Iexplore.exe trouble

[Rainsford]

Hi! I've been having this problem latley, and I was wondering if I could get some help! I built my current computer about 4 months ago, running XP SP2, and havn't had any major issues. When I'm surfing a webpage, on occasion, I would lose focus on it (IE would grey out, for example) and I would need to click on it to regain focus. Also, while playing PC games, such as COD4 or Civ4, the game will just minimize on it's own, for seemingly no reason. I wasn't sure what was wrong, but I think I found out.

I noticed that whenever this would happen, when I went to my task manager, I would see a seperate, 25k iexplore.exe running (as opposed to my main iexplore, that was running at about 100k). When I'm playing a game, sometimes this iexplore.exe will open even when a real internet explorer window isn't open. If I leave the second iexplore.exe running, I was get forced back to desktop about every 2 minutes, however if I kill the program, it usually won't come back again for about an hour, but it's still incredibly frustrating.

Anyone have any idea what it may be? I included a Hijakthis log, to maybe offer some more clues. Thanks alot!

 

[kritius]

Go to Start > Run and copy/paste or type: taskmgr

• Under the Processes tab find the following tasks or processes:
  ViewpointService.exe
  ViewMgr.exe
• Highlight and click "End Process".
• Exit Task Manager.

Click on Start > Run and type: services.msc

• Press "OK".
• Click the "Extended tab".
• Scroll down the list and find the service called "Viewpoint Manager Service"
• When you find the service, double-click on it.
• In the Properties Window > General Tab that opens, click the "Stop" button.
• From the drop-down menu next to "Startup Type", click on "Disabled".
• Now click "Apply", then "OK" and close any open windows.

Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Finally, delete the following folders if they still exist:
C:\Program Files\ViewManager\ <-- and delete this folder
C:\Program Files\Viewpoint\ <-- and delete this folder

--------------------------------------------------------------------------------------------------------

First please go to Start -> Control Panel -> Add/remove programs and uninstall Hijackthis.

Next please follow these instructions. Your version of Hijackthis is in the incorrect folder.

Highjackthis Instructions

• Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
• Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
• Go to the folder where HJT is located and rename the .exe file to something else like crusty.exe then send a shortcut to the desktop.
• Select Scan now and save a log
• After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.

 

[Rainsford]

Hey again, Thanks Kritius! I followed your suggestions, rebooted, but I'm still getting the issue. I attached a new HJT log. Thanks alot!

 

[kritius]

FindAWF

Click here to download FindAWF and save it to your desktop.

• Double-click on the FindAWF.exe file to run it.
• It will open a command prompt and ask you to Press any key to continue.
• Press 1 and then Enter, and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
• It may take a few minutes to complete so be patient.
• When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or to the same location as FindAWF.exe.
• Attach AWF.txt file in your next reply.

Do you get the same problems if you use Firefox or opera?

Update your Java Runtime Environment

• First try going to Start -> Control Panel -> double click Java
• Select the Update TAb at the top
• Click the Check for Updates button at the bottom
• If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
• After it installs the newest version Go back to Control Panel -> Add/remove programs
• Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.

• Click the following link
  Java Runtime Environment 6 Update 5
• The 4th option down is the one you want (click Download)
• Check the box to agree to terms of service
• Check the box for your operating system and click 'Download selected'at the bottom
• After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
• Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder

 

[Rainsford]

Alright, I attached the file you wanted. Thanks again! Also, yea the problem still occurs when I'm using an alternate browser. It seems to happen once every 30 minutes - 1 hour, regardless of what I'm doing. Even if I'm away from my keyboard, and IE isn't open, I'll come back with the 25k fake IE running in task manager.

 

[kritius]

Double-click FindAWF.exe to start the tool.

• Select option #2 - Restore files from bak folders by typing 2 and press 'Enter'
• A text file will open up. Please copy/paste the following quote box into the text file: Below the line
  
  

  "C:\Program Files\AIM\bak\aim.exe"
  "C:\Program Files\Download Manager\bak\DLM.exe"
  "C:\Program Files\Microsoft ActiveSync\bak\wcescomm.exe"
  "C:\Program Files\PeerGuardian2\bak\pg2.exe"
  "C:\Program Files\QuickTime\bak\qttask.exe"
  "C:\Program Files\Windows Media Player\bak\WMPNSCFG.exe"
  "C:\WINDOWS\system32\bak\ctfmon.exe"
  "C:\Program Files\Common Files\Logitech\LCD Manager\bak\lcdmon.exe"
  "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"

• Close the .txt file and click 'Yes' to save the changes.
• When the tool has completed, a report will open up in notepad.

Please post the results of the awf.txt here.

 

[Rainsford]

Hey. Followed the instructions, and attached the new file! Thanks a TON again!

 

[kritius]

Fix AWF Folders
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Program Files\AIM\bak
C:\Program Files\Download Manager\bak
C:\Program Files\Microsoft ActiveSync\bak
C:\Program Files\PeerGuardian2\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Windows Media Player\bak
C:\WINDOWS\system32\bak
C:\Program Files\Alwil Software\Avast4\bak
C:\Program Files\Common Files\Logitech\G-series Software\bak
C:\Program Files\Common Files\Logitech\LCD Manager\bak
C:\Program Files\Common Files\Real\Update_OB\bak

• Double-click on the FindAWF.exe file to run it.
• It will open a command prompt and ask you to "Press any key to continue".
• You will be presented with a Menu.
• Press 3, then press Enter.
• Press any key to continue.
• A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
• Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
• The program will proceed to remove the bad folders and will perform another scan for .bak folder
• It may take a few minutes to complete so be patient.
• When it is complete, it will open a text file in notepad called AWF.txt.
• Please attach the AWF.txt file in your next reply.

Run Fix AWF one more time and press 4, then press Enter.

After you run this reboot and do another scan with HJT and post a new log.

This thread is for the use of Rainsford only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Rainsford]

Hey, sorry it took so long to respond (I went home for Easter, and have been having exams), but I haevn't had the problem crop up again since your help! Thanks alot!

 

[kritius]

Do you want to attach the last file that I asked for?

 

[Rainsford]

Here you go! I actually had another problem that cropped up and I'll start a new topic for it (if that's ok), but thanks again!!

 

[kritius]

: Download and Run DSS

Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.

• Close all applications and windows.
• Double-click on dss.exe to run it, and follow the prompts.
• When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
• Attach the main.txt and the extra.txt in your reply.