Author Topic: IEXPLORE.exe run by system (Read 8219 times)

airgear2003 · « **on:** November 14, 2007, 06:22:24 AM »

is this a virus ? if so pls tell how to clear it ,thx

DavidR · « **Reply #1 on:** November 14, 2007, 03:10:41 PM »

There is no way to tell from this image.

Though IEXPLORE.EXE is the internet explorer file name, it seems strange to me that it is running under System and not a user name. If I open IE it is listed in Task Manager under 'my' user name (as the other occurrence of it is in your image), so there 'might' be something strange going on.

However, as IE is also an integral part of the OS I don't know if there might be a legit reason for it running under System. There are other processes also running legitimately under System such as ashServ.exe (avast Standard Shield).

I would do a search of your system for occurrences of iexplore.exe and report where they are found, usually it is in the C:\Program Files\Internet Explorer or C:\WINDOWS\ServicePackFiles\i386 folders. If it is in another location it could be suspect and you should upload it to VirusTotal - Multi engine on-line virus scanner and report the findings.

sanctuary24 · « **Reply #2 on:** November 14, 2007, 03:20:19 PM »

I think I saw something about a virus using that exact IEXPLORE name I will try and find it for you

edit: Someone said it could be this w32.Funner.worm heres a link http://vil.nai.com/vil/content/v_128750.htm, it may not be it but something to look into while I search some more

Here is 5 found by trend micro one of them could be it http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=q&virus=IEXPLORE%2EEXE&alt=IEXPLORE%2EEXE&Sect=SA the top search entry even mentions process injection like you said

(if the above link doesnt work just visit http://www.trendmicro.com/vinfo and search IEXPLORE.EXE)

airgear2003 · « **Reply #3 on:** November 16, 2007, 04:47:02 PM »

thx to u 2 for helping me to solve ths problem
btw....david...i cant found out where is it locate
and....sanctuary24...i had tried the solution ...but...I see nth in the 3rd step for Removing Autostart Entries from the Registry

DavidR · « **Reply #4 on:** November 16, 2007, 05:20:45 PM »

How did you try to find it ?

Open windows Explorer, click on the C:\ drive and click the magnifying class icon and click All files and folders, then enter the iexplore.exe and click search. You should find at least one occurrence otherwise IE wouldn't work.

Nor would you get the firewall occurrence for the file.

Ensure that you have hidden files and folders enabled, etc.

airgear2003 · « **Reply #5 on:** November 17, 2007, 06:02:42 AM »

ok....here is my search result

so...what the next?

oldman · « **Reply #6 on:** November 17, 2007, 06:14:12 AM »

you should search for iexplore.exe

Open the Folder Options in the Control Panel. On the View tab make sure Show Hidden Files and Folders is checked and Hide Protected Operating System Files and hide known extentions are not checked. Click OK.

You can then submit each to virustotal at the link DavidR gave you.

Author Topic: IEXPLORE.exe run by system (Read 8219 times)

airgear2003

IEXPLORE.exe run by system

DavidR

Re: IEXPLORE.exe run by system

sanctuary24

Re: IEXPLORE.exe run by system

airgear2003

Re: IEXPLORE.exe run by system

DavidR

Re: IEXPLORE.exe run by system

airgear2003

Re: IEXPLORE.exe run by system

oldman

Re: IEXPLORE.exe run by system