iexplore.exe

2009-12-26 13:24:51

#1

justice: OctoPoster; +978|7000|OctoLand

I'm trying to clean up my sisters laptop for her, she's fucked it up pretty badly, there some sort of trojan on here that's making a process called "iexplore.exe" use 300,000 k of memory, and every time I'm ending the process it just starts back up 3 mins later.

I've uninstalled IE and deleted all files to do with it, searched for all files "iexplore" and deleted them, ran multiple scans which doesnt pick anything up, and I've googled my ass off. Nothing will stop it.

So any ideas from you guys?

I know fucking karate

2009-12-26 13:30:12

#2

Finray: Hup! Dos, Tres, Cuatro; +2,629|6047|Catherine Black

Magnets.

Spoiler (highlight to read):
Format and reinstall.

2009-12-26 13:47:10

#3

alexb: <3; +590|6199|Kentucky, USA

Finray wrote:
Format and reinstall.

No.

Boot into safe mode, then run Autoruns, and disable the process and anything else shady:

http://technet.microsoft.com/en-us/sysi … 63902.aspx

Last edited by alexb (2009-12-26 13:47:53)

2009-12-26 14:27:46

#4

justice: OctoPoster; +978|7000|OctoLand

Can't format because I'll lose all her picstures and shit which I cant be bothered to back up for her....autoruns didnt find the process.

I know fucking karate

2009-12-26 22:08:35

#5

Phrozenbot: Member; +632|6875|do not disturb

No anti-virus is detecting anything? If you do indeed have a trojan, a rootkit may be hiding something. Rootkit Revealer might help. Remember it will probably pick up legit rootkits as well that sometimes anti-virus software use, but in your case you probably want to remove them all. If it's a success, you're anti-virus should detect the trojan and delete it. Hopefully it won't somehow revive itself because rootkits usually ensure it's not going away unless you reformat.

2009-12-27 00:35:20

#6

Benzin: Member; +576|6258

Sounds like what you need to do is actually take the time and help backup your sister's stuff...

2009-12-27 01:01:29

#7

Cheez: Herman is a warmaphrodite; +1,027|6698|King Of The Islands

Safe Mode + http://freedrweb.com/

My state was founded by Batman. Your opinion is invalid.

2009-12-27 08:31:32

#8

steelie34: pub hero!; +603|6640|the land of bourbon

you can't uninstall internet explorer... i'm curious as to how you went about doing that?

https://bf3s.com/sigs/36e1d9e36ae924048a933db90fb05bb247fe315e.png

2009-12-27 08:47:48

#9

mikkel: Member; +383|6860

justice wrote:
Can't format because I'll lose all her picstures and shit which I cant be bothered to back up for her....autoruns didnt find the process.

You're worried about losing data, but you won't back it up despite the machine storing it being infected with something? Seriously, just do the damned backup and reinstall the system.

steelie34 wrote:
you can't uninstall internet explorer... i'm curious as to how you went about doing that?

You /can/ actually remove most of it with a lot of patience and dark magic, but the system will be hugely unstable. I tried it once, and pretty much everything generated errors.

2009-12-27 09:20:01

#10

King_County_Downy: shitfaced; +2,791|6856|Seattle

malwarebytes scan
Spysweeper w/ antivirus scan
start - run - MRT <enter>
start - run - SFC /scannow <enter>
Then I dunno...

Sober enough to know what I'm doing, drunk enough to really enjoy doing it

2009-12-27 10:32:54

#11

jsnipy: ...; +3,277|6782|...

mikkel wrote:
justice wrote:
Can't format because I'll lose all her picstures and shit which I cant be bothered to back up for her....autoruns didnt find the process.
You're worried about losing data, but you won't back it up despite the machine storing it being infected with something? Seriously, just do the damned backup and reinstall the system.

steelie34 wrote:
you can't uninstall internet explorer... i'm curious as to how you went about doing that?
You /can/ actually remove most of it with a lot of patience and dark magic, but the system will be hugely unstable. I tried it once, and pretty much everything generated errors.

this and /thread

2009-12-27 16:55:38

#12

justice: OctoPoster; +978|7000|OctoLand

Sorry, should have said I resolved this.
Found more of the files related to the virus in the sys32 folder, which I deleted without having any adverse effect on the system, so problem solved. Thanks for the suggestions.

I know fucking karate

2009-12-27 16:58:04

#13

Finray: Hup! Dos, Tres, Cuatro; +2,629|6047|Catherine Black

justice wrote:
Sorry, should have said I resolved this.
Found more of the files related to the virus in the sys32 folder, which I deleted without having any adverse effect on the system, so problem solved. Thanks for the suggestions.

Backup, reformat, educate her on where to get porn.

2009-12-27 23:32:14

#14

Benzin: Member; +576|6258

Perhaps install a firewall, create a second user account with a password lock titled Administrator and switch her user name to not be an administrator.

2009-12-28 05:18:38

#15

CosmoKramer: CC you in October; +131|6878|Medford, WI

King_County_Downy wrote:
malwarebytes scan
Spysweeper w/ antivirus scan
start - run - MRT <enter>
start - run - SFC /scannow <enter>
Then I dunno...

i believe the next two steps are
....
profit???

2009-12-28 13:45:02

#16

killer21: Because f*ck you that's why.; +400|6850|Reisterstown, MD

justice wrote:
Sorry, should have said I resolved this.
Found more of the files related to the virus in the sys32 folder, which I deleted without having any adverse effect on the system, so problem solved. Thanks for the suggestions.

That doesn't mean that it still isn't on the pc. It very well could be in the registry.

2009-12-28 16:04:02

#17

Kurazoo: Pheasant Plucker; +440|6943|West Yorkshire, U.K

Stop being lazy and back up her files, in the long run it will probably be quicker to format and reinstall the OS. Then you will be sure that all viruses have been destroyed.

2009-12-29 23:06:50

#18

wiru-will: o<| :3; +13|6258|wat

- Back up her files on a formatted external disk.
- Scan contents of disk with a clean, secure machine. (Run a trial edition of NOD32 if you don't have anything good.)
- Format and reinstall Windows (or maybe even install Ubuntu) on laptop.
- Put checked files back on her laptop.
- If Windows, install Avira AntiVir Free.
- EDUCATE.

2009-12-30 05:28:08

#19

steelie34: pub hero!; +603|6640|the land of bourbon

wiru-will wrote:
- Back up her files on a formatted external disk.
- Scan contents of disk with a clean, secure machine. (Run a trial edition of NOD32 if you don't have anything good.)
- Format and reinstall Windows (or maybe even install Ubuntu) on laptop.
- Put checked files back on her laptop.
- If Windows, install Avira AntiVir Free.
- EDUCATE.

step 2 is unnecessary if you are going to do step 3.

BF2S Forums iexplore.exe

Finray wrote:

justice wrote:

steelie34 wrote:

mikkel wrote:

justice wrote:

steelie34 wrote:

justice wrote:

King_County_Downy wrote:

justice wrote:

wiru-will wrote:

Board footer