IEXPLORE.EXE

Discussion in 'malware problems & news' started by Hyper Speed, Jul 24, 2003.

Thread Status:
Not open for further replies.
  1. Hyper Speed

    Hyper Speed Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    9
    . . .this thing was never in the Task Manager but it is now!
    I have formatted 3 times and the second I get on the net this thing pops up in the Task Manager?!?!?, also, there are Services that were never there, like, Network DDE, Network DDE DSDM, NT LM Security Support Provider. . . I think the (NLA) Service was always there but the other 3 I know don't belong!
    All the things I have read say that this IEXPLORE.EXE is part of a worm.

    . . . is there a way to get rid of this thing cause it won't let me shut it down. . .(ACCESS DENIED) and the tool bars disappear and to mention how slow my Rig get is unheard of!!! I also get this about blank window that pops up behind IE6, the Rig upstairs was ok until yesterday when IEXPLORE.EXE showed up in the Task Manager there to. . . any ideas?

    I would appreciate the help folks!

    Thanks

    PITBULL :D
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Hi Pitbull,

    I'm a little unsure exactly what you are saying here. Internet Explorer's executable name is "IEXPLORE.EXE", of course. So, are you saying that you have a different occurrence of this also appear along side your normal IE6? Is it perhaps a separate pop-up window?

    In any case, the best way to proceed is for you to post a startup & process log so we can analyze exactly what's going on...
    [hr]
    Go to http://www.tomcoyote.org/hjt and download "HijackThis!". Unzip it. Run the HijackThis.exe file and press the [Scan] button...

    When the scan is finished, the [Scan] button will change into a [Save Log] button. Press that, save the log somewhere and paste the contents into a post here for us to look at.

    However, much of what will be listed there is correct and should not be fixed. So, just post the output here and let's see if the people here can help identify the problem
     
  3. Hyper Speed

    Hyper Speed Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    9
    . . . Thanks Low Water, I will do as you asked straight away!

    I'll be back soon!
     
  4. Hyper Speed

    Hyper Speed Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    9
    . . .here is the HiJack scan Low Water!

    Logfile of HijackThis v1.95.1
    Scan saved at 7:09:29 PM, on 7/24/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Speed Freak\Desktop\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003071801/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Speed Freak\Local Settings\Temp\EI40_\msxml4.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37820.4899189815
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1E29FE39-4568-49FD-8EAF-4A8F9A9E5E08}: NameServer = 206.47.244.89,206.47.244.105
     
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Wow, for an XP system you sure don't have very many running processes or startup keys. You've obviously done a lot of system tweaking. :cool:

    Regarding> C:\Program Files\Internet Explorer\iexplore.exe

    Since this is the normal location for the IE6 application on a WinXP system, I'm afraid I don't understand your problem. You are running IE as your browser, correct?
     
  6. Hyper Speed

    Hyper Speed Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    9
    . . . well Low Water, IEXPLORE.EXE was never ever in the Task Manager. . . this is why I'm asking the question!
    My ISP was updating and ran into some problems as what they told me, IEXPLORE.EXE has been around ever since and is making my Rig act real funny. I have never seen this in the Task Manager before the ISP problem. . . EVER!
    . . . this IEXPLORE.EXE can sure suck the life out of your CPU.
    I'm a Hardcore Gamer so that is why there ain't much runnin. . . not to mention all the REG tweaks I use.
    The only thing I have ever seen is explorer.exe and not IEXPLORE.EXE, I might get rid of IE6 and start using Mozilla. . . this way I will be rid of IEXPLORE.EXE for good!
     
  7. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi Hyperspeed,

    How have you been browsing the web til now? If you had been using Internet Explorer are you certain that it was not listed in the Task Manager when you had the browser open or is it just that you hadn't noticed? The distinction is important as some malware will try to hide various processes.

    Can it be that one of your reghacks went awry?

    Thanks,

    Dan
     
  8. Hyper Speed

    Hyper Speed Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    9
    Thanks for the reply Dan!
    . . . no offence dude, but if you read my first post. . . you will see that this IEXPLORE.EXE popped up hooking up to the internet with IE before updating and right after a fresh install (3 times to be exact)!, so, the screwy reg hack idea doesn't fit in.
    I know my hacks, they have never ever given me such a problem and I have been using them for 2 straight years.
    My friend doesn't have this IEXPLORE.EXE in his Task Manager and to top it off, this file wasn't even in the Task Manager on my girlfriends Rig which is upstairs, but, it's there now and she says her Rig has been very slow and things like an "about blank" window popping up behind an open IE6 window.
    Bro, these things are not normal my friend cause they were never there to start with.
    I have the 2 Rigs hooked up to a USR8000 Router, but, even when I hook directly to the high speed modem. . . it makes no difference cause the file is still there. I even changed the iexplore.exe to higher case in notepad and the iexplore.exe file changed to highercase letters on my girlfriends Rig upstairs (they were lowercase before hand)!!!
    I bought a new LinkSys router today and I am going to format both Rigs and start from scratch. . . I will let you know if this IEXPLORE.EXE is gone cause like I said. . . it was never there to start with!

    Thanks again Dan, I will keep you posted dude.

    PITBULL
     
  9. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    o_O

    What does upper case versus lower case have to do with it? "iexplore.exe" and/or "IEXPLORE.EXE" is Internet Explorer!

    If you use the browser known as Internet Explorer on your Windows XP system, you will have "iexplore.exe" in the XP task manager.
     
  10. Hyper Speed

    Hyper Speed Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    9
    . . .well dude, tell that to my friend Mike. . . I asked him to check his Task Manager and he told me straight. . . " IT'S NOT IN MY TASK MANAGER"! with IE open, only explorer.exe (along with the usual processes). You mean to tell me that a process that was in my Task Manager that was not in my girlfriends Task Manager but all of a sudden appears in her Task Manager upstairs is normal man. . . let's get real dude cause it ain't normal no matter how you cut it!
    Why is it that my friend Mike (who is a Tech and works for one of the biggest Canadian computer and hardware suppliers )has no such process running in his Task Manager. . . I don't think he is going to throw me a line just for the hell of it dude!
    I have asked a number of friends to check their Task Manager and they tell me that explorer.exe is there but this iexplore.exe thing ain't running as far as they can see.
    This process has only been in my Rig since 3 days ago, I should know man. . . you yourself have seen my hijackThis report, have you ever seen such a report in your life? I build Performance Gaming Rigs, so, I ain't no stranger to the Task Manager my friend!
     
  11. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Well my friend, I don't know what to tell you, but, IEXPLORE.EXE (in the directory listed in your HijackThis log), is most certainly Internet Explorer.

    Whether you or your friends have seen it before, well, I can't say. But, do a web search on the executable file IEXPLORE.EXE (use Google.com or better yet, search the Microsoft technet site), and see what it tells you.
     
  12. Hyper Speed

    Hyper Speed Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    9
    . . .there is something I forgot to mention, I changed the iexplore.exe file name from lower to higher case on MY RIG downstairs. . . the iexplore.exe file on my girlfriends Rig was in lowercase, why has the file in her Rig changed from lowercase to highercase upstairs?!?!? I hadn't manipulated any file on her Rig, so, explain to me how the hell that happened? The 2 PCs are not networked together, each Rig connects to the internet with it's own IP through the router. . . do you get what I'm saying man?
    Files don't change from one PC to another unless you change it on that particular PC. . . I'm sure you can understand that much dude!
     
  13. Hyper Speed

    Hyper Speed Registered Member

    Joined:
    Jul 24, 2003
    Posts:
    9
    . . .no offence Low Water but the only file I have ever seen in the Task Manager when I start IE6 is explorer.exe. . . this is why this whole situation has got me very intrigued!

    Thanks for the posts Low, I appreciate your time man!

    I am going to follow up on your suggestion and I will keep you posted on what I find. . . OK?

    PITBULL
     
  14. weeNym

    weeNym Registered Member

    Joined:
    Jul 14, 2003
    Posts:
    19
    It is perfectly normal for IEXPLORE.EXE (given the file path from your previous post) along with explorer.exe to show in Task Manager.

    Regards,

    weeNym
     

    Attached Files:

  15. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    If this file concerns you, for your own piece of mind, submit it to a professional for analysis. I would recommend:

    Diamond Computer systems at

    http://www.diamondcs.com.au/index.php?page=contact

    If there is ANYTHING out of the ordinary with this file, they will find it.
     
  16. StAnger

    StAnger Registered Member

    Joined:
    Jun 8, 2003
    Posts:
    84
    Since you are such a TweakMaster, I´m surprised you still have
    • Updreg.exe:
      Reminder to register Creative Labs SoundBlaster Live! cards
    • ADGJDet.exe
      Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
    • regsvr32.exe ctasio.dll
      ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Only required if you use this functionality
    starting up.

    Maybe you can install an AV and put those wasted resources to work and ease your mind.
     
Thread Status:
Not open for further replies.