TechSpot

Changing iexplorer.exe to iexplorer.ex_  ?????

By miksah2001
Aug 24, 2006
  1. Lately, I've been having a lot of problems with random iexplorer ads popping up. Since I use Netscape and Firefox, I don't need IE anymore. Since I don't want to delete it, a friend (w/ A LOT of PC experience) recomended going to My Computer==> C: ==>Program Files==>Internet Explorer.
    He then said to change Internet Explorer to iexplorer.ex_ so adware won't be able to summon the program.
    However, EVERYTIME I try to change it to iexplorer.ex_ windows makes a new icon saying iexplorer (thus iexplorer.EXE). It refuses to not have an iexplorer.exe in the folder.

    HELP!!!!!!!!!!
     
  2. sw123

    sw123 TS Rookie Posts: 595

    I think it's adware or simply a Windows config thing that doesnt allow it.

    I'm not as knowledgeable about this, so look up threads abut this proble. Or, you can run a program called HiJackThis and I can advise :)

    Best wishes, sw123
     
  3. miksah2001

    miksah2001 TS Rookie Topic Starter Posts: 18

    you'd really check my hijackthis? should i copy+paste or attach as .txt?

    thanks so much (if you check)
    and I hate you (if you don't check) :D
     
  4. sw123

    sw123 TS Rookie Posts: 595

    Attach it as a log. See HERE for details
     
  5. miksah2001

    miksah2001 TS Rookie Topic Starter Posts: 18

    here it is

    here it is....
    and sorry if its weird, this computer has been killing me :blackeye:
     

    Attached Files:

  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I have moved your thread to the security and the web forum. This is because your computer is infected with all sorts of crap.

    Download and run these four tools. Follow the instructions for using each tool.

    Tool1 Tool2 Tool3 Tool4

    Then, go HERE and follow the instructions for running Ewido.

    Post a fresh HJT log, only after doing the above.

    Regards Howard :)

    This thread is for the use of miksah2001 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Didou

    Didou Bowtie extraordinair! Posts: 4,274

    & btw you can't rename the iexplore.exe file as Internet Explorer is part of the Windows core components. Thank Microsoft for that.
     
  8. miksah2001

    miksah2001 TS Rookie Topic Starter Posts: 18

    arrrrrgghh

    dang it I can't even do the first program you showed, howard....

    I'm halfway through doing what the first one says, and I restart the computer in safe mode to purge the PC of a couple of the bad stuff.
    but, right after I log in and click OK to continue in safe mode, the icons on the desktop disappear, the start at the bottom disappears, and I'm left to stare at the black desktop w/ "safe mode" written around the edges.

    I tried logging off and on a couple times and trying, but it does the same, no matter which account I use, even Administrator...
    GGGRRRRRRR:mad:

    I did Tool1 in normal mode now, I don't know if thats ok or not....
     
  9. Frenzy

    Frenzy TS Rookie Posts: 40

    Miksah to start with whatever Monitor your using and graphics card, in Safe mode your Drivers for your graphics and monitor aren't loaded i used to have the same problem but i adjusted the monitor by the buttons on the monitor, if you move the screen up it should show the start bar in safe mode. if not you got other probs
     
  10. miksah2001

    miksah2001 TS Rookie Topic Starter Posts: 18

    frenzy, thanks for your concern, I understand what you mean, but thats not it.

    what happens is that the start appears, along w/ the desktop icons, but then disappear. another person on these threads has the same problem. its most likely that explorer.exe doesnt load....
    i think....
     
  11. miksah2001

    miksah2001 TS Rookie Topic Starter Posts: 18

    ok i'm finally on ewido, but I've reached a problem (i think).
    When I'm installing it, I don't see an "additional options". The instruction thread says to UNCHECK two things there, but since I can't find them, should I still contintue?
    thanks
     
  12. nonda

    nonda TS Rookie Posts: 35

    :d


    linux ftw!
     
  13. miksah2001

    miksah2001 TS Rookie Topic Starter Posts: 18

    okee dokee here it is

    I have my Look2MeDestroyer log and my HijackThis. I can't attach my Ewido log cuz it exceeds the limit of 100kb, its 111.2 kb....

    I hope someone can help... puke:
     
  14. sw123

    sw123 TS Rookie Posts: 595

    u can compress it with a compressed folder...
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.


    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ALCXMNTR.EXE

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINDOWS\compstuic.dll (file missing)

    O2 - BHO: (no name) - {0B5F7FDF-0717-45BF-B49D-695F3168C7FE} - C:\WINDOWS\system32\admparsek.dll (file missing)

    O2 - BHO: RawExecAction Object - {18898424-E3AB-4BA9-8E8D-5434B1CECA75} - C:\WINDOWS\system32\jkkji.dll (file missing)

    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00302} - C:\WINDOWS\system32\adsldpbx.dll (file missing)

    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00303} - C:\WINDOWS\system32\adsldpby.dll (file missing)

    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00304} - C:\WINDOWS\system32\adsldpbz.dll (file missing)

    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00305} - C:\WINDOWS\system32\compstuia.dll (file missing)

    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00306} - C:\WINDOWS\compstuib.dll (file missing)

    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00311} - C:\WINDOWS\compstuig.dll

    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00320} - C:\WINDOWS\system32\compstuif.dll (file missing)

    O2 - BHO: (no name) - {DF00FFA0-AEA9-4EA8-A10F-8BB9A7F8508C} - C:\WINDOWS\adsldpbm.dll (file missing)

    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    O15 - Trusted Zone: http://www.amaena.com

    O15 - Trusted Zone: http://locator.cdn.imageservr.com

    O15 - Trusted Zone: http://scanner.sysprotect.com

    O15 - Trusted Zone: http://*.systemdoctor.com

    O15 - Trusted Zone: http://www.winantivirus.com

    O15 - Trusted Zone: http://www.winantiviruspro.com

    O15 - Trusted Zone: http://download.cdn.winsoftware.com

    O15 - Trusted IP range: http://202.67.220.225

    O15 - Trusted IP range: http://59.148.220.121

    O15 - Trusted IP range: http://62.4.84.53

    O15 - Trusted IP range: http://82.98.235.58

    O15 - Trusted IP range: http://85.12.25.90

    O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\system32\cfgmngr321.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    ALCXMNTR.EXE Search your system for this file and delete all instances of it.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    This is the filepath you need to enter into killbox.

    C:\WINDOWS\compstuig.dll

    Once your system has rebooted, turn system restore back on.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of miksah2001 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. jobeard

    jobeard TS Ambassador Posts: 9,334   +622

    use the Firefox option to become the DEFAULT browser :)

    leave IE alone, as you will need it for MS Updates
     
  17. miksah2001

    miksah2001 TS Rookie Topic Starter Posts: 18

    hey howard, I can start doing what you said in your latest post in a couple hours, but I think there's a problem,

    remember how I can't fully boot in Safe Mode(see a previous post)? is there a way around that?
    Sorry if this sounds stupid, but I haven't read the tutorials yet....

    Cheers:D

    and jobeard, Firefox IS my default browser, the spyware just uses IE cuz I guess it infected that one. I don't have to necessarily be using IE at the time for the popups to come up......
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Follow the instructions in normal mode and see if that helps. Then post a fresh HJT log.

    Regards Howard :)
     
  19. miksah2001

    miksah2001 TS Rookie Topic Starter Posts: 18

    yay I did all of it, and my hijackthis log is attached...
    I just had a quick question tho. today, i noticed in the taskmanager that i had "guard.exe" running, does this have anything to do w/ all that stuff I installed(maybe Ewido)? thanks

    EDIT: I just deleted "O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe" because it's something from an old program....just in case you needed to know....
     
  20. N3051M

    N3051M TS Evangelist Posts: 2,115

    Guard.exe is part of ewido.
     
  21. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of miksah2001 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  22. miksah2001

    miksah2001 TS Rookie Topic Starter Posts: 18

    has anyone checked ?

    yay thank you

    and forget the heading on this post:D
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...