TechSpot

Iexplore.exe virus - could not complete all 8 steps

By OggyK22
Dec 29, 2009
  1. I caught a really bad virus last night and it opens up iexplore.exe on startup and then plays ads in the background. If I kill the process, it opens another one up 30 seconds later. I tried performing all 8 steps, but I was only able to run CCleaner, update Java, and run HijackThis. I tried installing Malwarebytes and SUPERAntiSypware but the setups would not open. The virus has also disabled my McAfee VirusScan so I am unable to scan my computer. I attached the HijackThis log. Please help!
     
  2. OggyK22

    OggyK22 TS Rookie Topic Starter

    Problem Solved!

    It turns out that I had the Rootkit.TDSS virus. I figured it was some sort of rootkit but it took me the last 2 days to actually determine which one I had. Here's the steps I went through to find and remove the virus.

    1. I downloaded and ran Sophos Anti-Rootkit. The scan found the following infected files, but was unable to delete any of the registry files:
    HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\H8SRTd.sys
    HKEY_USERS\.DEFAULT\Software\h8srt
    HKEY_USERS\S-1-5-19\Software\h8srt
    HKEY_USERS\S-1-5-20\Software\h8srt
    HKEY_USERS\S-1-5-21-3264940189-73936133-185295080-1005\Software\h8srt
    C:\WINDOWS\Temp\H8SRT561f.tmp
    C:\Documents and Settings\Kenny Aral\Local Settings\Temp\h8srtmainqt.dll
    C:\Documents and Settings\Kenny Aral\Local Settings\Temp\H8SRT3180.tmp
    C:\WINDOWS\system32\H8SRTmocqsgkoeb.dll
    C:\WINDOWS\system32\drivers\H8SRTcntyxjiexn.sys
    C:\WINDOWS\system32\H8SRTyiuxihhlpk.dat
    C:\WINDOWS\system32\H8SRTkibvcbtgpt.dll
    C:\WINDOWS\system32\H8SRTxfuwavubjm.dll

    2. When I googled H8SRT virus the first link I found was this: http://www.myantispyware.com/2009/12/22/how-to-remove-h8srt-trojan-remove-rootkit-tdss/

    3. I followed the instructions on that link -- downloading TDSSKiller -- and it was able to remove the infected registry files. On restart, my McAfee VirusScan came back to life and I was able to install Malwarebytes.

    4. I scanned my computer with Malwarebytes and it removed the remaining infected files.

    I'm still going to re-scan with McAfee and CCleaner but I'm pretty sure the virus is gone for good. Phew.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...