The Persistent IEXPLORE.EXE, or This Damn Thing Won't Close

[cerbera]

Hi there. I'm sure you've seen this problem before. Two IEXPLORE.EXEs running in the background. Close one: gone. Try to close the other: it reappears.
I've looked at various other solutions to this problem, but nothing seems to be working for me. Either the fixes I've seen involve someone's specific HijackThis log or, in looking for iexplore.exe in my system32 folder, the file(s) just isn't(aren't) there.

Any help people can provide is greatly appreciated. Here's my log:

 

[howard_hopkinso]

Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of cerbera only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[cerbera]

In doing all of the above stuff, it seems the iexplore.exe problem cleared up, but I don't want to take any chances with any residual problems/arising problems, so I'll post my stuff up to see if you can tell me if it looks like things are completely taken care of. The AVG Antirootkit scan came up with nothing.

Thanks SO much for the help! That one link was so comprehensive, I'm sure I'll refer to it again and again and get my friends to do the same.

 

[howard_hopkinso]

All your logfiles looks good. However, I`d like you to have a file checked out over at Jotti`s.

Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file C:\WINDOWS\Setup1.exe
* Click Open
* Please let me know the results.

Regards Howard

This thread is for the use of cerbera only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[cerbera]

This is what I got from the link.

File: Setup1.exe
Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: e40041e0ca436c712332edaa9db7df08
Packers detected: -

 

[howard_hopkinso]

Ok, do the following.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

Setup1.exe

Close task manager.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\Setup1.exe

Reboot into normal mode and rehide your protected OS files.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of cerbera only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.