Ie_updater.exe TROJAN....

Status
Not open for further replies.
Hi,

When I start my PC it boots VERY SLOW and then gives error that 'ie_updater.exe has encountered an error and needs to close'.

I went to services.msc and disabled ieupdater21 service.

Still its very slow to Boot. I dont get the ie_updater.exe error anymore.

I cannot see my WIRELESS NETWORK ...

Pls suggest a fix. Attached is the HJT Log.

Thanks
 

Attachments

  • hijackthis.log
    8.7 KB · Views: 5
Do a google search for: Trend Micro Housecalls and they have a great online
full system scan you can use to check and remove trojans and Viruses and Spyware cookies, This has saved me a Few Times. use the Login as anomynus
User and do a full system scan! it's FREE!
Rickman45
 
Hello and welcome to techspot. =)

Your system is infected by a trojan.
Also, you are running an outdated version of HijackThis.


Please go to this thread HERE for instructions for getting the latest version.

You may wish to copy and paste these instructions on notepad for easier reference later.

Please download WinSock XP Fix 1.2 and save it to your desktop. Double click the file to run it.
Instructions can be found HERE.

Download Vundofix from HERE.

Double click the Vundofix.exe to run it.
Right click in the vundofix window and click add files.

Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

These are the following file path's you need to enter:
C:\WINDOWS\system32\firdpo.dll

Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.

Next, boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
O2 - BHO: (no name) - {fac21735-8ac1-42c2-a954-41b1b4adb68e} - C:\WINDOWS\system32\firdpo.dll

Close HJT.

Reboot into normal mode and rehide your protected OS files.

After you are done, please post a fresh HJT, C:\vundofix.txt, AVG Antispyware log from normal mode as an attachment into this thread.Do not copy and paste if not it will be ignored and/or removed by the moderators.

For AVG Antispyware instructions please see HERE.

Also please let me know if you can connect to the internet with your infected PC after following the above steps.

Hope you enjoy your stay here.


Regards,
Your friendly Momok =)
 
Hi,

The trojan is not fully removed, and I noticed several other entries in your AVG log that said 'ignored'.

You may wish to copy and paste these instructions in notepad for easier reference.

Please go to Viruses/Spyware/Malware, preliminary removal instructions and download ComboFix. Also download CCleaner from HERE.

Then, follow the instructions for Vundofix again, but this time enter this filepath:
C:\WINDOWS\system32\tmp13.tmp.dll


Next, boot into safe mode again, and unhide your files and folders.

Go to Start > Run and type services.msc. Press Enter. Search for the following processes and disable them (if found):
RaMaint.exe
LogMeIn.exe
LMIinit.dll


Open Task Manager, and search for and close the following processes, if found:
RaMaint.exe
LogMeIn.exe
UERS_0001_N91M2007NetInstaller.exe
LMIinit.dll


Next Run HijackThis and fix these entries:
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp13.tmp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe

Close HJT.

Navigate in windows explorer to these files and folders listed in bold and delete them (only those in bold):
C:\Program Files\LogMeIn\
C:\WINDOWS\system32\tmp13.tmp.dll
C:\WINDOWS\Downloaded Program Files\UERS_0001_N91M2007NetInstaller.exe
C:\WINDOWS\system32\LMIinit.dll

Run CCleaner and place a 'tick' for "System" under the Windows tab. Click Analyze, then Run Cleaner to clear all your temporary internet files.

Reboot into normal mode and rehide your OS files.

Now run ComboFix with no other programs running.

When you are done, please post fresh HJT, ComboFix and AVG Antispyware logs as attachments to this thread. Do not copy and paste the logs as they will be ignored and/or removed by the moderators.



Regards,
Your friendly Momok =)
 
Just a note: LogMeIn is a legitimate program. I have used it already. He should probably only remove it if he doesn't use it.
 
Hi,

Actually, my decision was based on the his AVG file where it was detected.
C:\Program Files\LogMeIn\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
C:\WINDOWS\system32\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
[480] C:\WINDOWS\system32\LMIinit.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Ignored.
I presume that those files have been infected, and it would thus not be safe to use LogMeIn since it is a tool for allowing users to remotely access their computers anywhere. In such a case I think it would be better to reinstall it after the cleaning.
Perhaps you could enlighten me on this?
 
The LogMeIn programme is indeed legit and is perfectly safe if deliberately installed. However, if happyanand didn`t install the programme, it should be removed asap.

Regards Howard :)

This thread is for the use of happyanand only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back