Author Topic: iexplore.exe virus/trojan: questions  (Read 9302 times)

0 Members and 1 Guest are viewing this topic.

elaqure

  • Guest
iexplore.exe virus/trojan: questions
« on: July 12, 2010, 03:59:32 PM »
Hello.

Last night I was surfing the internet and my computer began acting strangely.  I began hearing sounds that internet explorer uses as well as getting pop ups from the web browser and hearing ads playing in the background.  I don't use internet explorer so this worried me.  I did lots of searching online and found that I had become the proud owner of a shiny new trojan/worm or some such that hijacks iexplore.exe and uses it for it's own nasty purposes. 

I did lots of registry cleaning and malware killing in the early hours of the morning and couldn't seem to get rid of the thing (I was surprised that avast didn't catch it in the first place).  Ultimately, I wound up inadvertently deleting some core windows components causing me to have to reinstall the OS. 

My question is this:  I deleted my windows partition and formatted my C drive via the Windows XP setup disk this morning (or am in the process of doing so now).  Is there anything I need to do to ensure that the trojan doesn't jump from my old install of XP to the new one?  Are there any steps I can take to make sure this won't happen?  Are there any suggestions at all out there that can help put my mind at ease? 

I would appreciate any kind of information that anyone can give me.

Thanks in advance...:D

Jtaylor83

  • Guest
Re: iexplore.exe virus/trojan: questions
« Reply #1 on: July 12, 2010, 05:31:26 PM »
Sounds you had the case of a "Black Internet" trojan (Win32:Cycler). When there's the Black Internet Trojan, there's also a bootkit (Unknown Boot Code) which makes your computer unbootable.

To prevent this is getting to get a third-party firewall or Avast Internet Security.

We may want to check your computer for the bootkit.

    * Download bootkit_remover.rar
    * Click the underlined DOWNLOAD text to download the file and save it to your Desktop.
    * You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip or Peazip
    * After extracing remover.exe to your Desktop, double click the remover.exe file to run the program.
    * Attach or post inline here, the output from remover.exe


elaqure

  • Guest
Re: iexplore.exe virus/trojan: questions
« Reply #2 on: July 12, 2010, 06:25:00 PM »
Thanks so much for the quick reply.  I am currently in the process of installing XP and still have another hour or so to go till it is done.  I will do as instructed as soon as that is done. 

Also, I had Avast and Zone Alarm running at the time that I managed to contract this horrible thing. 

I'll upload the report from remover.exe here when I am finally able to run it and we can go from there...

elaqure

  • Guest
Re: iexplore.exe virus/trojan: questions
« Reply #3 on: July 12, 2010, 07:53:16 PM »
I have one other technical question...I'm in the process of installing Windows XP SP2 and it seems to be stuck on the "Installing Devices" portion of the Installing Windows bullet point.  It has been installing devices since I got up at 11:30 or so (I got up at ~8:30 to completely format a 160 GB HD, then install windows. Then I went back to sleep.).  Since I got up this morning, it has been stuck on the Devices step and has said that only 33 minutes are left in the installation.  THe wonderful Windows ads that tell you how great XP is going to be are still cycling and the little boxes that indicate that it is working are moving at the bottom right of the screen.  My HD busy light on my case is also blinking red periodically.

I may just be paranoid, but I wanted to see if anyone knew whether there was a possibility of it being frozen in the installation process or whether I should give it more time (I tend to be a worry wart about things).

Any information would be appreciated, I'm always keen on learning new things about computers...the more I can learn, the less I have to bother you guys...:D

Thanks again!

Jtaylor83

  • Guest
Re: iexplore.exe virus/trojan: questions
« Reply #4 on: July 12, 2010, 09:24:37 PM »
Windows XP is very old and it's probably time to get a new computer with Vista or Windows 7. You can stay with Windows XP if you want. But by April 2014, Microsoft will end its' extended support for XP, and it will be time to invest into a new Windows OS.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: iexplore.exe virus/trojan: questions
« Reply #5 on: July 12, 2010, 09:29:50 PM »
Hi Jtaylor83,

Until that date the users gets full support and with SP3 installed the user still can use it, if he is apt enough to make his OS more secure... What if we would advise all users here to switch to Windows 7 SP1 beta (just out to-day) because Microsoft did not fully patch the autorun hole in previous operational systems, and calls every unpatched bug a feature. Do not only criticize the common user but also the corporation that puts him/her/it in that position...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: iexplore.exe virus/trojan: questions
« Reply #6 on: July 12, 2010, 09:37:55 PM »
Would agree with the Black Internet trojan - so far that bypasses all antivirus programmes

I do have a tool that will remove the MBR problem as that will not be removed by a reinstall unless you fully reformat the drive. However, to use it you must run it from windows

The operating system generally is only as secure as the user  ;D

Never yet had an unintenional virus or malware since windows 95

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: iexplore.exe virus/trojan: questions
« Reply #7 on: July 12, 2010, 09:44:46 PM »
Hi essexboy,

You must be a happy person, my friend, I did only find some spyware cookies in my wife's browser cache since I joined these here forums, so I can join that happy crowd, and what you say about users it is so right,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

elaqure

  • Guest
Re: iexplore.exe virus/trojan: questions
« Reply #8 on: July 12, 2010, 10:18:17 PM »
Hey all!

Thanks for all the feedback!

@Jtaylor83:  I ran the remover.exe, but it didn't output anything.  It said the MBR status was "OK  (DOS/Win32 Boot code found)"  <--in green.  Does that sound alright?  I'm also planning on getting Windows 7 at my EARLIEST convenience.  I am between jobs at the moment, so that makes it difficult to feasibly spend that much on a new operating system.  Rest assured, however, that I DO plan on upgrading soon!

@essexboy:  I had wound up reformatting my main drive twice fully before Windows would install again!

So far, iexplore.exe has not come back.  I'm not sure whether the problem is fixed, but it is gone at the moment.  Are there any opinions out there as to whether it is gone for good?  Are there any extra steps I need to take in order to protect myself?

I plan on downloading avast and zone alarm again (as they worked well before). 

Also, I have a second internal hard drive that no temp files or windows system files are stored on.  Scans with malwarebytes, trojan hunter, and superantispyware turned up negative on that drive.  Is it safe to assume that it is clean or should I take extra steps before reconnecting it to my computer?

Thanks again to everyone who responded...I really appreciate the help!


Jtaylor83

  • Guest
Re: iexplore.exe virus/trojan: questions
« Reply #9 on: July 13, 2010, 12:38:21 AM »
Be sure to keep your PC is up to date with Secunia PSI.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: iexplore.exe virus/trojan: questions
« Reply #10 on: July 13, 2010, 01:22:44 AM »
Hi Jtaylor83

But sometimes you really wonder what they do: https://connect.microsoft.com/VisualStudio/feedback/details/523272/combobox-does-not-display-selectedvalue-to-user-in-windows-7
Autocomplete bug for this is not present in Windows eXPerience, but in the newer W7 it suddenly re-appeared.
How about progression in security there? Well autocomplete was never really patched:
search on google for AutoComplete+Bug&ie=utf-8&oe=utf-8&aq=t

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: iexplore.exe virus/trojan: questions
« Reply #11 on: July 13, 2010, 02:37:12 AM »
Autocomplete bug for this is not present in Windows eXPerience, but in the newer W7 it suddenly re-appeared.
Eh eh ;D

Well autocomplete was never really patched:
How does it work, I mean the virus, what does it do?
The best things in life are free.