Iexplore.exe

Status
Not open for further replies.

krylonxcans

Posts: 6   +0
I have noticed that this has been running for quite a while now.
I'm not sure what it is?

I scanned my computer with Ad-Aware and Spybot Search and Destroy and nothing comes up?

I'm hoping you guys can help. Thanks.
 
The thing to do is to 'search' for that executable then right click it and look at its' properties.

You will find what it is and learn how to research files.

:)
 
I'm pretty sure it's a virus or something like that..

because i dont even use internet explorer..

so im not quite sure what it would be
 
Assuming you have XP, ctrl+alt+del (Task manager) and right click iexplore.exe and end process.

Can you?

How many times does it show?
 
Yes i have XP.

Yes i always end the process. It always seems to come back.

I'm going to do all of the following.

thanks tw0rld.
 
krylonxcans

Certainly continue with removal steps in the post you were referred to.. but let me add a couple suggestions you'll find helpful (whether now or when you need these tools again in the future)

1. Instead of Task Mgr download ProcessExplorer. It does everything TaskManager provides and far, far more (including info on relationships of parent/child process relationships and a wealth of data on process properties)

2. Download Autoruns. It provides an extensive list of everything that gets started when you at start your computer (many items you;ll find via autoruns you won't see listed) using other startup tools.

Point being that malware has to start from somewhere!! And whatever that restarts iexplore.exe isn't something you're seeing or paying attention to. (When i had problems removing vundo virus using scanners i just used autoruns myself, found the parent of all the problems, prevented it from starting, and THEN the scanners could remove all the bits and pieces.

Probably best/easiest to boot into safe mode so the thing isn't even started when using Autroruns to go looking for it. Might make it easier to identify/catch/stop it from starting when you boot normally next.
 
oh. yea. one more handy point with autoruns....


  • you;ll find it's scanning status in lower left corner
  • When it starts hit Escape to stop its scan
  • Then click to check (and turn on) Options->Hide Signed Microsoft Entries and Options->Verify Code Signatures
  • Then File->Refresh to restart the scan

Now, when the scan completes it won't display signed/verified entries from Microsoft (which is less for you to look at) and it tell you whether the non-Microsoft stuff you do see is verified or not. (You're looking for something NOT verified)
 
Process Explorer
Suggest you run Task Manager and Process Explorer (PE) side by side just to get familiar with PE presentation of things. Rt click on a process to see the menu options for all the info it will tell about it. Also click Process column header in display to see the 3 ways to see processes listed: alpha ascending, alpha descending, and hierarchical (more a parent/child relationship then simply list of processes). Here's a couple links too
http://www.simplehelp.net/2008/06/27/how-to-get-detailed-information-on-each-running-process-in-windows/
http://homeofficeforum.ca.com/homeofficeforum/posts/list/44.page

Autoruns
Autoruns displays lots of info as well. The tabs at top organize by what type of startup. Everything tab shows all listed together. Unchecking a box prevents it from startup. If you follow brief instructions in my post it will also show if it;s verified digital signature or not. here;s also a link with some more info

You might want to begin just by browsing the lists to recognize software descriptions from companies you know to get familiar with entry for something you know.

Uncheck a startup you know is ok not to start. Close Autoruns. And restart. see if the program no longer starts with the systeem (as an experiment for ya)
http://www.makeuseof.com/tag/get-your-computer-startup-under-control-with-autoruns/
 
Run HJT Again and Place a check next to the following, the click fix checked;
Make show that you close any other programs that might be running.

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/

Install Spybot S&D, update it and do apply immunization, then do a system scan remove whatever it finds.

Check to see if the IEXPLORE.EXE process is still running, when IE is closed.

Post a new HJT Log
 
While in the process of cleaning out your comp, you might want to click start, control panel, add/remove programs, add/remove windows components and remove internet explorer.

What isn't used cannot be run.
 
While in the process of cleaning out your comp, you might want to click start, control panel, add/remove programs, add/remove windows components and remove internet explorer.

What isn't used cannot be run.

On the contrary I think you should keep IE, as you are going to need it in order to install updates from Microsoft update.

You could limit its usage to just that, and switch to an alternate browser, preferably Firefox.

Also, I didn't see any inclinations of a firewall on your system. It is recommended that you install one. Either Zonealarm, or comodo will do, as mentioned in the Malware removal instructions https://www.techspot.com/vb/topic109461.html. As far as I can tell your log looks clean,but Make sure to keep all; Anti-spyware, Anti-virus, and Anti-Malware programs updated with the latest definitions, and perform regular system scans, also be sure to install the latest security updates from Microsoft.

Safe Browsing!
 
Originally Posted by CCT
'While in the process of cleaning out your comp, you might want to click start, control panel, add/remove programs, add/remove windows components and remove internet explorer.

What isn't used cannot be run.'

On the contrary I think you should keep IE, as you are going to need it in order to install updates from Microsoft update.

You could limit its usage to just that, and switch to an alternate browser, preferably Firefox.

Also, I didn't see any inclinations of a firewall on your system. It is recommended that you install one. Either Zonealarm, or comodo will do, as mentioned in the Malware removal instructions https://www.techspot.com/vb/topic109461.html. As far as I can tell your log looks clean,but Make sure to keep all; Anti-spyware, Anti-virus, and Anti-Malware programs updated with the latest definitions, and perform regular system scans, also be sure to install the latest security updates from Microsoft.

Safe Browsing!

'While in the process of cleaning out your comp'

I never said forever, did I.
 
Status
Not open for further replies.
Back