2 iexplore.exe running constantly!!

  • Thread starter Thread starter Hank
  • Start date Start date
H

Hank

Ok so my friend asked me to look at her computer to see if I could
repair it, well turns out she had a lot of viruses on it, some really
nothing some meduim well there is 2 iexplore.exe's running in
taskmanager and I can't stop the process's. I looked everywhere to find
help and so far I got nowhere.

I ran hijack this and came back with a couple of files such as
"Polymorph.dll, dvb03a.dll" that I tried to delete them but they come
back, and not do they only come back I cant find them in the location
hijack this says they are at.

Has anyone had this problem with the iexplore before? Again I tried
autoruns, hijack this, cwshredder, norton anti-virus, a-squared with no
results. I really don't want to reformat the computer. So any advice??
 
Hank said:
Ok so my friend asked me to look at her computer to see if I could
repair it, well turns out she had a lot of viruses on it, some really
nothing some meduim well there is 2 iexplore.exe's running in
taskmanager and I can't stop the process's. I looked everywhere to find
help and so far I got nowhere.

I ran hijack this and came back with a couple of files such as
"Polymorph.dll, dvb03a.dll" that I tried to delete them but they come
back, and not do they only come back I cant find them in the location
hijack this says they are at.

Has anyone had this problem with the iexplore before? Again I tried
autoruns, hijack this, cwshredder, norton anti-virus, a-squared with no
results. I really don't want to reformat the computer. So any advice??

Hi Hank,
To disable the runing apps, do the following open the RUN command and Type:
msconfig then click Ok and on the Start up Tab click on it and uncheck any
refrence for iexplorer.exe [ but not for exo;prer.exe] and reboot your
machine.
Go to this link and download the removal tools from here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;890830
For scan online go here:here:
http://housecall.trendmicro.com/
http://www.pandasoftware.com
http://www.sophos.com
http://www.nasstec.co.uk/tools.html
For Anti-Adware go here:
http://www.lavasoftusa.com/ ; for SE lavasoft for personal use
http://www.safer-networking.org/ ; for S&D spybot S&D
Please note turn OFF system Restore on your computer.
I think there is only one iexplorer.exe which in C:\program files\Internet
Explorer\iexplorer.exe if it in another path it should be deleted.
If you can't delete the file try download this cleaner from here:
http://www.ccleaner.com
HTH
please write back your findings
nass
 
Hi Hank,

Have you run all the antiviral and spyware scans in Safe mode yet? If not,
you may need to do so as many of them will resist detection and removal in
normal mode.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Windows help - www.rickrogers.org
 
Download AUTORUNS from www.sysinternals.com. This will not only show what
apps are auto started, but what HOOKS are in your system, especially in
areas that msconfig does not show, e.g., Browser Helper Objects (BHOs),
Appinit_DLLS, Winlogon, ...

You can always turn on Windows XP Logging, reboot and then later look at the
log to see what is actually started when the system starts.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

UserEnvDebugLevel DWORD 300002

this will create a file under C:\Windows\Debug\UserMode\userenv.log

After you reboot and the loggin has been performed, set the value to 0
 
Oops! Mistakos instead of [exo;prer.ex] it is [explorer.exe], and as Rick
said in Both Safe Mode and Normal Mode but first Safe mode as Some viruses
can resist in normal mode been removed and trick the Anti-virus.
nass


nass said:
Hank said:
Ok so my friend asked me to look at her computer to see if I could
repair it, well turns out she had a lot of viruses on it, some really
nothing some meduim well there is 2 iexplore.exe's running in
taskmanager and I can't stop the process's. I looked everywhere to find
help and so far I got nowhere.

I ran hijack this and came back with a couple of files such as
"Polymorph.dll, dvb03a.dll" that I tried to delete them but they come
back, and not do they only come back I cant find them in the location
hijack this says they are at.

Has anyone had this problem with the iexplore before? Again I tried
autoruns, hijack this, cwshredder, norton anti-virus, a-squared with no
results. I really don't want to reformat the computer. So any advice??

Hi Hank,
To disable the runing apps, do the following open the RUN command and Type:
msconfig then click Ok and on the Start up Tab click on it and uncheck any
refrence for iexplorer.exe [ but not for explorer.exe] and reboot your
machine.
Go to this link and download the removal tools from here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;890830
For scan online go here:here:
http://housecall.trendmicro.com/
http://www.pandasoftware.com
http://www.sophos.com
http://www.nasstec.co.uk/tools.html
For Anti-Adware go here:
http://www.lavasoftusa.com/ ; for SE lavasoft for personal use
http://www.safer-networking.org/ ; for S&D spybot S&D
Please note turn OFF system Restore on your computer.
I think there is only one iexplorer.exe which in C:\program files\Internet
Explorer\iexplorer.exe if it in another path it should be deleted.
If you can't delete the file try download this cleaner from here:
http://www.ccleaner.com
HTH
please write back your findings
nass
 
Ok sorry i took so long in my response. Well the msconfig was my first
tactic, which I ran it again just thinking maybe I missed something,
but I unchecked everything so its not starting up. Then I ran autoruns
yesterday, but ran it again and so far everything seems to be in the
right place. I erased everything that I felt was unsafe.

Here is the real headache, she really does have a lot of misc virus's
running so its hard to determine exactly where these iexplores are
coming from. Today what I will do is download the mircrosoft removal
tool that nass suggested (thats btw) and see where that takes me. Again
I rather not reformat this because I may come to this problem down the
road and I rather have some knowledge in how to remove it instead of
doing the obvious which would be to reformat it.

I will write back tonight and tell you guys where I am at =)

thanks again to everyone who quickly responded if this all works I will
owe you guys a six pack each =)
nass said:
Oops! Mistakos instead of [exo;prer.ex] it is [explorer.exe], and as Rick
said in Both Safe Mode and Normal Mode but first Safe mode as Some viruses
can resist in normal mode been removed and trick the Anti-virus.
nass


nass said:
Hank said:
Ok so my friend asked me to look at her computer to see if I could
repair it, well turns out she had a lot of viruses on it, some really
nothing some meduim well there is 2 iexplore.exe's running in
taskmanager and I can't stop the process's. I looked everywhere to find
help and so far I got nowhere.

I ran hijack this and came back with a couple of files such as
"Polymorph.dll, dvb03a.dll" that I tried to delete them but they come
back, and not do they only come back I cant find them in the location
hijack this says they are at.

Has anyone had this problem with the iexplore before? Again I tried
autoruns, hijack this, cwshredder, norton anti-virus, a-squared with no
results. I really don't want to reformat the computer. So any advice??

Hi Hank,
To disable the runing apps, do the following open the RUN command and Type:
msconfig then click Ok and on the Start up Tab click on it and uncheck any
refrence for iexplorer.exe [ but not for explorer.exe] and reboot your
machine.
Go to this link and download the removal tools from here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;890830
For scan online go here:here:
http://housecall.trendmicro.com/
http://www.pandasoftware.com
http://www.sophos.com
http://www.nasstec.co.uk/tools.html
For Anti-Adware go here:
http://www.lavasoftusa.com/ ; for SE lavasoft for personal use
http://www.safer-networking.org/ ; for S&D spybot S&D
Please note turn OFF system Restore on your computer.
I think there is only one iexplorer.exe which in C:\program files\Internet
Explorer\iexplorer.exe if it in another path it should be deleted.
If you can't delete the file try download this cleaner from here:
http://www.ccleaner.com
HTH
please write back your findings
nass
 
Hank said:
Ok so my friend asked me to look at her computer to see if I could
repair it, well turns out she had a lot of viruses on it, some really

Next time dont let your friend download viruses. Secondly, dont let your
friend install viruses. It's all up to your friend if they want a care
free Pc OR NOT.
 
I've had this crap also.
I've scanned with all of these tools and they didn't find anything:

1) Spy Bot S&D
2) Ad-aware
3) Mcafee
4) Microsoft Anti Spyware (Defender)
5) Trend Micro house call

Finaly I've run Hijack This and used the "delete file on boot" option
to remove the polymorph.dll and artm_new.dll

Another trick is to use regedit and change permissions on registry keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\polymorphreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\artm_newreg

to the actual active user, since the trojan is running as SYSTEM it
will not be able to set the startup hooks.
After setting the permissions delete the content of these two keys (but
not the keys themselves) and reboot. After rebooting delete the files
polymorph.dll and artm_new.dll

God I hate trojans, I would kill the person who wrote this crap with my
bare hands.
 
Back
Top