topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 7:04 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: iexplore.exe - be warned  (Read 5738 times)

nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
iexplore.exe - be warned
« on: August 26, 2006, 07:41 AM »
my machine is currently infected with a trojan or something.

after startup i have a new file 'iexplore.exe' trying to access the internet - each time i delete the file and then restart, the said file has moved to a new location (please don't start announcing that iexplore.exe is internet explorer - this particular file that keeps appearing is definitely something nasty).

i looked around the web and there appears to be plenty of confusion and not particularly brilliant advice about getting rid of it - virus and trojan scanners seem to be unable to find the file if the comments on other forums i've read are correct.

here is the most helpful page i've found that deals with the problem http://www.jimmyr.co...E_Virus_230_2006.php (not actually tried his method yet but will do in a minute).

i wouldn't make such a post but this is the first time my machine has been infected for a long time - and i can't even remember a time that my scanning software seemed completely oblivious to the fact that the machine is infected.
« Last Edit: August 26, 2006, 07:54 AM by nudone »

TucknDar

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 1,133
    • View Profile
    • Donate to Member
Re: iexplore.exe - be warned
« Reply #1 on: August 26, 2006, 07:49 AM »
 :( Sorry for you, but hopefully you'll get rid of it. Please post about your progress and how you got this thing on your computer in the first place.

nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
Re: iexplore.exe - be warned
« Reply #2 on: August 26, 2006, 08:18 AM »
here's the output from the first run using the Ikarus dos scanner:

c:\windows\system32\directx.exe - Signatur 'Net-Worm.Win32.Mytob.DE' gefunden
c:\windows\system32\pxcpya64.exe - Virenverdächtige Programmsequenz gefunden
c:\windows\system32\pxcpyi64.exe - Virenverdächtige Programmsequenz gefunden
c:\windows\system32\pxinsa64.exe - Virenverdächtige Programmsequenz gefunden
c:\windows\system32\pxinsi64.exe - Virenverdächtige Programmsequenz gefunden

so, looks like the problem might be getting worse. i'll now run another scan in safemode...

(grisoft avg is still completely unaware that there is a problem.)

nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
Re: iexplore.exe - be warned
« Reply #3 on: August 26, 2006, 08:28 AM »
nod32 doesn't appear to think there is a problem either - even with all options turned on and forced to scan the system32 folder.

it's a pity, isn't it.

kimmchii

  • Honorary Member
  • Joined in 2005
  • **
  • Posts: 360
    • View Profile
    • Donate to Member
Re: iexplore.exe - be warned
« Reply #4 on: August 26, 2006, 06:09 PM »
nod32 has improved a lot but it's still a toy, i only trust kaspersky.

download esan here:
http://www.spywarein...dk/download/mwav.exe

then run kavupd.exe to update the sig, it will catch everything.
If you find a good solution and become attached to it, the solution may become your next problem.
~Robert Anthony

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: iexplore.exe - be warned
« Reply #5 on: August 26, 2006, 06:57 PM »
NOD32 is more than a toy, it has a decent detection rate... kaspersky is back in business, though, after they stopped the NTFS streams stuff :)
- carpe noctem

nudone

  • Cody's Creator
  • Columnist
  • Joined in 2005
  • ***
  • Posts: 4,119
    • View Profile
    • Donate to Member
Re: iexplore.exe - be warned
« Reply #6 on: August 27, 2006, 12:59 AM »
nod32 has improved a lot but it's still a toy, i only trust kaspersky.

download esan here:
http://www.spywarein...dk/download/mwav.exe

then run kavupd.exe to update the sig, it will catch everything.

i'd love to be able to put kasperspy to the test on this one but i've deleted the files that were infected - i ought to have saved them somewhere perhaps.

kimmchii

  • Honorary Member
  • Joined in 2005
  • **
  • Posts: 360
    • View Profile
    • Donate to Member
Re: iexplore.exe - be warned
« Reply #7 on: August 27, 2006, 01:17 AM »

i'd love to be able to put kasperspy to the test on this one but i've deleted the files that were infected - i ought to have saved them somewhere perhaps.

just scan anyway make sure it's 100% clean.
If you find a good solution and become attached to it, the solution may become your next problem.
~Robert Anthony

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: iexplore.exe - be warned
« Reply #8 on: August 28, 2006, 12:15 PM »
i think it's good advice to always save such viruses until you are 100% sure you know where they came from how to deal with them in future, etc.  they can be very helpful in testing future antivirus solutions, etc.