wallywimple
Posts: 12 +0
Iexplore.exe running amuk 99% CPU.
What do I need to do?
What do I need to do?
Skip.exe found HJT log attached
- Thread starter wallywimple
- Start date
- Status
Hi wallywimple, Welcome to Techspot!
My name is Jason, on these forums I am known as Jase123. I will be helping you with your current problem.
HiJackThis logs do take some time to review and research. I would appreciate it if while you are waiting, you could please do the following for me:
Please make an Uninstall List using HiJackThis.
To access the Uninstall Manager you would do the following:
As we work together to resolve your problem, please read these instructions carefully. You may wish to print them off or copy them to Notepad.
Lastly, please keep these points in mind:
I am reviewing your log now, and will be back with you shortly. Thank you for your patience.
Regards Jason :wave:
My name is Jason, on these forums I am known as Jase123. I will be helping you with your current problem.
HiJackThis logs do take some time to review and research. I would appreciate it if while you are waiting, you could please do the following for me:
Please make an Uninstall List using HiJackThis.
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
As we work together to resolve your problem, please read these instructions carefully. You may wish to print them off or copy them to Notepad.
Lastly, please keep these points in mind:
- If you have questions, please DON'T hesitate to ask!
- The instructions I give are specific to your current problem and should not be used on other systems.
- Please post your replies only to this topic, and please DO NOT start a new thread.
- Since there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"
I am reviewing your log now, and will be back with you shortly. Thank you for your patience.
Regards Jason :wave:
Your log is clean, however I notice your running a p2p program. This is a huge security risk and basically your just opening your computer to malware.
Although the p2p program your using is safe - it does NOT mean that the files you're downloading are.
The risks of using a P2P program are stated in this Sourceforge website and Information Week article.
I do NOT think this is related to malware - however it won't hurt to check.
To make sure there is no malware lurking - please do the following:
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the Panda Antirootkit scan.
Regards Jason
Although the p2p program your using is safe - it does NOT mean that the files you're downloading are.
The risks of using a P2P program are stated in this Sourceforge website and Information Week article.
I do NOT think this is related to malware - however it won't hurt to check.
To make sure there is no malware lurking - please do the following:
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.
Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.
Also, let me know the results of the Panda Antirootkit scan.
Regards Jason
wallywimple
Posts: 12 +0
Ran everything as instructed. Panda rootkit reported nothing found.
Before posting, I had changed the extension of iexplore.exe to .ex. I thought whatever program was calling it to run, would give me a message about a missing file. No such luck. Windows replaced the missing file, but iexplore.ex was still there.
After running all the programs that you suggested, iexplore.ex was still showing up in the process list under task manager. If I ended it, it would start back up and consume CPU time and accumulate over 100,000 page faults in no time at all. I now remember that when shutting down the computer, a message would pop up about iexplore.exe (now iexplore.ex) not being able to shut down and I would do it manually.
I rebooted in safe mode and permanently deleted iexplore.ex and everything is fine. Iexplore does not load automatically in the background and consume the CPU. The file sizes of iexplore.exe and iexplore.ex were both 611 kb.
Thank you for your time,
John
Before posting, I had changed the extension of iexplore.exe to .ex. I thought whatever program was calling it to run, would give me a message about a missing file. No such luck. Windows replaced the missing file, but iexplore.ex was still there.
After running all the programs that you suggested, iexplore.ex was still showing up in the process list under task manager. If I ended it, it would start back up and consume CPU time and accumulate over 100,000 page faults in no time at all. I now remember that when shutting down the computer, a message would pop up about iexplore.exe (now iexplore.ex) not being able to shut down and I would do it manually.
I rebooted in safe mode and permanently deleted iexplore.ex and everything is fine. Iexplore does not load automatically in the background and consume the CPU. The file sizes of iexplore.exe and iexplore.ex were both 611 kb.
Thank you for your time,
John
Your computer has multiple infections, including a backdoor. This is from you dowloading p2p files. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.
You are strongly advised to do the following:
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.
To help you understand more, please take some time to read the following articles:
What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups
Please let me know what you would like to do.
Regards Jason
This thread is for the use of wallywimple ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
You are strongly advised to do the following:
- Disconnect the computer from the Internet and from any networked computers until it is cleaned.
- Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
- Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
- From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.
To help you understand more, please take some time to read the following articles:
What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups
Please let me know what you would like to do.
Regards Jason
This thread is for the use of wallywimple ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
wallywimple
Posts: 12 +0
The computer in question is basically for multimedia and not used for secure things, so I might not be in too much trouble. I have several hard drives on it with many audio and video files. What can we do to clean it? Is it just a matter of the drive with the operating system? The page file is located on another drive. Does that one need reformatted also?
If you don't use that computer for banking ect. then cleaning it is a better option.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
Show hidden files and folders;
Do a full scan with you antivirus scanner and post a fresh HJT log.
Regards Jason
This thread is for the use of wallywimple ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.
Show hidden files and folders;
- Open My Computer.
- Go to Tools > Folder Options.
- Select the View tab.
- Scroll down to Hidden files and folders.
- Select Show hidden files and folders.
- Uncheck (untick) Hide extensions of known file types.
- Uncheck (untick) Hide protected operating system files (Recommended).
- Click Yes when prompted.
- Click OK.
- Close My Computer.
Do a full scan with you antivirus scanner and post a fresh HJT log.
Regards Jason
This thread is for the use of wallywimple ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
wallywimple
Posts: 12 +0
This computer was on a home network with one other computer through which I did use for secure purposes. I suppose I need to do the same things to that one also. Correct?
Here is the latest HJT log.
Here is the latest HJT log.
It could be quite possible that your other computer is infected - I recommend you do the same.
May I ask what version of Internet Explorer your using?
Please could you post an combofix log.
Regards Jason
This thread is for the use of wallywimple ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
May I ask what version of Internet Explorer your using?
Please could you post an combofix log.
Regards Jason
This thread is for the use of wallywimple ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
wallywimple
Posts: 12 +0
Should I start a new thread for my other computer?
Here is the latest combofix log.
IE v. 7.0.5730.11
Here is the latest combofix log.
IE v. 7.0.5730.11
Not yet!
How is your current system running? Any problems?
Regards Jason
This thread is for the use of wallywimple ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
How is your current system running? Any problems?
Regards Jason
This thread is for the use of wallywimple ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
wallywimple
Posts: 12 +0
It seems to be running fine. No iexplore problem like the other one. I did run the hijackthis uninstall list and there are files that I know nothing about.
Please could you post the HJT unistall list here and tell me the programs you don't recognize.
Regards Jason
This thread is for the use of wallywimple ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
Regards Jason
This thread is for the use of wallywimple ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
wallywimple
Posts: 12 +0
CCscore
ESS... files
kgcbase
SFR
SHASTA
I have to go to work now. I will be back in touch tomorrow.
ESS... files
kgcbase
SFR
SHASTA
I have to go to work now. I will be back in touch tomorrow.
wallywimple
Posts: 12 +0
I checked the programs on that list that I wasn't sure of and they're all ok.
What do I need to do to the compromised computer?
What do I need to do to the compromised computer?
Ok no problem mate.
Follow my instructions below as long as your system is running fine;
Hide system files
Flush the system restore points
After restarting your computer, follow these steps:
Note: Do this only ONCE, don't flush it regularly.
Keep your system updated
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.
Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates
Alternatively, you can visit the links below to update Windows and Office products.
Windows Update
Office Update
If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:
Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.
Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.
Be careful when opening attachments and downloading files.
Stop malicious scripts
Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.
Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.
Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.
Make your Internet Explorer safer
For Internet Explorer 6
For Internet Explorer 7
Please read this article to configure Internet Explorer 7 properly.
Avoid P2P
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.
Regards Jason
This thread is for the use of wallywimple ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
Follow my instructions below as long as your system is running fine;
Hide system files
- Open My Computer.
- Go to Tools > Folder Options.
- Select the View tab.
- Scroll down to Hidden files and folders.
- Select Do not show hidden files and folders.
- Check (tick) Hide extensions of known file types.
- Check (untick) Hide protected operating system files (Recommended).
- Click OK.
- Close My Computer.
Flush the system restore points
- Right click on My Computer and select Properties.
- Select the System Restore tab.
- Check (tick) Turn off system restore on all drives box.
- Click OK.
- Restart your computer.
After restarting your computer, follow these steps:
- Right click on My Computer and select Properties.
- Select the System Restore tab.
- Uncheck (untick) Turn on system restore on all drives box.
- Click OK.
- Restart your computer.
Note: Do this only ONCE, don't flush it regularly.
Keep your system updated
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.
Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates
Alternatively, you can visit the links below to update Windows and Office products.
Windows Update
Office Update
If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:
- Go to Start > Control Panel > Automatic Updates
- Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
- Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
- Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.
Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.
Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.
Be careful when opening attachments and downloading files.
- Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
- Never open emails from unknown senders.
- Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
- Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.
Stop malicious scripts
Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.
Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.
Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.
Make your Internet Explorer safer
For Internet Explorer 6
- Open Internet Explorer. Click on Tools > Options.
- Click on the Security tab.
- Click on the Internet icon.
- Click on the Custom Level button.
- Under Download signed ActiveX controls, select Prompt.
- Under Download unsigned ActiveX controls, select Disable.
- Under Initialize and script ActiveX controls not marked as safe, select Disable.
- Under Installation of desktop items, select Prompt.
- Under Launching programs and files in an IFRAME, select Prompt.
- Under Navigate sub-frames across different domains, select Prompt.
- Under Allow paste operations via script, select Disable.
- Click OK to apply these settings.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Press OK to exit the Internet Properties page.
For Internet Explorer 7
Please read this article to configure Internet Explorer 7 properly.
Avoid P2P
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.
Regards Jason
This thread is for the use of wallywimple ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
wallywimple
Posts: 12 +0
Thanks for everthing Jason.
PS. The "clean and infected P2P programs" link does not work.
PS. The "clean and infected P2P programs" link does not work.
- Status
