Author Topic: Trojan-gen in iexplorer.exe  (Read 10233 times)

0 Members and 1 Guest are viewing this topic.

Lonny Jones

  • Guest
Trojan-gen in iexplorer.exe
« on: June 13, 2004, 02:08:08 AM »
Hi all

Trojan-gen in iexplorer.exe
WIN32: Trojan-gen.{UPX!}

Im helping someone, probaly to late to get you involved in it but
for my information how would you suggest replacing  the exe ?
Acast makes a snapshot if i remember correcty of system files, could it have been used to replace iexplorer.exe ?


apparently the real one
C:\Program Files\Internet Explorer\IEXPLORE.EXE



Trend (online) says its
TROJ GEMA.A

CA's online see nothing

later RAV Online was used and it see's
C:\Program Files\Internet Explorer\iexplorer.exe -
TrojanDownloader:Win32/Crypter -> Infected

Hihackthis has been ran >>
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

all thats visible was (I think)
O4 - HKLM\..\Run: [Imagemgt32] c:\winnt\system32\imagemgt32.exe
we fixed it but when looking for it to delete it didnt exist.
Post is here if you care to look
http://www.windowsbbs.com/showthread.php?t=31539

Thanks

softwareguy

  • Guest
Re:Trojan-gen in iexplorer.exe
« Reply #1 on: June 13, 2004, 02:13:56 AM »
If VRDB was generated prior the infection, then IEXPLORE.EXE could be repaired by clicking repair on the Avast detection dialog.
If not, then you might want to try generic cleaning.

I don't have experience with this trojan but I guess peeps from the virus and worms subforum could help on on this.

allawrence

  • Guest
Re:Trojan-gen in iexplorer.exe
« Reply #2 on: June 13, 2004, 02:28:49 AM »
If VRDB was generated prior the infection, then IEXPLORE.EXE could be repaired by clicking repair on the Avast detection dialog.
If not, then you might want to try generic cleaning.

I don't have experience with this trojan but I guess peeps from the virus and worms subforum could help on on this.

Clicking repair was unsuccessful...

softwareguy

  • Guest
Re:Trojan-gen in iexplorer.exe
« Reply #3 on: June 13, 2004, 02:32:24 AM »
If repair doesn't work for you, that means either the VRDB was not compiled or the VRDB does not contain the valid information for your file(s).

Same person? ???

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Trojan-gen in iexplorer.exe
« Reply #4 on: June 13, 2004, 09:45:16 AM »
May i jump in here...

Lonny Jones has program named: IEXPLORER.EXE

Real Internet Explorer executable is named IEXPLORE.EXE

Notice that extra "R" letter? Its a very nasty trick wich is widely used in these days,especially for spyware files. Thats why he cannot repair it. Just delete it since its classified as trojan which is not a file infector.
« Last Edit: June 13, 2004, 09:46:16 AM by RejZoR »
Visit my webpage Angry Sheep Blog

softwareguy

  • Guest
Re:Trojan-gen in iexplorer.exe
« Reply #5 on: June 13, 2004, 09:52:18 AM »
Nice eye ya got there...
I always made the same mistake with the "r", since explorer.exe has a "r" as a suffix. So i + explorer.exe = iexplorer.exe ;D

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Trojan-gen in iexplorer.exe
« Reply #6 on: June 13, 2004, 09:55:38 AM »
I was working pretty long on social engineering tricks,especially for spyware so i know most of the naming tricks ;)
Visit my webpage Angry Sheep Blog

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Trojan-gen in iexplorer.exe
« Reply #7 on: June 13, 2004, 09:56:40 AM »
AFAIK iexplorer.exe is most often one of the RapidBlaster variants (adware).
If at first you don't succeed, then skydiving's not for you.

Lonny Jones

  • Guest
Re:Trojan-gen in iexplorer.exe
« Reply #8 on: June 13, 2004, 11:20:30 AM »
thanks guys.

dam dont i feel the fool :) extra R

He had deleted it proir to me posting with a move on reboot tool, but once back in windows it was recreated again.

I'll let you know what develops.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re:Trojan-gen in iexplorer.exe
« Reply #9 on: June 13, 2004, 04:06:41 PM »
It may be hiding in system restore (_restore file in XP), but this is 'Last Good Configuration' or something in win2000.

You will have to find a way to disable that (I don't use win200, so no help there), scan with avast and or remove iexplorer.exe. reboot, scan and confirm clean and enable last good configuration.

HTH David
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

softwareguy

  • Guest
Re:Trojan-gen in iexplorer.exe
« Reply #10 on: June 13, 2004, 06:42:22 PM »
The trojan might have reinstalled itself with another startup item.
Check for computer for spyware then try deleting this file from your computer.
If the file is in the _restore folder as DavidR mentioned, you will have to disable your System Restore feature before you could delete the file properly.