Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
1 reply to this topic

#1 hehahs


  • Members
  • 1 posts
  • Local time:07:42 PM

Posted 19 November 2006 - 10:10 AM

I downloaded a virus accidently last week. PC Cillin didn't find anything virus, so I open it. I was able to delete some files in saftmode like ishost.exe, ismini.exe, and some others. Then, I couldn't get in safemode anymore, explorer.exe doesn't work in saftmode, and just dark screen there. Now, I am using kaspersky antivirus, but it doesn't find any virus either. But, time to time, a IE ad pop up, I am using firefox, nothing wrong if I am using firefox, but IE is infected with nasty virus. My kaspersky warning pop up about IE downloading adware.win32.agent.at, and if I check task manager, sometime I can find ieplorer.exe there and I never open IE. There maybe some backdoor that keep sending virus to my pc through IE!!! Alot of them found on local\temp folder.

Really need some help here!!!

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,779 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:42 PM

Posted 19 November 2006 - 01:41 PM

What OS (Win XP/2000, etc) are you using? What type of anti-virus are you using and when was the last time you ran a scan? Have you performed any anti-spyware scans?

There are worms like W32/Lovgate-AD that, which in addition to other files, will drop iexplore.exe in C:\Windows\system32. The legit iexplore.exe is located in the C:\Program Files\Internet Explorer folder. The key is the location the file is running from.

You can download and use Process Explorer to investigate all processes and gather additional information to identify and resolve problems. This tool will show the process CPU useage, a description and its path.

ishost.exe and ismini.exe are related to Trojan Zlob-SR and smitfraud infections. You probably did not remove all the files associated with this malware so I suggest you follow the generic instructions in How to remove the Smitfraud.

If your running Win XP/2000, I also suggest that you download and scan with AVG Anti-Spyware 7.5 in "SAFE MODE" if you can get there, otherwise scan in normal mode for now.
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware.) Be sure to print out the AVG Anti-Spyware Install-Scan Instructions and read the User Manual.

Then perform these online Virus scans:
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]
Trend Micro Housecall <- Use "Autoclean" and manually delete what it can't clean.
Panda ActiveScan <- Accept default settings. (does not remove adware/spyware but will autoclean for viruses & worms.)
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users