TechSpot

Iexplore.exe running w/o opening IE

By vanillapudding
Jun 25, 2008
  1. iexplore.exe is running without my having opened IE. I see from poking around that this is a common backdoor process. When i stop the process, it restarts itself. Bitdefender does not catch anything. Please help - I already had one username/password stolen, presumably from this backdoor. Please help!

    Here is my HJT Scan log:
     
  2. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

  3. vanillapudding

    vanillapudding TS Rookie Topic Starter

    Here are the logs

    Also PAVARK reported this:

    Unknown root at C:\WINDOWS\System32:winsock.exe

    THANK YOU for your help!
     
  4. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    download SDFix from the link below to your desktop then run it SDFix will create a folder in your C drive boot into safe mode and go to C:\SDFix and run --->RunThis.bat. Post the log it creates here. to boot into safe mode reboot computer and start tapping the F8 key until you get to a menu select safe mode. Please post a fresh hijackthis log after running the software

    SDFix:
    http://www.bleepingcomputer.com/files/sdfix.php

    P.S.

    Only bad thing i see is this

    O4 - HKLM\..\Run: [winsock32] C:\WINDOWS\system32:winsock32.exe <-- this is a worm/trojan below is a link with more info

    http://www.castlecops.com/s13621-winsock32_exe.html
     
  5. vanillapudding

    vanillapudding TS Rookie Topic Starter

    Here is the SDFix log.

    Thanks again.

    PS

    I see now that iexplore.exe is no longer running, and the winsock32.exe is no longer in C:\WINDOWS\system32. I guess SDFix did the trick?
     
  6. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    can you post a fresh hijackthis log
     
  7. vanillapudding

    vanillapudding TS Rookie Topic Starter

    Here it is

    Thank you so much for your help.
     
  8. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    did you set a proxy your self or have you never put one
     
  9. vanillapudding

    vanillapudding TS Rookie Topic Starter

    I have set one for myself. I have a static IP issued by my tech guy (I am a dorm parent living on the campus of a school) so that i could bypass the Websense filters through the proxy. However, since one of my username and passwords was stolen and i noticed iexplore.exe (and firefox.exe) running in the background, I knew something was up. I thought it might help to run through the proxy for a while, figuring someone had identified my static IP as vulnerable. Is this probably the case? I have changed all of my other usernames and passwords via another computer as of yesterday. Thanks again for your help. is there a way i can donate $ to this site? You guys are more help than Bitdefender's "customer service" ever was.
     
  10. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    thanks i dont know if you can donate but maybe one of the mods can say yes or no to that. But it looks like your logs are now clean test your internet and computer speed and post back if you see anything funny make sure to get some

    anti-virus
    anti-spyware
    firewall protection

    also forgot download ATF from the link below and run it and select all then click on empty. Then turn off system restore reboot then turn it back on.

    ATF:
    http://www.atribune.org/ccount/click.php?id=1

    Steps to turn off System Restore
    1. Click Start, right-click My Computer, and then click Properties.
    2. In the System Properties dialog box, click the System Restore tab.
    3. Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
    4. Click OK.
     
  11. zipperman

    zipperman TS Rookie Posts: 1,179   +7

    How i read this Topic

    I have not read all posts,but your topic title Is hard to understand.
    I can run Iexplorer without opening IE.
    To get here i click an icon and IE opens here.
    Heres my shortcut propertys to come here and logged in.
    http://www.techspot.com/vb/index.php
    Right click this Forum and create a shortcut to it on your desktop or add to your Favorites.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...