[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Iexplorer.exe playing random music virus, spyware

Posted on 2011-09-07
8
Medium Priority
?
868 Views
Last Modified: 2013-11-22
I have a windows xp machine infected with some kind of virus.
at random times, I see iexplore.exe running with a long cmd prompt under the properties playing random music, or shows, etc....

I am running malwarebytes antimalware, supespyware, and I ran autoruns,exe and process explorer.exe from sys internals, and still can't put my finger on it.  Any help would be much appreciated.  I checked msconfig and there's nothing there either. it's possibly in the registry, but not sure exactly where to look at?  Also ran hijackthis, but nothing out of the ordinary was in there.
0
Comment
Question by:afacts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 98

Assisted Solution

by:John Hurst
John Hurst earned 1000 total points
ID: 36499860
Take a look in the hosts file (c:\windows\system32\drivers\etc and see if there are any entries in there besides comments (#). If so, remove.

The problem with this suggestion, however, is that the activity is random according to you.

See if you have any iexplorer.exe processes (not iexplore.exe) and see if those can be removed.

Unhappily, with all you have done, deeply embedded malware and rootkits can only be truly exterminated with a complete rebuild of the operating system, so be prepared for that. ... Thinkpads_User
0
 

Author Comment

by:afacts
ID: 36500002
nothing in the hosts file, just the localhost IP.
still scanning using different software, so I'll see tomorrow what happens.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 1000 total points
ID: 36500248
Try ComboFix and post the log here.... you can also try TDSSKiller.

1.  Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

ComboFix tutorial:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


2. TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip 
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:afacts
ID: 36503676
i will give that a try
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 36507279
We also need to look at the combofix log because CF doesn't always auto-fix all bad files, that's why it has its script function to be used for any leftover files/reg entries.
0
 

Author Closing Comment

by:afacts
ID: 36507285
Thanks everyone for your help, the combofix just froze on me, so I had no choice besides loosing time, and I've reformated the PC and am working on rebuilding it.  It will go fairly quick, as it's a quad core with 4 GB ram.

Thanks againf or your help!
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 36507297
Thanks for the update. I was pleased to assist. ... Thinkpads_User
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 36507333
Sometimes CF may looked like it hangs but as long as the disk's light is showing activity, CF is still going.
Anyway, sorry it didn't work.

Awesome PC btw, :)
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question