Registry Entries Change to Jexplore.exe

  • Thread starter Thread starter Gary Smith
  • Start date Start date
G

Gary Smith

IE6 SP1 on Win 2K SP4

Has anyone else seen this? All of the references to IEXPLORE.EXE in the
registry changed to JEXPLORE.EXE. As a result, some things worked and
some didn't. HTML files could not be opening by double-clicking, and
URL-type shortcuts wouldn't open. In both cases, a box would come up
stating that the system could not locate JEXPLORE.EXE. (Hardly
surprising, that.) Anything that invoked IE by its full path continue to
work.

I was able to restore most functionality by editing the registry and
changing every occurrence of JEXPLORE to IEXPLORE, but this isn't a
complete fix or a real solution. Everything I tried came up clean --
AdAware, Spybot S&D, AVG Anti-virus, and Rootkit Revealer. I'll probably
do a complete rebuild of this system, but that will take several days, and
in the meantime I'd really like to know what caused this.

Any ideas?
 
Gary Smith said:
IE6 SP1 on Win 2K SP4

Has anyone else seen this? All of the references to IEXPLORE.EXE in the
registry changed to JEXPLORE.EXE. As a result, some things worked and
some didn't. HTML files could not be opening by double-clicking, and
URL-type shortcuts wouldn't open. In both cases, a box would come up
stating that the system could not locate JEXPLORE.EXE. (Hardly
surprising, that.) Anything that invoked IE by its full path continue to
work.

I was able to restore most functionality by editing the registry and
changing every occurrence of JEXPLORE to IEXPLORE, but this isn't a
complete fix or a real solution. Everything I tried came up clean --
AdAware, Spybot S&D, AVG Anti-virus, and Rootkit Revealer. I'll probably
do a complete rebuild of this system, but that will take several days, and
in the meantime I'd really like to know what caused this.

Any ideas?
Click to expand...

So How Did I Get Infected Anyway?
http://www.wilderssecurity.com/showthread.php?t=27971

Help with Hijackware
All MS - MVP Sites.
http://aumha.org/a/parasite.htm
(http://aumha.org/a/quickfix.htm)
http://www.elephantboycomputers.com/page2.html#Removing_Malware
(http://mvps.org/winhelp2002/unwanted.htm)
(http://inetexplorer.mvps.org/darnit.html)
(http://www.mvps.org/sramesh2k/Malware_Defence.htm)

Unexplained computer behavior may be caused by deceptive software.
http://support.microsoft.com/kb/827315
 
So How Did I Get Infected Anyway?
http://www.wilderssecurity.com/showthread.php?t=27971
Click to expand...
Help with Hijackware
All MS - MVP Sites.
http://aumha.org/a/parasite.htm
(http://aumha.org/a/quickfix.htm)
http://www.elephantboycomputers.com/page2.html#Removing_Malware
(http://mvps.org/winhelp2002/unwanted.htm)
(http://inetexplorer.mvps.org/darnit.html)
(http://www.mvps.org/sramesh2k/Malware_Defence.htm)
Click to expand...
Unexplained computer behavior may be caused by deceptive software.
http://support.microsoft.com/kb/827315
Click to expand...

Thanks for the response, but I was hoping for something more than
generalities. Am I the only one who's ever seen this particular symptom?
 
Gary Smith wrote:

Thanks for the response, but I was hoping for something more than
generalities. Am I the only one who's ever seen this particular symptom?
Click to expand...

Hi Gary,

No, not really. I'm pretty sure it is some kind of malware, but I haven't
seen it before nor could I find any specific removal instructions.

CU

Hans
 
"Thanks for the response, but I was hoping for something more than
generalities. Am I the only one who's ever seen this particular symptom?"

What difference does it make? Remove the infection ASAP, before any more
damage is done to your security and/or privacy, then ask your favorite
anti-malware provider to identify what hit you.
 
Nothing so far has been able to detect an infection, I've tried all of
the usual tools, and everything comes up empty. If I could find anything
to remove, I would. I've tried the scanner at Trend Micro, but it
launches and then doesn't do anything. If you have any ideas for
additional things to try, I'd be happy to hear them. At the moment, I
suspect registry damage by a non-malicious but defective program, but I
have no way to prove or disprove that.


Ted Zieglar said:
"Thanks for the response, but I was hoping for something more than
generalities. Am I the only one who's ever seen this particular symptom?"
Click to expand...
 
Gary Smith said:
Nothing so far has been able to detect an infection, I've tried all of
the usual tools, and everything comes up empty. If I could find anything
to remove, I would. I've tried the scanner at Trend Micro, but it
launches and then doesn't do anything. If you have any ideas for
additional things to try, I'd be happy to hear them. At the moment, I
suspect registry damage by a non-malicious but defective program, but I
have no way to prove or disprove that.
Click to expand...

Have you gotten any response from the forum where you posted your Hijack
This log? (Don't post it here, we don't have the expertise to analyze it.)
 
Have you gotten any response from the forum where you posted your Hijack
This log? (Don't post it here, we don't have the expertise to analyze it.)
Click to expand...

Not yet.
 
Back
Top