applehebi

[Veronika]

I don't know where else to ask, but suddenly I got this box appearing on my
screen with "applehebi" on it! I rebooted my vista desktop and now it shows
"blocked start up programs".
I never installed any applehebi and I cannot indicate that I want to remove
it from the start up.
this is what is shows in the description:
applehebi

File Name: explore.exe
Display Name: applehebi
Description: Not Available
Publisher: applehebi Install
Digitally Signed By: NOT SIGNED
File Type: Application
Startup Value: C:\Windows\system32\explore.exe
File Path: C:\Windows\system32\explore.exe
File Size: 61440
File Version: 1.00
Date Installed: 07/11/2008 12:27:54 PM
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Run
Classification: Not yet classified
Ships with Operating System: No
SpyNet Voting: In Progress

What it is??

 

[its_my_dime]

I don't know where else to ask, but suddenly I got this box appearing on my
screen with "applehebi" on it! I rebooted my vista desktop and now it shows
"blocked start up programs".
I never installed any applehebi and I cannot indicate that I want to
remove it from the start up.
this is what is shows in the description:
applehebi

File Name: explore.exe
Display Name: applehebi
Description: Not Available
Publisher: applehebi Install
Digitally Signed By: NOT SIGNED
File Type: Application
Startup Value: C:\Windows\system32\explore.exe
File Path: C:\Windows\system32\explore.exe
File Size: 61440
File Version: 1.00
Date Installed: 07/11/2008 12:27:54 PM
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Run
Classification: Not yet classified
Ships with Operating System: No
SpyNet Voting: In Progress

What it is??

Looks like you downloaded something you shouldn't have. Possibly a corrupt
copy of winrar?

From another web site - I cannot vouch for its authenticity so before
deleting anything, wait for others to chime in. But you can run spybot and
an antivirus.

It's a trojan. First uninstall and delete this version of WinRAR from your
system, it is a hacked copy. To remove the virus, any good spyware detector
should identify and offer to fix it for you, but the basic steps are as
follows:

You need to delete the following file from your system:

C:\Windows\System32\Explore.exe

Note the trojan has also probably added a registry entry to instruct Windows
to run Explore.exe at startup. You need to delete the "explore" entry from:

HKLM\Software\Microsoft\Windows\Curren...

Your Hosts file is probably also modified so that any attempt to view
several well known sites (google, facebook, etc) redirects to a download
page. Search for and download a program named "HijackThis" to detect and fix
issues such as this.

It's not hard to remove this annoyance from your machine, and there is lots
of information available on the web. Good luck.<<

 

[Mick Murphy]

As previous poster said, get rid of it.
Install, update and scan with the 2 programs listed below.
Scan in Safe Mode, if necessary.

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.

 

[Veronika]

I cannot find HKLM

where do I look?
Tx

Looks like you downloaded something you shouldn't have. Possibly a
corrupt copy of winrar?

From another web site - I cannot vouch for its authenticity so before
deleting anything, wait for others to chime in. But you can run spybot
and an antivirus.


You need to delete the following file from your system:

C:\Windows\System32\Explore.exe

Note the trojan has also probably added a registry entry to instruct
Windows to run Explore.exe at startup. You need to delete the "explore"
entry from:

HKLM\Software\Microsoft\Windows\Curren...

Your Hosts file is probably also modified so that any attempt to view
several well known sites (google, facebook, etc) redirects to a download
page. Search for and download a program named "HijackThis" to detect and
fix issues such as this.

It's not hard to remove this annoyance from your machine, and there is
lots of information available on the web. Good luck.<<

 

[its_my_dime]

I cannot find HKLM

where do I look?
Tx

It is a registry entry. Probably better that you don't deal with it if you
aren't used to registry editing.

Follow Mike Murphy's advice below. It will produce the same result.

 

[silver hair]

--
lucky me I guess

I don't know where else to ask, but suddenly I got this box appearing on my
screen with "applehebi" on it! I rebooted my vista desktop and now it shows
"blocked start up programs".
I never installed any applehebi and I cannot indicate that I want to remove
it from the start up.
this is what is shows in the description:
applehebi

File Name: explore.exe
Display Name: applehebi
Description: Not Available
Publisher: applehebi Install
Digitally Signed By: NOT SIGNED
File Type: Application
Startup Value: C:\Windows\system32\explore.exe
File Path: C:\Windows\system32\explore.exe
File Size: 61440
File Version: 1.00
Date Installed: 07/11/2008 12:27:54 PM
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Run
Classification: Not yet classified
Ships with Operating System: No
SpyNet Voting: In Progress

What it is??

hi
I have had a Trojen my self, its gone now.
Spybot to complicated for me.
I used Malwarebytes it worked, as mention below it was in Registry.
and run in Safe Mode
When uninstalling from Programs and Features using the build in Uninstaller
it only removes the Stuff from there, leaving Registry Entry's and other
crap in your computer.
I use " Revo Uninstaller Free " you can also use it to find Registry Entrys
so you can delete them and find other useless crap.
System Restore is my good friend, so be for starting and when finish
I make a Restore Point, in the Event I do a System Restore and go back to
this time, all the crap comes back.
I am NO Expert, so read what others put here first

 

[Veronika]

Well just just completed this:


--Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
--Download, install, update, and immunize your System with it.
--Then SCAN with it.
--Update it, and scan your System once a fortnight.

it removed some malware, but when I rebooted the system, my IE home page was
directed to:
http://www.google.com/
and the following message:
(this is top from view source:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from
url=(0047)http://privacy.microsoft.com/en-us/default.mspx -->
<HTML dir=ltr><HEAD><TITLE> Microsoft Security Center</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content=en-us name=MS.LOCALE>
<META content=MNP2.GenericNav name=search.mnp.template><LINK
href="microsoft_files/templatecss.css" type=text/css rel=Stylesheet>
)
Microsoft Security Center




Alert : Your computer have been attacked by spyware or viruses!



Please download AntiSpyware to fix.



Download AntiSpyware Now





So did I get rid of everything??

 

[Peter Foldes]

You have the GRAYBIRD.G virus. Stop everything and remove it with malwarebyte

www.malwarebyte.org

 

[Peter Foldes]

No you did not. Do as I posted and download malwarebytes and run it in safe mode.

 

[Veronika]

I completed the malwarebytes, all seems fine now.
thanks you all!

No you did not. Do as I posted and download malwarebytes and run it in safe
mode.

 

[Veronika]

Peter,
I run the malwarebyte program. I don't recall any message about GRAYBIRD.G
virus
How do I look for it??
Tx
Veronika

You have the GRAYBIRD.G virus. Stop everything and remove it with
malwarebyte

www.malwarebyte.org

 

[Ryan]

Ok im new to this forum thing so bear with me.. But I got this stupid
applehebi thing too. I run XP media center. I used avg free virus removal
AND the malwarebytes programs in both normal AND safe modes but it still puts
up the fake screen for spyware removal when I open internet explorer, AND it
doesn't let firefox access a few sites. I know how to to registry editing
but every forum cuts the registry path to the explore thing off at
HKLM\Software\Microsoft\Windows\Curren... Can someone help me by giving me
the rest of the path to type in? I would appreciate it greatly!!

 

[Veronika]

I run malwarebyte in safe mode, it did not find anything, but I still must
have GRAYBIRD.G virus as both IE and Firefox will not let me go to Google..
I get the message mentioned earlier..
I have no idea how to get rid of it!

You have the GRAYBIRD.G virus. Stop everything and remove it with
malwarebyte

www.malwarebyte.org

 

[Ryan]

Ok So I ran Malwarebytes, AVG, AND spybot search and destroy in normal AND
safe mode, AND deleted the two unrecognized exe files from registry:
HKLM/software/windows/microsoft/currentversion/run

I STILL can not access many sites on the internet via IE or firefox and when
I open IE it still directs me to a fake microsoft security page and tries to
get my credit card number. How do I get rid of this stupid thing?? Please
any help is appreciated I can't afford to get somebody else to do this!

 

[Snidley W.]

Ok So I ran Malwarebytes, AVG, AND spybot search and destroy in normal AND
safe mode, AND deleted the two unrecognized exe files from registry:
HKLM/software/windows/microsoft/currentversion/run

I STILL can not access many sites on the internet via IE or firefox and when
I open IE it still directs me to a fake microsoft security page and tries to
get my credit card number. How do I get rid of this stupid thing?? Please
any help is appreciated I can't afford to get somebody else to do this!

Put the recovery disc in, reboot, go for it.

 

[Veronika]

I have no idea if I got rid of it or not. I downloaded, installed and run
the following programs;

CCleaner, HijackThis, Malwarebyres, Ad-Ware, AVG Anti-Spyware, and my
regular Norton.

Nearly every program made some changes to my system, and now I cannot access
my email;
I get the following message:

The connection to the server has failed. Account: YYY.YY.YY, Server:
'mail.YYY.YY.YY, Protocol: POP3, Port: 110, Secure(SSL): No, Socket Error:
10061, Error Number: 0x800CCC0E

I don't even know if this will get posted.
I did not changed any set-up on my email which works on my other computers
fine.
Any help out there??

 

[Ryan]

Put the recovery disc in, reboot, go for it.

Thank you!

Haha just in case, where might I come across a recovery disk? This computer
was my stepdad's before we met him so I'm not sure if he still has one.

 

[Snidley W.]

Thank you!

Haha just in case, where might I come across a recovery disk? This computer
was my stepdad's before we met him so I'm not sure if he still has one.

Well I sure as heck don't know if he does!

Suggestion: ask him.

 

[Ryan]

Well I sure as heck don't know if he does!

Suggestion: ask him.

My question is though if he does not have one, where can I find one? Like
would circuit city have something like that? Or could I download the program
or something? That's all.

 

[Snidley W.]

My question is though if he does not have one, where can I find one? Like
would circuit city have something like that? Or could I download the program
or something? That's all.

If he doesn't have what you need, you might try here:

http://www.bloodyhell.com/index.php?option=com_content&task=view&id=20&Itemid=9