Multiple IEXPLORE.exe processes running.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by eminent failure, Nov 14, 2007.

  1. eminent failure

    eminent failure Private E-2

    AMD Athlon(tm) 64x2 Dual Core Processor 3600+
    1.9 GHz,896 MB RAM Physical Address Extension

    MIcrosoft Windows XP Professional
    Service Pack 2

    Hey guys, new to the forum. I can google all day long and not find the answer to this headache... so I figured I would try the site that I DL nice and neat lil progs from to get some help.

    I have this .exe named IEXPLORE (note: the r is missing so it worries me a bit. Thinking something has renamed my IEXPLORER. Furthermore, when I try to end process tree via Task manager, it disappears between 5 to 10 seconds and pops up again while the other one still remains running. With NO Browser open. I completely unistalled yahoo messenger thinking it might me a toolbar or something with yahoo. Still no luck. Ran the A squared anti malware in safe mode nothing detected that would fix the IE prob. This is depleting my recources and memory something fierce, I get low pings on games and crappy browsing because of it. Help me please!, and thank you for your knowledge and any light you can shed on this pain in my AMD.
    -Brad-
     

    Attached Files:

    Last edited: Nov 14, 2007
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    iexplore.exe is the correct name for Internet Explorer. It does not have an ending "r" like Windows Explorer which is named explorer.exe.

    Based on your HJT log it appears that you are using an illegal version of Windows XP. I see a tool being used to bypass Windows Activation. You should get a legal copy of Windows XP which will be much easier to support and keep updated and that could help you avoid possible malware issues.

    Are you saying that when you obtained your HijackThis log that you did not have any browser windows open??? Are you sure?
    If you boot in safe mode and do not open any browsers yourself, do you still see iexplore.exe processes running?

    Please follow the instructions in the below link and attach all of the requested logs when you finish:

    Read & RUN ME FIRST Before Asking for Support
     
  3. eminent failure

    eminent failure Private E-2

    Whoa!? Thanks for the heads up on the illegal version of xp I bought this pc from a private owner. I didnt think about it not being a genuine. I hope the FEDS dont come to take my pc now! Wow that sucks truely. Well guess Im done here. I have to reformat and go buy a OS. I guess thats why I got this pc for so cheap. Thanks again

    -Brad-
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It's up to you on how you want to proceed. You can run the procedure I gave you and we can look for and remove any malware that is found. That will not address the illegal Windows issue, but we are not the Windows police. We just don't condone illegal activities and hacked copies of Windows can lead to problems.
     
  5. eminent failure

    eminent failure Private E-2

    In safe mode the iexplore.exe's are not present.
    I did a search from the start menu and clicked search and I came up with 2 identical iexplore.exe's both the same version and company. I mean identical. Could I just delete one or if I do will it remove both.
     

    Attached Files:

    Last edited: Nov 15, 2007
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Where were they located exactly? One could just be from a service pack update.


    You need to attach the requested logs from the READ ME which are
    • AVG Antispyware
    • ComboFix
    • C:\MGlogs.zip
    You have attached ComboFix and unnecesarily attach HijackThis and GetUnKey which are in MGlogs.zip already. Attach this current MGlogs.zip file now before doing the below which will overwrite it. Thus far I see no problems other than the illegal OS which may or may not be related to your problem.

    I see you ran MGtools.exe in safe mode and that no iexplore.exe process were loading. If you boot in normal mode and run C:\MGtools\GetLogs.bat all new logs will be put into the C:\MGlogs.zip file for normal boot mode. I wonder if iexplore.exe will show up. (Make sure you have not run opened any browsers yourself).
     
  7. eminent failure

    eminent failure Private E-2

    ran another search:

    IEXPLORE.exe C:\ProgramFiles\InternetExplorer
    IEXPLORE.exe-27122324.pf C\windows\prefetch
    ieexplore.exe C:\windows\system32\dll cache (this appears in blue text)
     

    Attached Files:

  8. eminent failure

    eminent failure Private E-2

    guess i forgot this...it came up clean.
     

    Attached Files:

  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    When you ran the GetLogs.bat file, did you have any browser windows open? Are you sure??? I see one running iexplore.exe

    Your logs are all clean but you should uninstall the below old Java version:
    Java(TM) SE Runtime Environment 6 Update 1

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment
     
  10. eminent failure

    eminent failure Private E-2

    No, I made sure all windows and browsers were closed. Im gonna uninstall the old java as instructed and install the new one via the link above. Have I told you lately you rock? Well thanks man, even if we cant get to the bottom of this thing without reformatting with a new OS I appreciate your efforts.
     
  11. eminent failure

    eminent failure Private E-2

    Resolved. I seen that i had version 6, so I thought what the hey, I uninstalled ie6 and used the Microsoft updates via start menu to pop up its built in browser. then went to ie7 page, upgraded and rebooted. NO more multiple processes! Thanks man. Next step is getting a legit copy ASAP! Found a 100$ xp pro sp2 at pricewatch. So everything is looking promising so far. Thanks a million for your help bud. Thanks to all who help out here! This site is a 5 star helper and I appreciate it.
    -Brad-
     
  12. eminent failure

    eminent failure Private E-2

    Scratch that last post about it being fixed....it isnt fixed. iexplore.exe still present with no browsers open. UGH! Thought I had it licked. Guess thats why I am not the helper and Im the helpee. Well...I uninstalled old java, rebooted and DLed the version your directed me to. Thats done. Guess i can give you another search since I got ie7. I'LL close this post and its window and do a search and post it.
     
    Last edited: Nov 16, 2007
  13. eminent failure

    eminent failure Private E-2

    iexplore.exe C:\Program Files\Internet Explorer
    iexplore.exe C:\Windows\ie7 (in blue text)
    IEXPLORE.EXE-27122324.pf C:\Windows\prefetch
    iexplore.exe C:\Documents and Settings\Brad\desktop(shortcut)
    iexplore.exe.mui C:\Program Files\Internet Explorer\en-US
    iexplore.exe C:\Windows\ie7 updates\KB939653-IE7 (in blue text)
    iexplore.exe C:Windows\system32\dll cache (in blue text)
    iexplore.exe C:\Windows\$hf_mig$\kb939653-IE7\SP2QFE
    iexplore.exe C:\Windows\Software Distribution\Download\Oeda838ef8ec599d822155030a70ecac\SP2GDR
    iexplore.exe C:\Windows\Software Distribution\Download\"same as above"\SP2QFE


    "same as above"= meaning same character and number sequence as the line above it.
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Those are all legit. The problem is not related to how many files named iexplore.exe. The problem is what is running a legit iexplore.exe when you are not running it yourself. This is often a sign of LOP infections but you did not appear to have any. It could be something to do with how the illegal activation process is running. Let's try a rootkit scan just to see if anything else turns up.

    Run this Using Sophos Anti-Rootkit and attach the requested log
     
  15. eminent failure

    eminent failure Private E-2

    It found something on my secondary drive but my main drive is clean. My secondary drive is for storage only so I dont think there isnt anything wrong there. Im starting to think we are hitting brick walls, and possibly wasting each others time. I mean whats the use of fixing this problem when its only gonna get reformatted anyway with a legit copy. I guess it could buy me a little time until I purchase the OS. Im just gettting so frustrated with this. And this type of problem happens to genuine copies as well. So I dont want to go too far to say that its just the illegal version's fault.
     

    Attached Files:

  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That's a valid Windows file used to expand compressed files.

    Yes but only when there is an accompanying infection from LOP or similar and you don't have any.

    You have another alternative while waiting to buy your new OS.
    • download and install Mozilla FireFoxand use it as your browser
    • Rename C:\Program Files\Internet Explorer\iexplore.exe to iexplore.bak which will prevent it from running.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds