IEXPLORE.EXE virus [Archive] - Glock Talk

PDA

View Full Version : IEXPLORE.EXE virus


jolt8me
09-18-2008, 23:58
I got hit with a virus. Its supposed to look like a virus scanner and tells you that you have this many viruses on your computer and to but their software to fix it. Along with the pop up it changes your background and screen saver to make it appear that you have a virus. Along with that it also Hijacks your browser and points it to weird places "like yellow book". Well I fixed almost everything and i am pretty sure i got rid of the virus. Now when i boot up i have "IEXPLORE.EXE" running on bootup. I know its supposed to look like internet explorer but its not. I am pretty sure this is the browser hijack componet of the virus. Any ideas on how to get rid of this process? I have ran virus scanners up the butt and have come back with nothing.

d3athp3nguin
09-19-2008, 04:38
REFORMAT!

(sorry, reflex response to anyone hit with a Windows virus.)

If you have run lots of 3rd party apps like Smitfraudfix, AdAware, Spybot... and your AV client doesn't work, then it may be easier to simply try a reinstall of Windows. I don't mean to discourage your virus removal efforts, but I have encountered a number of Windows viruses that ravage one's computer beyond repair once they get as far as changing your desktop backgroud. I've seen some that deny you privileges to run in safe mode!

Sounds like that one is using a rootkit to hide itself. Trying to remember any good ways aside from the above to yank out those rootkits...

jolt8me
09-19-2008, 05:35
haha reformat. Thats the blanket answer from tech support. Sadly, I think i might have to do that if I Cant get rid of it.

citori59
09-19-2008, 05:43
I had a similar problem a few weeks ago. The security stuff my broadband provider didn't stop it and couldn't find it and spybot was useless. I tried something called stopzilla (www.stopzilla.com) and it found 181 viruses, spyware, malware, etc. For 20 bucks my computer was fixed and is running better than it ever has.

srhoades
09-19-2008, 07:48
Combofix, and then smitfraud fix. Don't worry if the background is still all whack, just change it as normal when all is done.

Tinamil
09-19-2008, 08:00
There are several free and very good utilities to run that will clean up your computer.

Spyware Cleanup, run all 3 if you are currently infested, just keep running and restarting your computer over and over until it comes up clean from all 3 applications:
Windows Defender (http://www.microsoft.com/windows/products/winfamily/defender/default.mspx)
Ad-aware (http://www.download.com/Ad-Aware-2008/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5&cdlPid=10844457)
Spybot S&D (http://www.safer-networking.org/en/mirrors/index.html)

Antivirus, pick one:
AVG (http://free.avg.com/)
Avast! (http://www.avast.com/eng/download-avast-home.html)
ClamWin (http://www.clamwin.com/)

kahrguy
09-19-2008, 08:30
I had bad experience with (www.stopzilla.com) I was unable to uninstall it
with out buying it,had to go to system restore to do it.

jolt8me
09-19-2008, 22:55
I am pretty sure i got rid of it. Everything seems to be working fine now. The only one that was able to find it was Malwarebytes, Everything else missed it. For future reference for other people, these are the files missed by everything else.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent)
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent)
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent)
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent)
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent)
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent)
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent)
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent)