Solved Can't stop two rogue iexplore.exe processes from running

Status
Not open for further replies.
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

FoxitReaderInstallation.png


make sure, you have both boxes UN-checked AND (important!) click on Decline button

==================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Below is the latest OTL log from the restore point reset. The computer seems to be doing fine. We'll see how the next cold boot up goes. As for the iexplore.exe problem, that seems to be fixed. Would you please summarize what was wrong? Thanks. I really appreciate all your help.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Aimee
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Jim
->Temp folder emptied: 258978 bytes
->Temporary Internet Files folder emptied: 7493350 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7471487 bytes
->Flash cache emptied: 456 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4673 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Aimee
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jim
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.18.0 log created on 12272010_210300

Files\Folders moved on Reboot...
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\XRZ3AUT2\ads[3].htm moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\XRZ3AUT2\crosspixel-dest[1].htm moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\XB1BQT2L\sh29[1].html moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\VVQX7GSC\topic158611-2[1].html moved successfully.
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...
 
Good news :)

The main culprit was a rootkit, but there were also some "baddies", we removed through Combofix.

Good luck and stay safe :)
 
The computer is running good once logged in and when we rebooted yesterday while I was executing your last sets of instructions there were no boot problems. Today however, when I initially powered on and booted up, the computer rebooted numerous times before finally stablizing. During the first 3 reboots (never got to the logon screen) I was asked if I wanted to start Windows normally or revert to the last know good configuration. I chose start normally. Next, it rebooted two times in a row after reaching the logon on screen and logging on. Finally, after the third logon, here I am. So, I'm not sure if it has something to do with the Microsoft update I did a couple weeks ago or all the "fixing" we did over the last week. Thoughts?
 
The same "cold" boot up problems still exists and seems identical every time. If I'm logged in and reboot, like we did ove the last week everythign seems to be ok. It's only on boot up from "cold". Thoughts?
 
In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck there :)
 
Status
Not open for further replies.
Back