IEXPLORE.exe running without browser open!!!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by msp4790, Aug 9, 2005.

  1. msp4790

    msp4790 Private E-2

    Hey guys, I need some help. In my task manager there is an IEXPLORE.EXE running without my Internet Explorer browser even open. I end the process and it would come back in less than 5 min. I would do this about 5+ times, and then sometimes it would stop coming back, and other times it would still keep coming. I think its probably some type of spyware or virus. I need help to remove this bug, and anything else which it brought along with it.

    I have run Spybot, Microsoft Anti-Spyware, Ad-aware, Online scans like trend-micro, SysClean (by Trend Micro), and I also have Zone Alarm running to try to prevent the process from accessing the web, but I don't think any of it has worked.

    I am posting my Hijack This log below.

    [unrequested inline log removed -kodo]



    Thanks A LOT for helping :)
     
    Last edited by a moderator: Aug 9, 2005
  2. Kodo

    Kodo SNATCHSQUATCH

    Please follow the steps below:

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
  3. msp4790

    msp4790 Private E-2

    I have already run all those steps in that sticky thread a few times over when I first started having that problem. They just found small spyware/adware problems which were all successfully removed. I have AVG 7.0 runnning, and its real-time scanner finds trojan droppers adn downloaders. Today it found Trojan Horse Dropper.Agent.8.B in the file C:\Windows\System32\cisvc.exe. I don't know if that has anything to do with it, but just to let u know.
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you have run ALL of the READ ME FIRST then complete the last part of Kodo's message (instructions for posting a HijackThis log).
     
  5. msp4790

    msp4790 Private E-2

    My log file is attached.
     

    Attached Files:

  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).


    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O4 - HKLM\..\Run: [jbxdxrr] C:\WINDOWS\System32\jbxdxrr.exe
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab


    After clicking Fix, exit HJT.

    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\System32\jbxdxrr.exe


    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now empty your Recycle Bin. Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
  7. msp4790

    msp4790 Private E-2

    I did everything you said, and then rebooted. No signs of it yet. Here is my log file after the reboot.
     

    Attached Files:

  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The below line is still in your HJT log


    O4 - HKLM\..\Run: [jbxdxrr] C:\WINDOWS\System32\jbxdxrr.exe

    Did you fix it last time? Fix it again. Make sure it does not come back after a reboot.
    Also make sure the file is gone.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds