TechSpot

Iexplore.exe

By krylonxcans
Sep 17, 2008
  1. I have noticed that this has been running for quite a while now.
    I'm not sure what it is?

    I scanned my computer with Ad-Aware and Spybot Search and Destroy and nothing comes up?

    I'm hoping you guys can help. Thanks.
     
  2. CCT

    CCT TS Evangelist Posts: 2,653   +6

    The thing to do is to 'search' for that executable then right click it and look at its' properties.

    You will find what it is and learn how to research files.

    :)
     
  3. krylonxcans

    krylonxcans TS Rookie Topic Starter

    I'm pretty sure it's a virus or something like that..

    because i dont even use internet explorer..

    so im not quite sure what it would be
     
  4. tw0rld

    tw0rld TS Maniac Posts: 572   +6

  5. CCT

    CCT TS Evangelist Posts: 2,653   +6

    Assuming you have XP, ctrl+alt+del (Task manager) and right click iexplore.exe and end process.

    Can you?

    How many times does it show?
     
  6. krylonxcans

    krylonxcans TS Rookie Topic Starter

    Yes i have XP.

    Yes i always end the process. It always seems to come back.

    I'm going to do all of the following.

    thanks tw0rld.
     
  7. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    krylonxcans

    Certainly continue with removal steps in the post you were referred to.. but let me add a couple suggestions you'll find helpful (whether now or when you need these tools again in the future)

    1. Instead of Task Mgr download ProcessExplorer. It does everything TaskManager provides and far, far more (including info on relationships of parent/child process relationships and a wealth of data on process properties)

    2. Download Autoruns. It provides an extensive list of everything that gets started when you at start your computer (many items you;ll find via autoruns you won't see listed) using other startup tools.

    Point being that malware has to start from somewhere!! And whatever that restarts iexplore.exe isn't something you're seeing or paying attention to. (When i had problems removing vundo virus using scanners i just used autoruns myself, found the parent of all the problems, prevented it from starting, and THEN the scanners could remove all the bits and pieces.

    Probably best/easiest to boot into safe mode so the thing isn't even started when using Autroruns to go looking for it. Might make it easier to identify/catch/stop it from starting when you boot normally next.
     
  8. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    oh. yea. one more handy point with autoruns....


    • you;ll find it's scanning status in lower left corner
    • When it starts hit Escape to stop its scan
    • Then click to check (and turn on) Options->Hide Signed Microsoft Entries and Options->Verify Code Signatures
    • Then File->Refresh to restart the scan

    Now, when the scan completes it won't display signed/verified entries from Microsoft (which is less for you to look at) and it tell you whether the non-Microsoft stuff you do see is verified or not. (You're looking for something NOT verified)
     
  9. krylonxcans

    krylonxcans TS Rookie Topic Starter

    Ok tw0rld..
    I did all of the following.. and here are my text and log files
     
  10. krylonxcans

    krylonxcans TS Rookie Topic Starter

    And LookinAround

    i downloaded the programs.. but i am not sure how to use them
     
  11. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    Process Explorer
    Suggest you run Task Manager and Process Explorer (PE) side by side just to get familiar with PE presentation of things. Rt click on a process to see the menu options for all the info it will tell about it. Also click Process column header in display to see the 3 ways to see processes listed: alpha ascending, alpha descending, and hierarchical (more a parent/child relationship then simply list of processes). Here's a couple links too
    http://www.simplehelp.net/2008/06/27/how-to-get-detailed-information-on-each-running-process-in-windows/
    http://homeofficeforum.ca.com/homeofficeforum/posts/list/44.page

    Autoruns
    Autoruns displays lots of info as well. The tabs at top organize by what type of startup. Everything tab shows all listed together. Unchecking a box prevents it from startup. If you follow brief instructions in my post it will also show if it;s verified digital signature or not. here;s also a link with some more info

    You might want to begin just by browsing the lists to recognize software descriptions from companies you know to get familiar with entry for something you know.

    Uncheck a startup you know is ok not to start. Close Autoruns. And restart. see if the program no longer starts with the systeem (as an experiment for ya)
    http://www.makeuseof.com/tag/get-your-computer-startup-under-control-with-autoruns/
     
  12. tw0rld

    tw0rld TS Maniac Posts: 572   +6

    Run HJT Again and Place a check next to the following, the click fix checked;
    Make show that you close any other programs that might be running.

    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/

    Install Spybot S&D, update it and do apply immunization, then do a system scan remove whatever it finds.

    Check to see if the IEXPLORE.EXE process is still running, when IE is closed.

    Post a new HJT Log
     
  13. CCT

    CCT TS Evangelist Posts: 2,653   +6

    While in the process of cleaning out your comp, you might want to click start, control panel, add/remove programs, add/remove windows components and remove internet explorer.

    What isn't used cannot be run.
     
  14. krylonxcans

    krylonxcans TS Rookie Topic Starter

    It doesn't appear anymore :)
    thanks!!

    here is my hijack log if anything
     
  15. tw0rld

    tw0rld TS Maniac Posts: 572   +6

    On the contrary I think you should keep IE, as you are going to need it in order to install updates from Microsoft update.

    You could limit its usage to just that, and switch to an alternate browser, preferably Firefox.

    Also, I didn't see any inclinations of a firewall on your system. It is recommended that you install one. Either Zonealarm, or comodo will do, as mentioned in the Malware removal instructions http://www.techspot.com/vb/topic109461.html. As far as I can tell your log looks clean,but Make sure to keep all; Anti-spyware, Anti-virus, and Anti-Malware programs updated with the latest definitions, and perform regular system scans, also be sure to install the latest security updates from Microsoft.

    Safe Browsing!
     
  16. CCT

    CCT TS Evangelist Posts: 2,653   +6

    Originally Posted by CCT
    'While in the process of cleaning out your comp, you might want to click start, control panel, add/remove programs, add/remove windows components and remove internet explorer.

    What isn't used cannot be run.'

    'While in the process of cleaning out your comp'

    I never said forever, did I.
     
  17. tw0rld

    tw0rld TS Maniac Posts: 572   +6

    My bad, just a bit of oversight. forgive me?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...