Strange c:\iexplore.exe

Discussion in 'malware problems & news' started by Keyz316, Sep 15, 2002.

Thread Status:
Not open for further replies.
  1. Keyz316

    Keyz316 Registered Member

    Joined:
    Sep 15, 2002
    Posts:
    5
    Hey all -

    I'm demoing TDS-3 at the moment, and as a result found this excellent forum :D

    Anyhow - I noticed recently that there is a file in my root C: directory (Windows 2000 pro) that I could almost swear I've never seen there before.... it's named iexplore.exe and it's 0 bytes, and was created Sept 2nd..... Norton AV 2002, TDS-3, and Wormguard all say it's nothing... and my Zone Alarm hasn't cried foul concerning it. Since it's 0 bytes it seems it would be harmless anyhow - but I'm terribly curious how it got there and/or if it's perhaps supposed to be there after all.

    Anyhow, thanks... and I look forward to all that I'm sure to learn here on this forum :D

    Peace.
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Not any ideas what caused it on that date?
    Are you sure it is really empty, and not containing NTFS streams for instance? With TDS update database and scan with the options for the streams all checked.
    What they exactly could mean in in the additional helpfile and DCS has a whole web page about them (in the "alerts&reports" section)

    Are there more 0-size files on your system?
    Like notepad, wordpad, rundll and the kind?
    What can happen, you are in a directory, for instance here the root and try to start a program which for some reason doesn't work that moment. Windows creates in such cases too often a file with that name it is trying to start with a size 0, not alsways, but those files can be confusing as we neer know if they are really 0 and harmless or could contain hidden streams on a 2000/NT/XP system. On win98 / winME those hidden streams don't excist, but it's always good to have a look at them anyway and try to remember/ understand where they might have come from.
    If there are also no hidden streams, be sure it's just deletable.
     
  3. Keyz316

    Keyz316 Registered Member

    Joined:
    Sep 15, 2002
    Posts:
    5
    My system passes TDS's "Full System Scan" which I tried to configure exactly like the tutorial in the other forum category.... is there anything I should do to be absolutely certain that it is checking for those streams?
    No there doesn't seem to be other 0 byte files (wordpad, notepad, etc)

    Thanks!
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    In the scan controle check all the options and in the bottom left button there are a few more options to configure the NTFS checking; i would not check the "ignore smaller then...." option in this case :)
    I just checked and found a few 0-size files too on my win98se system, so on that there can't be streams, and i think you can be pretty sure there is nothing wrong with this IExplorer.exe of yours either.
    Do you locate any other files with streams added, like i read in some places various virus scanners have the habit to do, to name an example?
     
  5. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    A 0 byte file can be created like this when a filename is called for execution that doesn't exist - Microsoft's own applications do this sometimes, I still have a POINT32.EXE 0 bytes at home :rolleyes:

    Just delete/ignore it :)
     
Loading...
Thread Status:
Not open for further replies.