• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1250
  • Last Modified:

IEXPLORE.EXE VIRUS?

I have a laptop that has what I think is the IEXPLORE.EXE virus.  I can kill the process but it comes back.

I have used process-explorer (from sysinternals) - I can right click on the process

I see where the path (in the command line) "c:\program files\internet explorer\iexplore.exe" http://www.thischangesalloftime.com (then other stuff as well)

Other clean PC's have just the correct path.

Where is the other stuff get inserted from?

I have a bunch of pop ups (that look like it comes from security center but surely it does not) stating that I have a virus and click to enable.  



0
yostnet
Asked:
yostnet
  • 4
  • 2
  • 2
  • +5
7 Solutions
 
kennyhenaoCommented:
Download and run ComboFix.
More than likely this process is hooked by malware.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
HainKurtSr. System AnalystCommented:
it is not a virus, it is internet explorer ;)

just find the file from windows explorer, right click, scan with av, check the version and properties...

and post the size version of it...
0
 
Darius GhassemCommented:
Download Malwarebytes run this program in Safe mode to remove the spyware.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
yostnetAuthor Commented:
MALWAREBYTES will not install
0
 
yostnetAuthor Commented:
624k /  8.0.6001.18702
0
 
FayazCommented:
IEXPLORE is not a virus.
Please download dr.web cureit and scan your machine.
0
 
yostnetAuthor Commented:
"C:\Program Files\Internet Explorer\Iexplore.exe" http://www.webboards.cn/ac.php?aid=216&sid=new

this is what the command line looks like via process explorer (also attaching screen shot)
1-8-2010-12-05-22-PM.png
0
 
optomaCommented:
run process explorer again
In it ,hit options and select "verify image signatures"
Then hit view,select columns and check "verified signer"
Get a screen shot of process and attach images here
0
 
houssam_balloutCommented:
Did you try another user profile
0
 
HainKurtSr. System AnalystCommented:
looks like a parameter is passed to iexplorer, try to fix it (maybe right click on shortcut of IE, select properties and delete the parameter - http://www.webboa....)
0
 
flubbsterCommented:
Try downloading Malwarebytes again and renaming it BEFORE saving it. Then install it and run from safe mode.

Also, look at this registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

Is there anything within this key? If so, please copy it and paste here. Malwarebytes will remove all those entries. False security center malware modifies the registry so that entries related to antivirus/antimalware/spyware are redirected to svchost. Doing this prevents the software from running and stops any GUI from showing.
0
 
yostnetAuthor Commented:
I got MalwareBytes installed after running running Dr. Web cureit (which by the way seemed to clear up the issues)

MalwareBytes is running right now and is finding a couple of things.
0
 
flubbsterCommented:
If it is finding a couple of things, when it is done you will most likely see a great many things. A recent system I fixed using the program showed 7 files infected. When it was finished, it found over 700 bad registry entries that the virus had installed in the reg key I posted earlier. You will most likely need to reboot to safe mode to finish the clean.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now