Dozens of daily BSODs on XP, extremely strange IE activity, google redirect

By TheGrimm
Jul 11, 2011
  1. So, a couple weeks ago, I caught a virus.

    I've been dealing with malware/spyware/viruses for a long time. I don't know as much as a lot of people, but I'm generally able to handle them and remove them cleanly.

    But this one is something else.

    Here's the symptoms.

    1. iexplorer.exe runs constantly in the background. I never, ever use Internet Explorer, and when I kill the process in task manager it simply starts again a few minutes later. My Avast doesn't detect that internet explorer is installed, however. Under the "Additional Protection>Web Rep" section of the Avast interface, it says IE is not installed. If I go to the Internet Explorer folder in my Program Files, I cannot move or delete the iexplorer.exe application as it says I do not have permission. My avast also pops up with "Threat Detected" popups pretty often, with the following information..

    Infection Details
    Process: file://C:\Program Files\Internet Explorer\iexplore.exe
    Infection: url:Mal

    Through a bit of hacking and tinkering I was able to rename the iexplorer.exe application, but it was simply replaced by another not long after. My default browser is firefox, but it keeps getting switched back to IE.

    2. Google Redirect. This is probably the most annoying, as it impedes on my ability to even try to research this problem and find a solution. The redirect always involves a variation of the ip " 164 or 165)", along with a few others.

    I've scanned with Malwarebytes, AVG, Spyware Terminator, Super AntiSpyware, Spyware Blaster, spyware search and destroy, and avast. I've attempted to use TDSSkiller, but when I try to run it nothing happens. I've tried renaming it, changing it to .com or .pif, placing it into different folders, booting in safe mode...nothing. And none of the stuff that runs has detected anything.

    3. BSODs. These are probably unrelated and I'll attempt to figure out what's causing them after getting my computer clean, but some references to programs that could help diagnose the cause of them would be greatly appreciated.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Stop! Don't do any more renaming, relocating, tinkering, stopping processes, running scans unless I direct you to do so!!!
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    FYI: If you have IE8, it is normal to have multiple iexplore.exe processes. While malware can hide in almost any name, you don't take action until you know what it is.

    FYI2: if you put this Infection: url:Mal in a Google search, you will find many Avast users complaining of this. It may be a False Positive due to a bad update> so don't go doing anything rash at this point!
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...