Is iexplore.exe a trojan?

Hi there, I have a friend that has a PC that has been infected by a trojan, which I think has renamed itself iexplore.exe, and hence ZA lets it pass thru the firewall. If you deny it access, it just keeps on trying. I think the trojan may have been picked up in Mirc. I have tried using a program called "The cleaner" but it fails to pick anything up. Also when the machine boots up, we keep getting the error message "iexplore is not a valid Win32 application" I am sure the BO Clean would find it, but am unable to afford the software. Are there any freeware programs out there that will do the job. Many thanks

 

Hi there,
irf you think it is a Mirc worm, you might like to test with Mirclean, one of the free tools available at http://www.diamondcs.com.au
If it is explore.exe (mind not explorer and not iexplorer)you find a good description of it and what to do on the same site.
After that info you can do some online scanning, like at www.pandasoftware.com
http://housecall.antivirus.com
www.bitdefender.com
TheCleaner would find it as well, as do many others.

How do you know it is a trojan?
A corrupt file can also happen due to crashes and such.
In properties you can see if the file was changed maybe and when.
If it is the iexplorer.exe you can locate the file and rename it for a try, after do a repair setup for IE (via the configuration|software, locate MS IE and add/remove should give that option) so the original hopefully woulld be put back and see if that helps.

Please let us know here how it goes.

 

Can you tell me the correct path where you found iexplore.exe? There are some trojans out which use this name but do not change the real iexplore.exe. But it can also be corrupt IE. As Jooske wrote try to reinstall the IE.

Download TrojanCheck5 from http://www.wilders.org
TC5 is a nice freeware tool which gives you a full overview about Windows autostart entries. Is there an autostart entry for iexplore.exe?

wizard

 

Hi there, yes the reason I think it is a trojan in disguise is because there is a copy of iexplore.exe in the C\WINDOWS\SYSTEM folder (To the best of my knowledge, there shouldnt be) In zone alarm he has the ie logo in the "Programs currently accessing the net" folder as you would expect if you have IE running, BUT he also has iexplore.exe running, which is displayed as the rectangular blue and white icon with the 3 dots in it which is the suspicious one. I will read up on the links provided. I am not at his place right now, so carnt do a lot at the moment, but will post back....cheers  Chris

 

Might want to run The Rx Trojan Assistance Pack from here: http://home.earthlink.net/~rmbox/Reticulated/Toys.html , too, and see what it tells you. Pete

 

Hey thanks for all the info, will be going up there this week sometime, so will print out what I have here, plus I will check out the programs listed in reticulated toybox...I am not anticipating any problems removing it (hehe, famous last words!) will post back...cheers  Chris

 

Always feel free to email suspicious files to submit@diamondcs.com.au

If there is a large sized file or a large number of files you should email us first support@diamondcs.com.au and describe the situation.

 

Hi there, still havent been able to get up to his place yet, Have got him to email me his netstat file, win.ini and sys.ini file, his ZA Log and if I can, I'll get him to mail me the iexplore.exe file which I will send to you..cheers  Chris