2 sessions of iexplore.exe
- Thread starter Rockon
- Start date
Bobbye
Posts: 16,313 +36
Rockon, multiple iexplore.exe are normal with IE8.
However, you system does have multiple malware infections: We're going to work backwards:
Please reopen HijackThis to 'do system scan only'. Check each of the following if present:
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: (no name) - {0677e4c7-6d88-4418-b74b-8fecd8ef4dd5} - C:\WINDOWS\system32\fibufeti.dll (file missing)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [hulasaboyu] Rundll32.exe "C:\WINDOWS\system32\jemukuwo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [hulasaboyu] Rundll32.exe "C:\WINDOWS\system32\jemukuwo.dll",s (User 'NETWORK SERVICE')
O18 - Filter hijack: text/html - {6147039d-ed05-48e6-848f-1e95c35ca6a7} - C:\WINDOWS\system32\mst122.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
Close all Windows except HijackThis and click on "Fix Checked."
Then go back to the beginning. Follow each of the steps in the Virus and Malware Removal thread HERE.
Attach the logs from Malwarebytes and Superantispyware.
Run a new scan with HijackThis and PASTE that log in next reply. (that is only paste)
I'll review them and decide what comes next.
However, you system does have multiple malware infections: We're going to work backwards:
Please reopen HijackThis to 'do system scan only'. Check each of the following if present:
O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
O1 - Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
O2 - BHO: (no name) - {0677e4c7-6d88-4418-b74b-8fecd8ef4dd5} - C:\WINDOWS\system32\fibufeti.dll (file missing)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [hulasaboyu] Rundll32.exe "C:\WINDOWS\system32\jemukuwo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [hulasaboyu] Rundll32.exe "C:\WINDOWS\system32\jemukuwo.dll",s (User 'NETWORK SERVICE')
O18 - Filter hijack: text/html - {6147039d-ed05-48e6-848f-1e95c35ca6a7} - C:\WINDOWS\system32\mst122.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
Close all Windows except HijackThis and click on "Fix Checked."
Then go back to the beginning. Follow each of the steps in the Virus and Malware Removal thread HERE.
Attach the logs from Malwarebytes and Superantispyware.
Run a new scan with HijackThis and PASTE that log in next reply. (that is only paste)
I'll review them and decide what comes next.
Latest posts
-
AMD Radeon RX 9060 XT PCIe Comparison: 8GB vs. 16GB- Steve replied
-
AMD claims Ryzen Threadripper 9000 is up to 145% faster than Intel Xeon- Knot Schure replied
-
German government moves closer to ditching Microsoft: "We're done with Teams!"
- Knot Schure replied
