Iexplore.exe

Free Web Hosting, No Ads

Free Web Hosting, No Ads Portal

Free Web Hosting

Welcome Guest ( Log In | Register)

Free Web Hosting, No Ads > CONTRIBUTE > Computers > Computer Security Issues & Exploits

3 Pages

< 1 2 3 >

Reply to this topic

Start new topic

Iexplore.exe, is a virus i think

Jeune View Member Profile Find Member's Posts	Apr 27 2008, 12:38 PM Post #11
Member [Level 2] Group: Members Posts: 82 Joined: 20-October 05 Member No.: 13,144	QUOTE(Saint_Michael @ Apr 27 2008, 03:48 AM) Nothing really special just used keywords fro myour description and google this search:multiple iexplore.exe processes to find out see what kind of stuff would show up and odds are I would have find something about trojans in the first couple of links, which I did. I should warn you that there are so many ways to help fix this problem, and since I am sticking with spybot I would check this thread out. Will do too. QUOTE Also some other questions I should have asked early, what software do you have installed that way we could find out who it is that got you this little problem, most likely a download from a P2P program. Of course curious as to what antivirus software you have as well for this system, and maybe that will determine why nothing was picked up. Well I have bit torrent and limewire but I doubt those programs are at fault. For one I haven't been using bit torrent in a while and I just feel very secure with Limewire since the only thing I download are mp3s.I got this problem after my brother went into some sites looking for cracks and illegal serials. I have the latest FREE version of AVAST installed. (list)

bluedragon View Member Profile Find Member's Posts	Apr 27 2008, 06:40 PM Post #12
Premium Member Group: [HOSTED] Posts: 153 Joined: 24-April 08 Member No.: 61,260	Limewire .. I think that could be the culprit I was also using it for mp3s only.. but then I realised its downloading more than just mp3s.. AVAST is not that good... Use either Zonealarm or Norton Security Suite.. (list)

Saint_Michael View Member Profile Find Member's Posts	Apr 27 2008, 11:55 PM Post #13
$p4m 0n j00 $h4m3 m3 0nc3 $p4m 0n m3 $h4m3 m3 7\/\/1c3 Group: [HOSTED] Posts: 6,419 Joined: 21-September 04 From: 9r33\|\\| 399$ 4\|\\|D 5P4/\/\ Member No.: 1,218	Yeah it is Limewire, the P2P program has never been safe since it has been out, I used it early on after replacing it with another P2P program that was just as bad. I bet if you uninstall Limewire, delete all the fires you got from limewire and then run spybot, and a good antivirus software, McAfee Security Suite, your internet explorer problem will go away. Yeah cracks and stuff like that are the major source of trojans and viruses and malware, and so you could blame your brother for screwing your computer up. However, in order to clean your computer properly you need to go into safe mode, disable system restore, and run spybot and a good antivirus software in order to clean your computer. Or you could completely reinstall your computer to clean up your program. (list)

Jeune View Member Profile Find Member's Posts	Apr 28 2008, 02:37 PM Post #14
Member [Level 2] Group: Members Posts: 82 Joined: 20-October 05 Member No.: 13,144	Dear Bluedragon, below is my hijackthis.log I tried using Super Ad Blocker. I forgot where I got this idea from though and I was able to remove two infections. Now I don't have the Iexplore.exe appearing multiple times! Yey! HOWEVER, my firefox is now using 100,000 k in my process window and continues to rise! CODE Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:11:44 PM, on 4/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Daphne\Daphne.exe C:\Documents and Settings\Jose\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Winupdates] sjjp5.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [WintelUpdate] c:\jghp.exe O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: icq5s.dll O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6697 bytes In the meantime, I'll work on Saint Michael's latest suggestions. (list)

Saint_Michael View Member Profile Find Member's Posts	Apr 28 2008, 05:32 PM Post #15
$p4m 0n j00 $h4m3 m3 0nc3 $p4m 0n m3 $h4m3 m3 7\/\/1c3 Group: [HOSTED] Posts: 6,419 Joined: 21-September 04 From: 9r33\|\\| 399$ 4\|\\|D 5P4/\/\ Member No.: 1,218	Well at least you got your IE problem fix, and as for your firefox problem, you can't do anything about the memory leaks unless you install and run firefox 3. Depending on how many extensions and tabs you have open the amount of memory will keep on increasing in firefox 2, however, if you just hae on tab open and you spend a few hours on firefox 2 the memory will increase over time. So the best solution is to close out firefox and then run it again to refresh the memory that way. (list)

bluedragon View Member Profile Find Member's Posts	Apr 28 2008, 07:33 PM Post #16
Premium Member Group: [HOSTED] Posts: 153 Joined: 24-April 08 Member No.: 61,260	QUOTE O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) that was the trojan file .. Thats somehow removed now C:\Program Files\DNA\btdna.exe >> Are u using bittorrent 6.0 ? Don't know what these are .. >> QUOTE -------------------------------------------------------- O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE ----------- Is this related to your Internet service provider ? O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE ----------- Are you using ALC soundcard ? O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE ------ Is it realtek ALC97 ? -------------------------------------------------------- These Look more like a Trojan infections to me.. QUOTE --------------------------------------------------------- O4 - HKLM\..\Run: [zzzHPSETUP]D:\Setup.exe O4 - HKLM\..\Run: [Winupdates] sjjp5.exe O4 - HKCU\..\Run: [WintelUpdate] c:\jghp.exe --------------------------------------------------------- Please check them before you remove the entry.. they may be legit.. >> go to path specified alongside and try to find out what these are (right click and properties) if it doesn't look normal.. (I mean you should look for the versions tab under properties; if its a legit file it will have information like original name, company, version etc; if its not there then the file is not legit, i'll suggest you delete these unless you created them) to remove the entry, Boot in Safe mode, run HijackThis and click on the 'checkbox' beside the item.. now click 'fix Checked'. If possible (they get deleted automatically sometimes) while in safe mode, go to the path specified in the HijackThis log and delete the files manually. P.S. Don't forget to show all your hidden files/system files while looking for these files, they are generally hidden. This post has been edited by jlhaslip: Apr 29 2008, 02:17 AM (list)

Jeune View Member Profile Find Member's Posts	May 1 2008, 03:32 PM Post #17
Member [Level 2] Group: Members Posts: 82 Joined: 20-October 05 Member No.: 13,144	QUOTE(Saint_Michael @ Apr 29 2008, 01:32 AM) Well at least you got your IE problem fix, and as for your firefox problem, you can't do anything about the memory leaks unless you install and run firefox 3. Depending on how many extensions and tabs you have open the amount of memory will keep on increasing in firefox 2, however, if you just hae on tab open and you spend a few hours on firefox 2 the memory will increase over time. So the best solution is to close out firefox and then run it again to refresh the memory that way. That's exactly what heppens, I have one tab open and the memory reaches to 100k +. Would you really advice I install firefox 3? Mr Bluedragon, I'll get back to the hijack this in a while, the dsl in part of the world is so crappy. (list)