TechSpot

Backdoor trojan? (iexplore.exe in task manager)

By draickin
Nov 12, 2007
  1. Hi,
    I have encountered a similar problem to another member of this forum (actually I think it's exactly the same :/ )
    I tried to install adobe premiere cs3 and it prompted me to terminate all my browsers. I exited firefox but it continued to tell me that Internet Explorer was running. I ran the task manager to find that there were not one but 3 " iexplore.exe " applications running even though I wasn't using Internet Explorer at that time (or any time for that matter). I googled it and found this thread in your boards on how to get rid of it( the one with the 15 steps). I'm at step 11, and I think that it's were I'm supposed to paste the results of Panda Antirootkit, so here goes: "No rootkits have been found"
    A have a question, though. I have my hard drive partitioned, so does this mean that for example Panda Antirootkit scanned all my partitions? Or just the default "C:\"?
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    I`m not sure whether Panda Antirootkit will have scanned all your partitions or not. maybe you could contact the makers of Panda Antirootkit for a definitive answer to that question.

    Follow the rest of the instructions and post the requested log files.

    Regards Howard :wave: :wave:

    This thread is for the use of draickin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. draickin

    draickin TS Rookie Topic Starter

    At step 12 it is mentioned that I should attach a log from combofix and hjt, although in a previous step I read that I should not run hjt until step 15 :/
    I'm sorry I got confused, so I'll just attach the combofix log for now until a confirmation about the other log, so there:
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It also says to post log files as attachments. ;) SEE HERE.

    And that isn`t a full Combofix log.

    Regards Howard :)

    This thread is for the use of draickin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. draickin

    draickin TS Rookie Topic Starter

    Oh, sorry, my mistake! I really misread :/
    (about the log, I know it wasn't full, but it didn't fit into one post because it was too many characters... anyway, sorry again)
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    All you have to do if read and follow the instructions, it`s not rocket science. :p

    Regards Howard :)

    This thread is for the use of draickin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. draickin

    draickin TS Rookie Topic Starter

    Ok, I hope I attached the logs correctly...
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:


    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    Regards Howard :)

    This thread is for the use of draickin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. draickin

    draickin TS Rookie Topic Starter

    The log files:
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That all looks clean.

    Delete the following folder.

    C:\qoobox

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of draickin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. draickin

    draickin TS Rookie Topic Starter

    I did all this.
    Thank you for helping me clean my system, and I apologize for not reading the instructions correctly in the first place :eek:
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No problem mate, it just makes it easier for everyone, when folks follow the instructions properly. ;)

    Regards Howard :)

    This thread is for the use of draickin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...