HELP: How to clean this VIRUS/SPYWARE??!?!

[Somebody]

Hi,

I just got a major, ugly spyware infestation... I think I've cleaned most of
it up, but I can't figure out one last issue.

there is an iexplore.exe running as system. I've checked the start up
folder, run, runonce, etc. any wierd "services"... active desktop is off,
nada... can't figure out whats causing this to come up like this. Any other
places I can look?

Thanks.

 

[Ken Blake, MVP]

I just got a major, ugly spyware infestation... I think I've cleaned
most of it up, but I can't figure out one last issue.

there is an iexplore.exe running as system. I've checked the start up
folder, run, runonce, etc. any wierd "services"... active desktop is
off, nada... can't figure out whats causing this to come up like
this. Any other places I can look?

That's Internet Explorer.

 

[Somebody]

I know its IE, but it shouldn't be running under SYSTEM under WINLOGON.exe.

 

[Somebody]

I know its IE, but it shouldn't be running under SYSTEM under the
WINLOGON.exe process. At least it never was before today.

 

[Guest]

I know its IE, but it shouldn't be running under SYSTEM under the
WINLOGON.exe process. At least it never was before today.

Well you didn't mention the name of the Malware or the Virus for us to know
the behavior of that virus to tell yes you have something and go through
these steps.
Otherwise removing something looks legitimate can cause your system to
became useless.
If you want to go ahead and delete it from the registry where you think it
shouldn't be there, then backup your registry on a floppy or CD or in your My
Documents and try editing the registry if you wish.

Yes there are viruses can take or name itself as legitimate processor to
avoid scanners to detect them.
HTH.
Let us know.
Regards,
nass

 

[Somebody]

Well you didn't mention the name of the Malware or the Virus for us to
know
the behavior of that virus to tell yes you have something and go through
these steps.
Otherwise removing something looks legitimate can cause your system to
became useless.
If you want to go ahead and delete it from the registry where you think it
shouldn't be there, then backup your registry on a floppy or CD or in your
My
Documents and try editing the registry if you wish.

Yes there are viruses can take or name itself as legitimate processor to
avoid scanners to detect them.
HTH.
Let us know.
Regards,
nass

Well, I'm not sure. I've tried running ad-aware, MRT, msconfig, autoruns,
and hijackthis and I've erased a few more other droppings those tools found,
but still, I get an iexplore.exe running under SYSTEM under the WINLOGON.EXE
process which is NOT normal.

I'm running norman anti virus (read NORMAN, not NORTON) as I type, but so
far, it hasnt found anything

 

[Frank Saunders, MS-MVP OE/WM]

Hi,

I just got a major, ugly spyware infestation... I think I've cleaned most
of it up, but I can't figure out one last issue.

there is an iexplore.exe running as system. I've checked the start up
folder, run, runonce, etc. any wierd "services"... active desktop is off,
nada... can't figure out whats causing this to come up like this. Any
other places I can look?

Help with malware:
All MS-MVP Sites.
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/darnit.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm

Unexplained computer behavior may be caused by deceptive software.
http://support.microsoft.com/kb/827315

So How Did I Get Infected Anyway?
For quite a few people it's by installing Messenger Plus, whose ads for
malware don't identify the malware as such and try to convince you that you
owe it to the author. See also:
http://www.wilderssecurity.com/showthread.php?t=27971
Don't ever do a "default" install of anything. Always choose Custom and see
what else is being carried along. Don't install any extras you're not sure
of.

 

[Ron Martell]

Hi,

I just got a major, ugly spyware infestation... I think I've cleaned most of
it up, but I can't figure out one last issue.

there is an iexplore.exe running as system. I've checked the start up
folder, run, runonce, etc. any wierd "services"... active desktop is off,
nada... can't figure out whats causing this to come up like this. Any other
places I can look?

Try doing an online scan using at least one of the following free
sites:
Bit Defender http://www.bitdefender.com/scan8/ie.html
Trend Micro http://housecall.trendmicro.com
Kaspersky Online Scanner http://www.kaspersky.com/virusscanner
Panda ActiveScan http://www.pandasoftware.com/activescan
WindowSecurity.com TrojanScan http://windowssecurity.com/trojanscan
Webroot http://www.webroot.com/

Good luck

Ron Martell Duncan B.C. Canada
--
Microsoft MVP (1997 - 2006)
On-Line Help Computer Service
http://onlinehelp.bc.ca
Syberfix Remote Computer Repair

"Anyone who thinks that they are too small to make a difference
has never been in bed with a mosquito."