Backdoor trojan? (iexplore.exe in task manager)

Status
Not open for further replies.

draickin

Posts: 7   +0
Hi,
I have encountered a similar problem to another member of this forum (actually I think it's exactly the same :/ )
I tried to install adobe premiere cs3 and it prompted me to terminate all my browsers. I exited firefox but it continued to tell me that Internet Explorer was running. I ran the task manager to find that there were not one but 3 " iexplore.exe " applications running even though I wasn't using Internet Explorer at that time (or any time for that matter). I googled it and found this thread in your boards on how to get rid of it( the one with the 15 steps). I'm at step 11, and I think that it's were I'm supposed to paste the results of Panda Antirootkit, so here goes: "No rootkits have been found"
A have a question, though. I have my hard drive partitioned, so does this mean that for example Panda Antirootkit scanned all my partitions? Or just the default "C:\"?
 
Hello and welcome to Techspot.

I`m not sure whether Panda Antirootkit will have scanned all your partitions or not. maybe you could contact the makers of Panda Antirootkit for a definitive answer to that question.

Follow the rest of the instructions and post the requested log files.

Regards Howard :wave: :wave:

This thread is for the use of draickin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
At step 12 it is mentioned that I should attach a log from combofix and hjt, although in a previous step I read that I should not run hjt until step 15 :/
I'm sorry I got confused, so I'll just attach the combofix log for now until a confirmation about the other log, so there:
 
Oh, sorry, my mistake! I really misread :/
(about the log, I know it wasn't full, but it didn't fit into one post because it was too many characters... anyway, sorry again)
 
All you have to do if read and follow the instructions, it`s not rocket science. :p

Regards Howard :)

This thread is for the use of draickin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

File::
C:\WINDOWS\ALCHUNIN.EXE
C:\WINDOWS\mozver.dat
C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
Folder::
C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default
C:\DOCUME~1\draickin\APPLIC~1\INTERN~1
C:\VundoFix Backups
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"warn default inter for"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Debug idle"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Debug idle]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\warn default inter for]


Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Regards Howard :)

This thread is for the use of draickin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
That all looks clean.

Delete the following folder.

C:\qoobox

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of draickin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I did all this.
Thank you for helping me clean my system, and I apologize for not reading the instructions correctly in the first place :eek:
 
No problem mate, it just makes it easier for everyone, when folks follow the instructions properly. ;)

Regards Howard :)

This thread is for the use of draickin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back