iexplore.exe opens by itself but no ie window visible. Only visible in task manager.
I beleive my internet explorer is hijacked. iexplore.exe will open by itself but can only be seen in the task manager and no visible window will be seen. Also when this happens, i go to google.com and do a search, it hijacks the result links when i click them.
Has anybody seen this issue before?
Has anybody seen this issue before?
Scan for spyware as David- Howard said. Is this a Unveristy computer?
ASKER
It's not a university computer. I will try the malwarebytes.
So far I tried, AVG, spybot, windows defender and Trend's SysClean. All of them came up with nothing.
So far I tried, AVG, spybot, windows defender and Trend's SysClean. All of them came up with nothing.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
hmmm, suprising none of the spyware programs you tired so far found anything. Sounds like a worm or tojan.
Hmm.. download SmitFraudFix and do a scan with that in safe mode, if possible:
http://siri.geekstogo.com/SmitfraudFix.php
Hope it helps.
http://siri.geekstogo.com/SmitfraudFix.php
Hope it helps.
ASKER
SmitFraudFix did not fix it.
I couldn't even install Malwarebytes. I see in task manager but no installation wizard comes up.
I did get further with RootRepeal. It found traces of the UAC trojan. How do i get rid of this nasty trojan?
I couldn't even install Malwarebytes. I see in task manager but no installation wizard comes up.
I did get further with RootRepeal. It found traces of the UAC trojan. How do i get rid of this nasty trojan?
You would need to rename MalwareBytes and or Combofix before saving to your desktop. Or use another pc to download the tools and rename them before in contact with the infected pc. The nasties blocks the tools from running unless renamed.
Combofix should get rid of it. Rename combofix before saving the download.
Please download ComboFix by sUBs:
http://download.bleepingco
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Combofix should get rid of it. Rename combofix before saving the download.
Please download ComboFix by sUBs:
http://download.bleepingco
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Find your self a boot CD that you can create, update and scan for spyware.
Last time I removed it manually by slaving the HDD into another PC, and loading the registry hives to remove the files, and the services..... After that SAS was able to remove the remnants.....
We can revisit this if ComboFix doesnt work....
We can revisit this if ComboFix doesnt work....
The fix is Linux based.
"The fix is Linux based. "
???
???
www.malwarebytes.org
http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
Once downloaded, boot into Safe Mode (F8 at startup) and run HiJackThis. Save the log file. Post the log file here for analysis or at www.hijackthis.de
Items marked with Red X's are normally listed as dangerous and should be removed.
Run Malwarebytes as well in Safe Mode.
You might also try logging on to the system as a different user and trying to get IE access. Sometimes the malware that installs itself on a system does not affect every profile.