Iexplore.exe virus/malware problem, 8 step process done

By carlitosince74 ยท 8 replies
Jul 4, 2010
  1. I keep having a iexplore.exe process running, have tried to kill the process but it reappears straight away. Also IE pops up with random adverts and some adverts by sound only, both if which reset my "wave" volume too.
    I have followed the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions process and have attached the required logs.

    In addition to the above problem, i am also receiving a Microsoft Windows message "The system has recovered from a serios error", which also informs me that a log has been created but when i close this message it keeps reappearing.

    Let me know if you need anymore information, thanks in advance for any help.

    I can't find a way of moving my original thread to this forum as i used the incorrect area first, Sorry.

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    As you see, the moderator has moved your thread. I was all ready to tell you that multiple iexplore.exe processes are normal in IE8> then I noted you are running IE6! And yes, you have multiple malware entries using Internet Explorer:

    The only reference I see to antivirus program is in the restore points: RP10: 02/07/2010 18:02:31 - RegRun Virus Scan. A Registry cleaner does not give you AV protection. Please uninstall this program or disable it. See if you can download and install either one of these AV programs
    Both of the following programs are free and known to be good:
    Avira Free
    Avast Home

    Reboot the computer when through.

    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Anvirisus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    I will be preparing some script for you to run in Combofix while you run these programs.

    Going by the activity, it looks like you have been trying to fix this problem yourself:
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    Edit: I also noticed that there are multiple policies set. So I will have you tell me if you set any, or, if they were set by the malware, make sure they are reversed.
    In addition to disabling or uninstalling RegRun, please do the same with the following programs:
    h:\program files\Trojan Remover
    h:\program files\unhackme
  3. carlitosince74

    carlitosince74 TS Rookie Topic Starter

    Hi Bobbye,

    Yep, i was trying to fix the problem myself using various programs, hence the multiple polices but none were successful in the end.
    I have installed Avast and restarted. Disabled all anti-virus, & anti-malware programs and ran Combofix and Eset, logs to follow:
  4. carlitosince74

    carlitosince74 TS Rookie Topic Starter

    ComboFix log too big to post or attach, any ideas. Limit is 20000 characters per post but log is over 200,000 characters.
  5. carlitosince74

    carlitosince74 TS Rookie Topic Starter

    Here is the Eset log:

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=
    # OnlineScanner.ocx=
    # api_version=3.0.2
    # EOSSerial=ed1ac64b13b65d488fdc86961e54e972
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-07-04 04:45:40
    # local_time=2010-07-04 06:45:40 (+0100, Romance Daylight Time)
    # country="United Kingdom"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 5932 5932 0 0
    # compatibility_mode=1024 16777215 100 0 10635685 10635685 0 0
    # compatibility_mode=1797 16775125 100 94 1612 53774597 0 0
    # compatibility_mode=8192 67108863 100 0 134 134 0 0
    # scanned=81109
    # found=0
    # cleaned=0
    # scan_time=2652
  6. carlitosince74

    carlitosince74 TS Rookie Topic Starter

    Now compressed and attached , its the only way i can post the ComboFix log.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Split the log into 2 or 3 posts.
  8. carlitosince74

    carlitosince74 TS Rookie Topic Starter

    Hi Bobbye,

    Im trying it to fix it through another forum and feel i should follow one method at a time so i will let you if our attempts work. Thanks for your time, hopefully we get it sorted.
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Thank you for letting me know. We frown on posting the same problem in multiple forums. It ties the helpers up. I will close this thread.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...