TechSpot

Followed 8 step Viruses/Spyware/Malware Preliminary Removal

By Zanarkand90210
Jun 11, 2009
Topic Status:
Not open for further replies.
  1. Hi, so im having the whole two iexplorer.exe problems... i followed all of it but it doesnt seem to go away =/
    whenever i want to see a site on google i have to multiple times click and close the false site until the site i want decides to come up... and sometimes a popup comes up saying my computer is infected and to install some stupid program.
    please help ><
     
  2. mflynn

    mflynn TS Rookie Posts: 2,793

    OK

    Use HJT to select then fix the following entries
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: (no name) - rsion - (no file)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {441F23E0-F689-438D-A4C6-2512FCDAE887} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {65E4C4FA-DC8E-4C73-A980-2835E4992406} - (no file)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {F1DF9D79-EF52-4B26-8DA8-72C14837EC69} - (no file)
    O2 - BHO: (no name) - {F4ADF370-33BB-4305-BD4E-4C314F2A5ED7} - (no file)
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O23 - Service: HBZCFNDZ - Unknown owner - C:\DOCUME~1\Tony\LOCALS~1\Temp\HBZCFNDZ.exe (file missing)
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing)
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe (file missing)
    O23 - Service: Wireless Zero Map (WZMSV) - Unknown owner - C:\WINDOWS\system32\wzmcv.exe (file missing)

    Close IE then run Taskmgr and end the extra IExplore processes before running the the below!

    Run MBAM again and attach new log.

    Mike
     
  3. Zanarkand90210

    Zanarkand90210 TS Rookie Topic Starter

    ok i did it and those are the results
    and whenever i close internet explorer both processes go away
    could i still have a backdoor on my computer?
     
  4. mflynn

    mflynn TS Rookie Posts: 2,793

    We are not finished yet! Yes you likely have more.

    You did not elect to remove the malware on the last MBAM run as evidenced by the "No action taken".

    So run it twice more, once to delete these the another to confirm they are gone. Attach logs!

    A new HJT log!

    Only when you get a clean log with MBAM do the below!!

    Download ComboFix

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    Mike
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.