Latest IEXPLORE.EXE virus that even starts in SAFE MODE!!!!!

S

shripaldalal

Hi friends,

Is there a new IEXPLORE.EXE Virus ? A friend of mine has IEXPLORE.EXE
in his task manager that takes up 95-100% of his processor time. NO IE
WINDOWS ARE OPEN. constantly something is being transmitted.....I used
netstat to check it out. If i try killing it it comes back in a SECOND.

also it rapidly changes process ID'S. I tried using all AD-WARE spyware
Norton, Mcafee nothing was detected. it rapidly changes processes IDs.
I tried online virus scans but it kills the internet explorer window
whenever it tries to go to trendmicro or panda online.

Now the fun part begins..... I tried to restart in safe mode. It does,
BUT THIS SAME IEXPLORE.EXE comes even in safe mode......and I cannot
kill it.....it keeps coming back or staying there constantly....... i
have pulled my hair out. Since when did they start making viruses that
come on in safe mode.

Checked out the hijack this log AND IT"S CLEAN.

Do I have TO REFORMAT ?

Regards,
Shripal Dalal.
 
P

Patrick Keenan

shripaldalal said:
Hi friends,

Is there a new IEXPLORE.EXE Virus ? A friend of mine has IEXPLORE.EXE
in his task manager that takes up 95-100% of his processor time. NO IE
WINDOWS ARE OPEN. constantly something is being transmitted.....I used
netstat to check it out. If i try killing it it comes back in a SECOND.

also it rapidly changes process ID'S. I tried using all AD-WARE spyware
Norton, Mcafee nothing was detected. it rapidly changes processes IDs.
I tried online virus scans but it kills the internet explorer window
whenever it tries to go to trendmicro or panda online.

Now the fun part begins..... I tried to restart in safe mode. It does,
BUT THIS SAME IEXPLORE.EXE comes even in safe mode......and I cannot
kill it.....it keeps coming back or staying there constantly....... i
have pulled my hair out. Since when did they start making viruses that
come on in safe mode.

Checked out the hijack this log AND IT"S CLEAN.

Do I have TO REFORMAT ?

Regards,
Shripal Dalal.
Click to expand...

A couple of things. First, get Process Explorer from SysInternals to see
what's *really* happening.

http://www.sysinternals.com/Utilities/ProcessExplorer.html

Second, boot in safe mode command prompt only. Navigate to the Windows and
System32 folders. At each, issue this command:

dir /ah

this will show you files set to hidden. There are a fair number that
should be there, but you may well find some.probably with seeming random
names, which shouldn't be there. Since you're in safe mode with no GUI,
you should be able to rename these to disable them. I use a .BAD extension
so they are easy to find. Also, set them to not hidden or system with the
attrib command.

attrib filename.ext -s -h

You should check each suspicious file.

Next, locate the content.ie5 folders. These will be in each account under
Temporary Internet Files. These contain, of course, temporary internet
files and are a prime launch point for malware. Remove these folders.
They will be rebuilt. In command prompt mode you may have to indivdually
clear the folders it contains then delete those. It's easy from a
directory listing to make a batch file for this. In SAfe Mode with GUI you
should be able to just delete them.

Also in Safe Mode with GUI, use explorer to show details of all contents of
the System32 folder. Sort by date, and examine carefully anything with
recent dates, particularly files that look like they've just been created.

Go to the IE Plugins control and check for what's running. (IE, Tools,
Manage Add-Ons). Disable everything and re-enable them one at a time.
It's possible for a damaged plugin to immediately close IE without it being
malware.

HTH
-pk
 
D

DatabaseBen

yeh,

something that might help too is to check the firewall settings and ensure
only one connection is active. I had an experience with a network driver
that was designed for malicious purposes and created a hole in my firewall,
whereas some one in China was trying to hack into my system....
 
G

Guest

Might also suggest trying disinfecting with BartPE booted from a CD, or (If
it's FAT32) from DOS, using the commandline McAfee scanner. At least that way
the Trojan shouldn't be running. A Linux scanner and Knoppix/Ubuntu might
work too, though I'm not too familiar with that route.

BTW, have heard that there are some nasty Trojans around from Communist
China. Not all from private hackers, either. Some are attempts to harvest
addressbooks from dissidents' computers, etc. If surfing anywhere inside the
Great Firewall I'd definitely NOT use IE.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Starts only in Safe Mode 3
video mode not supported, even in SAFE mode 1
XP stuck in safe mode, keyboard use causes lock-up in safe mode 1
Cant Boot Safe Mode 9
Cannot even start in safe mode! 5
Safe Mode Virus 10
XP will not boot even in safe mode 4
stuck in safe mode 15

Top