting a cracked software site often result in exposure to malware. In some instances malware may cause so much damage to your computer that removal is not possible and the only option is to reformat your hard drive and reinstall your Operating System. Please refer to the following articles for more information.


Given the severity of the malware present, I would suggest opting for the reformat/reinstall approach, but as stated, your computer can be cleaned of the malware present if you so wish. With that said, unfortunately due to the presence of cracked software, I am unable to assist until such software is removed from your computer. If you are willing to do this, and would like your computer cleaned, please let me know.


Posted Image

#5 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 26 February 2016 - 08:26 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users