IEXPLORE.EXE Problem

heartsfan · #1 October 14th, 2007, 05:27 PM

On my Task Manager I have the process IEXPLORE.EXE (I know this is Internet Explorer .... but I don't have this running) - If I End Task it will kill it then it will reappear in about 2 seconds!!!

I have searched my PC for IEXPLORE.EXE and I only have one ... at the usual place of C:\Program Files\Internet Explorer

I even tried moving this file but a new one just appears in this folder!!

I have searched the net for this problem but I have found nothing that helps.

I have scanned using:

Nod32 Antivirus
AdAware
AVG Anti-Spyware
Spybot S&D
MS Malicious Software Tool
Trojan Hunter

But alas ... NOTHING is found!!!

I also have SpywareBlaster.

I have checked Services but nothing in there that shouldn't be running .... also checked startup programs but again nothing in there that shouldn't be running!!!!

Anyone have any ideas whats going on ..... I am pulling my hair out!!!

Metting · #2 October 14th, 2007, 06:50 PM

Most probably you have a Trojan which hijacked iexplorer.exe and launched it to connect to Internet.

Whenever you kill iexplorer.exe the Trojan will restart it again.

One of the most famous Trojans which do this is "Biforse" family.
Some members of Biforse family use a hidden processes "rootkit behavior"

I recommend a full scan with SuperAntispyware
www.superantispyware.com

If nothing found I recommend Rootkit Scanners
Also Unhackme may help in this matter.

Perman · #3 October 14th, 2007, 07:00 PM

Hi, folks: In addition to Metting's suggestion, you may want to try BoClean, the reason being; You have TH and AVG AS, both's scanners failed to detect this trojan, how about their real time guards ? BoClean's memory scanner will detect any trojan's execution and hopefully stops it right there. Did your FW's application control and its outbound control alert you anything ? Good luck.

heartsfan · #4 October 14th, 2007, 07:31 PM

Thanks Metting!

Unhackme done the trick - it cleared a file in C:\Windows called vchost.exe

And the iexplore.exe is gone.

Metting · #5 October 15th, 2007, 01:37 AM

Congratulations

Just to satisfy my curiosity did you scan with SuperAntiSpyware ?

If yes, did it find any thing ?

aigle · #6 October 15th, 2007, 03:19 AM

Quote:

Originally Posted by Metting

Most probably you have a Trojan which hijacked iexplorer.exe and launched it to connect to Internet.

Whenever you kill iexplorer.exe the Trojan will restart it again.

One of the most famous Trojans which do this is "Biforse" family.
Some members of Biforse family use a hidden processes "rootkit behavior"

I recommend a full scan with SuperAntispyware
www.superantispyware.com

If nothing found I recommend Rootkit Scanners
Also Unhackme may help in this matter.

Nice advice Metting!
BTW I have sent u a PM.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search