Solved

Iexplorer.exe playing random music virus, spyware

Posted on 2011-09-07
8
862 Views
Last Modified: 2013-11-22
I have a windows xp machine infected with some kind of virus.
at random times, I see iexplore.exe running with a long cmd prompt under the properties playing random music, or shows, etc....

I am running malwarebytes antimalware, supespyware, and I ran autoruns,exe and process explorer.exe from sys internals, and still can't put my finger on it.  Any help would be much appreciated.  I checked msconfig and there's nothing there either. it's possibly in the registry, but not sure exactly where to look at?  Also ran hijackthis, but nothing out of the ordinary was in there.
0
Comment
Question by:afacts
  • 3
  • 3
  • 2
8 Comments
 
LVL 92

Assisted Solution

by:John Hurst
John Hurst earned 250 total points
ID: 36499860
Take a look in the hosts file (c:\windows\system32\drivers\etc and see if there are any entries in there besides comments (#). If so, remove.

The problem with this suggestion, however, is that the activity is random according to you.

See if you have any iexplorer.exe processes (not iexplore.exe) and see if those can be removed.

Unhappily, with all you have done, deeply embedded malware and rootkits can only be truly exterminated with a complete rebuild of the operating system, so be prepared for that. ... Thinkpads_User
0
 

Author Comment

by:afacts
ID: 36500002
nothing in the hosts file, just the localhost IP.
still scanning using different software, so I'll see tomorrow what happens.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
ID: 36500248
Try ComboFix and post the log here.... you can also try TDSSKiller.

1.  Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

ComboFix tutorial:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


2. TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip 
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 

Author Comment

by:afacts
ID: 36503676
i will give that a try
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 36507279
We also need to look at the combofix log because CF doesn't always auto-fix all bad files, that's why it has its script function to be used for any leftover files/reg entries.
0
 

Author Closing Comment

by:afacts
ID: 36507285
Thanks everyone for your help, the combofix just froze on me, so I had no choice besides loosing time, and I've reformated the PC and am working on rebuilding it.  It will go fairly quick, as it's a quad core with 4 GB ram.

Thanks againf or your help!
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 36507297
Thanks for the update. I was pleased to assist. ... Thinkpads_User
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 36507333
Sometimes CF may looked like it hangs but as long as the disk's light is showing activity, CF is still going.
Anyway, sorry it didn't work.

Awesome PC btw, :)
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
experiencing spam after Exchange 2013 migration 11 69
Kaspersky Antivirus reports 4 66
how can I resolve Threat Has Been Detected message by AVAST? 4 62
is this a virus? 3 38
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now