Solved

Iexplorer.exe playing random music virus, spyware

Posted on 2011-09-07
8
863 Views
Last Modified: 2013-11-22
I have a windows xp machine infected with some kind of virus.
at random times, I see iexplore.exe running with a long cmd prompt under the properties playing random music, or shows, etc....

I am running malwarebytes antimalware, supespyware, and I ran autoruns,exe and process explorer.exe from sys internals, and still can't put my finger on it.  Any help would be much appreciated.  I checked msconfig and there's nothing there either. it's possibly in the registry, but not sure exactly where to look at?  Also ran hijackthis, but nothing out of the ordinary was in there.
0
Comment
Question by:afacts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 94

Assisted Solution

by:John Hurst
John Hurst earned 250 total points
ID: 36499860
Take a look in the hosts file (c:\windows\system32\drivers\etc and see if there are any entries in there besides comments (#). If so, remove.

The problem with this suggestion, however, is that the activity is random according to you.

See if you have any iexplorer.exe processes (not iexplore.exe) and see if those can be removed.

Unhappily, with all you have done, deeply embedded malware and rootkits can only be truly exterminated with a complete rebuild of the operating system, so be prepared for that. ... Thinkpads_User
0
 

Author Comment

by:afacts
ID: 36500002
nothing in the hosts file, just the localhost IP.
still scanning using different software, so I'll see tomorrow what happens.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
ID: 36500248
Try ComboFix and post the log here.... you can also try TDSSKiller.

1.  Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

ComboFix tutorial:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


2. TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip 
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:afacts
ID: 36503676
i will give that a try
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 36507279
We also need to look at the combofix log because CF doesn't always auto-fix all bad files, that's why it has its script function to be used for any leftover files/reg entries.
0
 

Author Closing Comment

by:afacts
ID: 36507285
Thanks everyone for your help, the combofix just froze on me, so I had no choice besides loosing time, and I've reformated the PC and am working on rebuilding it.  It will go fairly quick, as it's a quad core with 4 GB ram.

Thanks againf or your help!
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 36507297
Thanks for the update. I was pleased to assist. ... Thinkpads_User
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 36507333
Sometimes CF may looked like it hangs but as long as the disk's light is showing activity, CF is still going.
Anyway, sorry it didn't work.

Awesome PC btw, :)
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question