Jump to content
xisto Community
Jeune

Iexplore.exe is a virus i think

Recommended Posts

i already tried looking this up on the internet but to no avail since most of the literature there seems to be outdated. A lot of the literature i read after googling "iexplore.exe virus" says that it can be a virus if it's not run from the C:\Program Files\Internet Explorer\ folder.What's happening to my system is that iexplore.exe runs from that folder however, it does so when internet explorer is not actually running! Furthermore, i have a new process running in my processes list, rundll32.exe. I know this for a fact because I actually committed to memory all the processes in my task manager before I encountered this problem which is making my computer slow. Another problem I am encountering is that whenever I type in something in my firefox address bar, say google.com, there are times when just a blank page shows up even though the internet is on and that i would have to refresh it five times so that google will actually appear on screen. Any help would be appreciated. :lol:

Share this post


Link to post
Share on other sites

Well first off rundll32.exe is a normal process as it is used to run DLL's, it is not uncommon to have two of those process to be running though. I think your problem is that your RAM is at its breaking point if your displaying lag times with your internet explorer, and the same with firefox it has to be a lag time with your connection in some way. What I suggest is download, install, update, and then Run spybot and see if it picks up any trojans or malware that is installed in your computer, and if it does odds areit will help solve your problems.

Share this post


Link to post
Share on other sites

Have you tried to use a malware-detection software. There are plenty of those out there, but I think there are only few that worth the effort to download, run and keep.

I used to work with Spybot and Adaware, but both have a limited rate of success. For an almost-perfect fully-automated malware solution I personally recommend the one that is called "Superantispyware". Yes, I know, it has a name that might remind those scams that are actually malware. However, it is very good. They have two flavors of their software: a commercial one and a free one. The free one is good enough for a one-time disinfection.

If you are still in doubt for using it, it is always a good idea to read its reviews at those reputable malware forums out there. If they satisfy you, then go for it. You can download it from here.

Another piece of software that might interest you is HijackThis. It is not automatic and in order to take advantage of it you must have certain technical knowledge. But it is great for removing some difficult-to-find infection and their traces. Again, use it until you feel it is safe after reading its reviews. Its homepage is this one.

Hope they help.

Share this post


Link to post
Share on other sites

Well first off rundll32.exe is a normal process as it is used to run DLL's, it is not uncommon to have two of those process to be running though.

I am putting off the problem with rundll32 right now coz I am looking at my process window and I have four instances of iexplore.exe! whoa! haha.and I am not even using Internet Explorer.

Any insights?

Another piece of software that might interest you is HijackThis. It is not automatic and in order to take advantage of it you must have certain technical knowledge. But it is great for removing some difficult-to-find infection and their traces. Again, use it until you feel it is safe after reading its reviews. Its homepage is this one.

I'll try to take a look at the malware removers you just said. Unfortunately I am not that advanced to use HijackThis. Rawr.
Sometimes I wonder how people even get it. For me it's like cricket, I don't get how it's played lol. Is there a formal course that studies how to use HijackThis, be a registry mole etc?

Share this post


Link to post
Share on other sites

Just end the processes for those iexplore.exe that is all you can really do. I did do some searching when you and it seems these trojans are common for your IE problem; "Trojan-Downloader.Win32.Small.acp" or "Trojan-Dropper.Win32.Small.nz. I recommend googing those two trojans and see how to remove, and then run them and see if it solves your problem. A question though what are your system specs and how old is your computer?

Share this post


Link to post
Share on other sites

I did do some searching when you and it seems these trojans are common for your IE problem; "Trojan-Downloader.Win32.Small.acp" or "Trojan-Dropper.Win32.Small.nz.

That's some neat searching techniques you have in your repertoire! :lol: I keyed in "iexplore.exe virus" in google and I couldn't find what you just found.

A question though what are your system specs and how old is your computer?

My computer is 4 months old.

AMD Athlon Dual Core Processor,2.2 Ghz
1 GB Ram.
Windows XP.

Share this post


Link to post
Share on other sites

@Jeune

I don't know cricket either :)

NEways..

I am writting down steps to your problem.. I was having a similar issue few years back.. Its a trojan, I can be 50% sure of that. . to confirm I'll need you to post something for me ;)

1.) STEP 1

Daphne : http://www.drk.com.ar/daphne.php

HijackThis : http://www.trendmicro.de/produkte/kostenlose-tools-und-services/index.html

download and install both of them ..

2.) STEP 2

Run both of them..

they are both executibles and will not install so you don't need to restart your system..

3.) STEP 3

in HijackThis > do a Scan and Save log (if you can't find it.. its in main menu: button below the white listing space)

4.) STEP 4

Post that log here. .. so we all can see and find out whats causing the problem ;)

5.) STEP 5

meanwhile.. you can use Daphne to kill all your IExplore.exe while you are NOT using your Internet Explorer

If they keep popping back up.. (I LOVE THIS ONE).. then probably i was right that its a trojan ..

:D

If its a trojan then it would would most probably be hiding in System32 folder..

I'll try to guide you how to do that , but first post the log from HijackThis..



P.S. PM me if possible, I keep forgetting things :lol: , once i even forgot to sleep

btw..

Share this post


Link to post
Share on other sites

Nothing really special just used keywords fro myour description and google this search:multiple iexplore.exe processes to find out see what kind of stuff would show up and odds are I would have find something about trojans in the first couple of links, which I did. I should warn you that there are so many ways to help fix this problem, and since I am sticking with spybot I would check this thread out.

Also some other questions I should have asked early, what software do you have installed that way we could find out who it is that got you this little problem, most likely a download from a P2P program. Of course curious as to what antivirus software you have as well for this system, and maybe that will determine why nothing was picked up.

Share this post


Link to post
Share on other sites

@Jeune

 

I don't know cricket either :)

 

NEways..

 

I am writting down steps to your problem.. I was having a similar issue few years back.. Its a trojan, I can be 50% sure of that. . to confirm I'll need you to post something for me ;)

 

1.) STEP 1

 

Daphne : http://www.drk.com.ar/daphne.php

 

HijackThis : http://www.trendmicro.de/produkte/kostenlose-tools-und-services/index.html

 

download and install both of them ..

 

2.) STEP 2

 

Run both of them..

 

they are both executibles and will not install so you don't need to restart your system..

 

3.) STEP 3

 

in HijackThis > do a Scan and Save log (if you can't find it.. its in main menu: button below the white listing space)

 

4.) STEP 4

 

Post that log here. .. so we all can see and find out whats causing the problem ;)

 

5.) STEP 5

 

meanwhile.. you can use Daphne to kill all your IExplore.exe while you are NOT using your Internet Explorer

 

If they keep popping back up.. (I LOVE THIS ONE).. then probably i was right that its a trojan ..

 

:D

 

If its a trojan then it would would most probably be hiding in System32 folder..

 

I'll try to guide you how to do that , but first post the log from HijackThis..

P.S. PM me if possible, I keep forgetting things :lol: , once i even forgot to sleep

 

btw..

Just came back after hours trying to fix my iexplore problem. Will get back to ya after I have done those steps. Danke Schon! (Thank you very much)

Share this post


Link to post
Share on other sites

Nothing really special just used keywords fro myour description and google this search:multiple iexplore.exe processes to find out see what kind of stuff would show up and odds are I would have find something about trojans in the first couple of links, which I did. I should warn you that there are so many ways to help fix this problem, and since I am sticking with spybot I would check this thread out.

Will do too.

 

Also some other questions I should have asked early, what software do you have installed that way we could find out who it is that got you this little problem, most likely a download from a P2P program. Of course curious as to what antivirus software you have as well for this system, and maybe that will determine why nothing was picked up.

Well I have bit torrent and limewire but I doubt those programs are at fault. For one I haven't been using bit torrent in a while and I just feel very secure with Limewire since the only thing I download are mp3s.I got this problem after my brother went into some sites looking for cracks and illegal serials.

 

I have the latest FREE version of AVAST installed.

Share this post


Link to post
Share on other sites

:lol:Limewire .. I think that could be the culprit I was also using it for mp3s only.. but then I realised its downloading more than just mp3s..:)AVAST is not that good...Use either Zonealarm or Norton Security Suite..

Share this post


Link to post
Share on other sites

Yeah it is Limewire, the P2P program has never been safe since it has been out, I used it early on after replacing it with another P2P program that was just as bad. I bet if you uninstall Limewire, delete all the fires you got from limewire and then run spybot, and a good antivirus software, McAfee Security Suite, your internet explorer problem will go away. Yeah cracks and stuff like that are the major source of trojans and viruses and malware, and so you could blame your brother for screwing your computer up.However, in order to clean your computer properly you need to go into safe mode, disable system restore, and run spybot and a good antivirus software in order to clean your computer. Or you could completely reinstall your computer to clean up your program.

Share this post


Link to post
Share on other sites

Dear Bluedragon, below is my hijackthis.log

I tried using Super Ad Blocker. I forgot where I got this idea from though and I was able to remove two infections. Now I don't have the Iexplore.exe appearing multiple times! Yey!

HOWEVER, my firefox is now using 100,000 k in my process window and continues to rise!


Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:11:44 PM, on 4/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXEC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DNA\btdna.exeC:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Daphne\Daphne.exeC:\Documents and Settings\Jose\Desktop\HiJackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLLO3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLLO3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [SkyTel] SkyTel.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exeO4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [Winupdates] sjjp5.exeO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [WintelUpdate] c:\jghp.exeO4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Startup: PowerReg Scheduler.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - AppInit_DLLs:  icq5s.dllO20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLLO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXEO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 6697 bytes

In the meantime, I'll work on Saint Michael's latest suggestions. :lol:

Share this post


Link to post
Share on other sites

Well at least you got your IE problem fix, and as for your firefox problem, you can't do anything about the memory leaks unless you install and run firefox 3. Depending on how many extensions and tabs you have open the amount of memory will keep on increasing in firefox 2, however, if you just hae on tab open and you spend a few hours on firefox 2 the memory will increase over time. So the best solution is to close out firefox and then run it again to refresh the memory that way.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.