Iexplorer.exe win32/heur cannot be removed

[icec0rpse]

I'm relatively new to removing trojans.
Was found here:
"C:\Program Files\Internet Explorer\iexplore.exe (1992)";"Virus found Win32/Heur";""

I'll attach a hijackthis log. I honestly have no clue how to remove this virus. I am hesitant to delete random stuff so I'll leave it to the experts.

 

[touch]

Hello icec0rpse


Please download combofix here ->
ComboFix
Before Saving it to Desktop, please rename it to 321.com to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted.
Usually located in c:\combofix.txt, please attach it to your next post

 

[icec0rpse]

Thanks!

After fighting with avg, i finally got combofix to run. Here is the coveted log.
Thanks again for helping me so quickly!

 

[touch]

It looks like you´ve got rid of a rootkit there

Please run the steps in this guide:

8-step Viruses/Spyware/Malware Preliminary Removal Instructions

Post attached log´s from:

Malwarebyte
Superantispyware
Hijackthis

In your next reply

 

[icec0rpse]

Done

Alright, done. I recently installed Internet Explorer 8.

 

[touch]

Have hijackthis to fix:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb

Viewpoint is considered foistware and is not needed on your computer.

Download and unzip ViewpointKiller to own folder on Desktop - Here
Run ViewpointKiller.exe

Reboot, and tell how yhings are running now ?

 

[icec0rpse]

Wowee

The system is running with some snap now! I can't thank you enough for the your help. Is there anything else we need to do?

 

[touch]

That´s good news

Just the cleanup procedure ->

You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.

Click START then RUN
Now type Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
When shown the disclaimer, Select "2"
The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present.
The C:\Deckard folder, if present.
The C:_OtMoveIt folder, if present.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.

To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place?

Keep safe :wave: