Iexplore.exe continuously running

Sep 18, 2010
  1. When I open my browser I get 2 iexplore.exe running and when I close the browser they are still running. If I open my browser again I get 2 more iexplorer.exe.

    I have tried removing malware and spyware with Shawsecure Online and Malwarebyte's Anti-Malware to no avail.

    I could use a little help


  2. Broni

  3. 2bitmick

    Hi Broni

    I've attached all the output files. I noticed when I did not have the Shaw Secure F-Secure antivirus running I still got 2 iexplore.exe but they both closed when I close the browser.


  4. Broni

    Which one would that be? Can't be both.
  5. 2bitmick

    I was mistaken I still get 2 iexplore.exe when I open my browser and I continue to get 2 more each time I open my browser. They just keep adding up.

    The only way I can get rid of them is to End Process under the Processes tab in Task Manager
  6. Broni

    I still don't understand.
    When you have your browser CLOSED, do you have any iexplore.exe running?

    Keep in mind, that with IE8, when you open it, it'll run TWO iexplore.exe processes from the get go and then, every new tab open will produce another iexplore.exe process.
  7. 2bitmick

    Yes, when I close my browser I still have 2 iexplorer.exe running the processes do not stop when I close the browser. The icon closes in Task Manager under the Application tab but the two iexplore.exe are seen under the Processes tab.

    So when I open the browser again without Ending the previous 2 iexplorer.exe I get two more for a total of 4. etc etc.........

    Didn't know IE8 opens 2 iexploer.exe
  8. Broni

    OK, you're infected then....

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
  9. 2bitmick

    Here the results.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000003d

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

    PhysicalDrive0 Model Number: ST3160023AS, Rev: 8.12

    Size Device Name MBR Status
    149 GB \\.\PhysicalDrive0 Dell MBR code detected
    SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365

  10. Broni

    Looks normal :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  11. 2bitmick

    I've attached the output. Not sure if you prefer the output in a txt file or copied to the post?

  12. Broni

    I like it better pasted in.

    Combofix looks good now.
    Do you still have iexplore.exe processes running with IE closed?
  13. 2bitmick

    2bitmick TS Rookie Topic Starter

    Yes. I still have iexplore.exe showing. They take no CPU but do take up memory. If I exit/close the browser they remain.
  14. Broni

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  15. 2bitmick

    2bitmick TS Rookie Topic Starter

    Sorry output was to long had to attach

    Here is the output. Message was no threats found.

  16. Broni

    Download following tool, but make sure IE is closed before you run the tool.

    Download Process Explorer:
    Unzip, and double click on procexp.exe to run the program.
    Click on View > Select Colunms.
    In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
    Go File>Save As, and save the report as Procexp.txt.
    Attach the file to your next reply.
  17. Broni

    I'll be forced to close this topic again and in that case I won't open it again.
  18. 2bitmick

    2bitmick TS Rookie Topic Starter

    I understand. I was unable to send you personal eamil as I haven't met the minimum requirements. It is OK I believe my issue has been resolved.

    Again thanks for your help.
  19. Broni

    No problem....
