Solved

Iexplorer.exe playing random music virus, spyware

Posted on 2011-09-07
8
861 Views
Last Modified: 2013-11-22
I have a windows xp machine infected with some kind of virus.
at random times, I see iexplore.exe running with a long cmd prompt under the properties playing random music, or shows, etc....

I am running malwarebytes antimalware, supespyware, and I ran autoruns,exe and process explorer.exe from sys internals, and still can't put my finger on it.  Any help would be much appreciated.  I checked msconfig and there's nothing there either. it's possibly in the registry, but not sure exactly where to look at?  Also ran hijackthis, but nothing out of the ordinary was in there.
0
Comment
Question by:afacts
  • 3
  • 3
  • 2
8 Comments
 
LVL 91

Assisted Solution

by:John Hurst
John Hurst earned 250 total points
ID: 36499860
Take a look in the hosts file (c:\windows\system32\drivers\etc and see if there are any entries in there besides comments (#). If so, remove.

The problem with this suggestion, however, is that the activity is random according to you.

See if you have any iexplorer.exe processes (not iexplore.exe) and see if those can be removed.

Unhappily, with all you have done, deeply embedded malware and rootkits can only be truly exterminated with a complete rebuild of the operating system, so be prepared for that. ... Thinkpads_User
0
 

Author Comment

by:afacts
ID: 36500002
nothing in the hosts file, just the localhost IP.
still scanning using different software, so I'll see tomorrow what happens.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 250 total points
ID: 36500248
Try ComboFix and post the log here.... you can also try TDSSKiller.

1.  Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

ComboFix tutorial:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


2. TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip 
0
 

Author Comment

by:afacts
ID: 36503676
i will give that a try
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 36507279
We also need to look at the combofix log because CF doesn't always auto-fix all bad files, that's why it has its script function to be used for any leftover files/reg entries.
0
 

Author Closing Comment

by:afacts
ID: 36507285
Thanks everyone for your help, the combofix just froze on me, so I had no choice besides loosing time, and I've reformated the PC and am working on rebuilding it.  It will go fairly quick, as it's a quad core with 4 GB ram.

Thanks againf or your help!
0
 
LVL 91

Expert Comment

by:John Hurst
ID: 36507297
Thanks for the update. I was pleased to assist. ... Thinkpads_User
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 36507333
Sometimes CF may looked like it hangs but as long as the disk's light is showing activity, CF is still going.
Anyway, sorry it didn't work.

Awesome PC btw, :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Skype uninstall 8 89
How to harden IE & Firefox such that users cant uncheck the proxy 3 65
Yet another Ransome ware 13 164
VMware Black Screen 13 80
Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now