ie_updater.exe TROJAN....

By happyanand ยท 9 replies
Apr 17, 2007
  1. Hi,

    When I start my PC it boots VERY SLOW and then gives error that 'ie_updater.exe has encountered an error and needs to close'.

    I went to services.msc and disabled ieupdater21 service.

    Still its very slow to Boot. I dont get the ie_updater.exe error anymore.

    I cannot see my WIRELESS NETWORK ...

    Pls suggest a fix. Attached is the HJT Log.


    Attached Files:

  2. Rickman45

    Rickman45 TS Rookie

    Do a google search for: Trend Micro Housecalls and they have a great online
    full system scan you can use to check and remove trojans and Viruses and Spyware cookies, This has saved me a Few Times. use the Login as anomynus
    User and do a full system scan! it's FREE!
  3. happyanand

    happyanand TS Rookie Topic Starter

    Thanks but my problem is that I cannot connect to internet from this infected PC
  4. momok

    momok TS Rookie Posts: 2,265

    Hello and welcome to techspot. =)

    Your system is infected by a trojan.
    Also, you are running an outdated version of HijackThis.

    Please go to this thread HERE for instructions for getting the latest version.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Please download WinSock XP Fix 1.2 and save it to your desktop. Double click the file to run it.
    Instructions can be found HERE.

    Download Vundofix from HERE.

    Double click the Vundofix.exe to run it.
    Right click in the vundofix window and click add files.

    Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

    These are the following file path's you need to enter:

    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.

    Next, boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
    O2 - BHO: (no name) - {fac21735-8ac1-42c2-a954-41b1b4adb68e} - C:\WINDOWS\system32\firdpo.dll

    Close HJT.

    Reboot into normal mode and rehide your protected OS files.

    After you are done, please post a fresh HJT, C:\vundofix.txt, AVG Antispyware log from normal mode as an attachment into this thread.Do not copy and paste if not it will be ignored and/or removed by the moderators.

    For AVG Antispyware instructions please see HERE.

    Also please let me know if you can connect to the internet with your infected PC after following the above steps.

    Hope you enjoy your stay here.

    Your friendly Momok =)
  5. happyanand

    happyanand TS Rookie Topic Starter

    Thanks a lot:) thats looks like a bunch of tasks...I will do toonite...thanks again...will let u know soon.
  6. happyanand

    happyanand TS Rookie Topic Starter

    Seems its fixed !!!!

    Thanks a lot! It fixed everything. here are all logs on the fixed system...

    Thanks again!!!!!!
  7. momok

    momok TS Rookie Posts: 2,265


    The trojan is not fully removed, and I noticed several other entries in your AVG log that said 'ignored'.

    You may wish to copy and paste these instructions in notepad for easier reference.

    Please go to Viruses/Spyware/Malware, preliminary removal instructions and download ComboFix. Also download CCleaner from HERE.

    Then, follow the instructions for Vundofix again, but this time enter this filepath:

    Next, boot into safe mode again, and unhide your files and folders.

    Go to Start > Run and type services.msc. Press Enter. Search for the following processes and disable them (if found):

    Open Task Manager, and search for and close the following processes, if found:

    Next Run HijackThis and fix these entries:
    O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp13.tmp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe

    Close HJT.

    Navigate in windows explorer to these files and folders listed in bold and delete them (only those in bold):
    C:\Program Files\LogMeIn\
    C:\WINDOWS\Downloaded Program Files\UERS_0001_N91M2007NetInstaller.exe

    Run CCleaner and place a 'tick' for "System" under the Windows tab. Click Analyze, then Run Cleaner to clear all your temporary internet files.

    Reboot into normal mode and rehide your OS files.

    Now run ComboFix with no other programs running.

    When you are done, please post fresh HJT, ComboFix and AVG Antispyware logs as attachments to this thread. Do not copy and paste the logs as they will be ignored and/or removed by the moderators.

    Your friendly Momok =)
  8. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Just a note: LogMeIn is a legitimate program. I have used it already. He should probably only remove it if he doesn't use it.
  9. momok

    momok TS Rookie Posts: 2,265


    Actually, my decision was based on the his AVG file where it was detected.
    I presume that those files have been infected, and it would thus not be safe to use LogMeIn since it is a tool for allowing users to remotely access their computers anywhere. In such a case I think it would be better to reinstall it after the cleaning.
    Perhaps you could enlighten me on this?
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The LogMeIn programme is indeed legit and is perfectly safe if deliberately installed. However, if happyanand didn`t install the programme, it should be removed asap.

    Regards Howard :)

    This thread is for the use of happyanand only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...