Small box in upper left of display related to iexplore

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by dc2@28352, Nov 18, 2008.

  1. dc2@28352

    dc2@28352 Private E-2

    I want to revisit GhostFence and Amoxus posts from a couple of years ago concerning a small box appearing in the upper left of the display.

    I found this little blue box last week in the upper left corner of my display on my PC at work. Once I dragged it to the open desktop, it appears to be a "window" roughly 1/4 inch wide and 1/2 inch deep. After researching my task manager, I was able to link it to iexplore.exe; of course, I wasn't running the browser at that time. This has now been found on nearly 300 PCs in my company over the past 7 days. It's evading my Etrust signatures. I've found nothing recent about this on any website. These infected PCs have exe files stored in the D&S\Username\Application Data folder. There are various names but all are 404,992 bytes. Some of the names are:
    Lsas.exe
    Event.exe
    Svchosts.exe
    Helper.exe
    Upnpsvc.exe
    Service.exe
    Rundll.exe
    Msiexeca.exe
    Logon.exe
    Dumpreport.exe
    Sound.exe
    Taskmon.exe

    Once I stop IExplore and delete the file(s), it doesn't appear to come back. Does anyone know if this is a 2008 recurrance of an old issue?

    Thanks in advance.
     
    dc2@28352, Nov 18, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Not sure! It does not sound like the problem files are in the same location as in the old threads so it may be a new version or the infection.

    Perhaps you should consider running our cleaning procedure on at least one of your PCs to see if anything else is found.
     
    chaslang, Nov 18, 2008
    #2
  3. dc2@28352

    dc2@28352 Private E-2

    "Perhaps you should consider running our cleaning procedure on at least one of your PCs to see if anything else is found"

    As you can see, I'm new to this forum. Where can this cleaning procedure be found?
     
    dc2@28352, Nov 19, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The main Malware Forum page is here: http://forums.majorgeeks.com/forumdisplay.php?f=35

    At the top of every page in the Malware Forum there are sticky ( aka pinned ) threads. Currently you will see 6 sticky threads. The cleaning procedure is one of them. It shows as:

    READ & RUN ME FIRST. Malware Removal Guide


    Keep the below in mind while running the cleaning procedure.
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    Notes:
    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    chaslang, Nov 19, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds