Author Topic: Virus/And Malware (Read 4341 times)

hines232 · « **on:** April 23, 2008, 08:21:51 PM »

I have checked out the sight's given to me by you fine Gentleman and am throughly confused. (How to get rid of "lexplore.exe.(l)small "L". all wan me to down load there software to check for Trojans/malware etc. I have Avast 4.8, (home free), Superantispyware (free), SpywareBlaster (free). Why are these software applications not catching "lexplore.exe", and nether did (AVG. no longer). I do not want to download and install more things on my system than I half too. seems redundant, and still have "lexplore.exe". It is slowing down my system, and eating up my resource's. Simple, Why has none of the above caught it in the first place

Spiritsongs · « **Reply #1 on:** April 23, 2008, 09:19:08 PM »

Hi Hines :

What you have is NOT easily detected and resolved by a FREE Security
program ; the Site that "oldman" referred you to has MANUAL REMOVAL
INSTRUCTIONS :
"MANUAL REMOVAL INSTRUCTIONS

Terminating the Malware Program

This procedure terminates the running malware process.

Open Windows Task Manager.
» On Windows 95, 98, and ME, press
CTRL+ALT+DELETE

In the list of running programs*, locate the process:
Lexplore.exe
Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.

--------------------------------------------------------------------------------
*NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.
Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing at startup.

Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Lexplore.exe = "Lexplore.exe"
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices
In the right panel, locate and delete the entry:
Lexplore.exe = "Lexplore.exe"
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Ole
In the right panel, locate and delete the entry:
Lexplore.exe = "Lexplore.exe"
Close Registry Editor.

--------------------------------------------------------------------------------
NOTE: If you were not able to terminate the malware process as described in the previous procedure, restart your system. "

Have you tried to follow these Instructions ? IF you did and was
unsuccessfully, the "Instructions" recommend you then use the
FREE program called "Process Explorer", available from
www.microsoft.com/technet/sysinternals/Security/ProcessExplorer.mspx .

IF you need help using that program, you can ask for help on
THEIR Support Forum at
http://forum.sysinternals.com/forum_topics.asp?FID=2 ;
within that Forum is the "Topic" , "Process Explorer guide for newbies"
which you would find very helpful .

DavidR · « **Reply #2 on:** April 23, 2008, 11:42:39 PM »

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here.
I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.

If multiple scanners detect it then you should send it to avast for analysis.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

hines232 · « **Reply #3 on:** April 24, 2008, 12:43:18 AM »

Thank You. I just did a (cntl/alt/Del) Lexplorer.exe. not showing. Now read this carefully, At times when I either want to do a restart, or shutdown(and I chose eather, I get the window end/cancel/wait. I then do a CNTL/ALT/DEL, and taskrunning shows lexplore.exe not responding !!.(NOT (L)explore.exe. If I then give it a end task/wait/cancel!!!!! BSOD. Can not send you or any one nothing , shut down/restart it's gone. I will try "process explorer" next. Remember it is lexplore.exe, not "Lexplore.exe" and continue with the rest of your suggestion.

Quote from: Spiritsongs on April 23, 2008, 09:19:08 PM

Hi Hines :

What you have is NOT easily detected and resolved by a FREE Security
program ; the Site that "oldman" referred you to has MANUAL REMOVAL
INSTRUCTIONS :
"MANUAL REMOVAL INSTRUCTIONS

Terminating the Malware Program

This procedure terminates the running malware process.

Open Windows Task Manager.
» On Windows 95, 98, and ME, press
CTRL+ALT+DELETE

In the list of running programs*, locate the process:
Lexplore.exe
Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.

--------------------------------------------------------------------------------
*NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.
Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing at startup.

Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Lexplore.exe = "Lexplore.exe"
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices
In the right panel, locate and delete the entry:
Lexplore.exe = "Lexplore.exe"
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Ole
In the right panel, locate and delete the entry:
Lexplore.exe = "Lexplore.exe"
Close Registry Editor.

--------------------------------------------------------------------------------
NOTE: If you were not able to terminate the malware process as described in the previous procedure, restart your system. "

Have you tried to follow these Instructions ? IF you did and was
unsuccessfully, the "Instructions" recommend you then use the
FREE program called "Process Explorer", available from
www.microsoft.com/technet/sysinternals/Security/ProcessExplorer.mspx .

IF you need help using that program, you can ask for help on
THEIR Support Forum at
http://forum.sysinternals.com/forum_topics.asp?FID=2 ;
within that Forum is the "Topic" , "Process Explorer guide for newbies"
which you would find very helpful .

hines232 · « **Reply #4 on:** April 24, 2008, 12:48:45 AM »

Thanks. Can not catch or trap it to do anything !!!BSOD If i try anything.

Quote from: DavidR on April 23, 2008, 11:42:39 PM

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here.
I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.

If multiple scanners detect it then you should send it to avast for analysis.
Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

hines232 · « **Reply #5 on:** April 26, 2008, 02:02:50 AM »

Quote from: Spiritsongs on April 23, 2008, 09:19:08 PM

Hi Hines :

What you have is NOT easily detected and resolved by a FREE Security
program ; the Site that "oldman" referred you to has MANUAL REMOVAL
INSTRUCTIONS :
"MANUAL REMOVAL INSTRUCTIONS

Terminating the Malware Program

This procedure terminates the running malware process.

Open Windows Task Manager.
» On Windows 95, 98, and ME, press
CTRL+ALT+DELETE

In the list of running programs*, locate the process:
Lexplore.exe
Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your system.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.

--------------------------------------------------------------------------------
*NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.
Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing at startup.

Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Lexplore.exe = "Lexplore.exe"
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices
In the right panel, locate and delete the entry:
Lexplore.exe = "Lexplore.exe"
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>Ole
In the right panel, locate and delete the entry:
Lexplore.exe = "Lexplore.exe"
Close Registry Editor.

--------------------------------------------------------------------------------
NOTE: If you were not able to terminate the malware process as described in the previous procedure, restart your system. "

Have you tried to follow these Instructions ? IF you did and was
unsuccessfully, the "Instructions" recommend you then use the
FREE program called "Process Explorer", available from
www.microsoft.com/technet/sysinternals/Security/ProcessExplorer.mspx .

IF you need help using that program, you can ask for help on
THEIR Support Forum at
http://forum.sysinternals.com/forum_topics.asp?FID=2 ;
within that Forum is the "Topic" , "Process Explorer guide for newbies"
which you would find very helpful .

Looks like thing's are going from bad to worse for me. I am trying your procedure for removing my "lexplore.exe". got to run "regedit" and no regedit !!! I think while testing some registry programs, i accidentally deleted "regedit". can you tell me where to go to restore it for windows ME, if it can be restored. thanks

Poll

Where to begin !!!!

Author Topic: Virus/And Malware (Read 4341 times)

hines232

Virus/And Malware

Spiritsongs

Re: Virus/And Malware

DavidR

Re: Virus/And Malware

hines232

Re: Virus/And Malware

hines232

Re: Virus/And Malware

hines232

Re: Virus/And Malware