Iexplore.exe processes pop up, apparent rootkit infection

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by DoktrMike, Jul 24, 2010.

  1. DoktrMike

    DoktrMike Private E-2

    There seem to be a number of people with this issue, and I've tried to follow some of the other threads here to resolve.

    When connected to the net I get a pair of iexplore.exe processes appearing and then popups randomly appear. When I'm not on the net there's no noticeable problem.

    I've attached DDS and GMER logs, but also tried the eSage Bootkit Remover which believes I have a problem:

    ----------------
    Bootkit Remover
    © 2009 eSage Lab
    www.esagelab.com

    Program version: 1.1.0.0
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 305658c5e95259df8541c6683a71d729

    Size Device Name MBR Status
    ---------------------------------------------------
    465 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks

    --
    Unfortunately a fix operation doesn't resolve this (using the creation of a .bat file I've seen on these forums). I still get this message and I'm wondering if perhaps I need to consider running the Recovery console and doing a fixmbr...

    Thanks in advance for any suggestions.
    DM
     

    Attached Files:

    DoktrMike, Jul 24, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!


    Please also download MBRCheck to your desktop
    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )
    Now see step 6 of this link: READ & RUN ME FIRST. Malware Removal Guide and disable your disk emulation software otherwise it will likely give false indications of infections to us. You only need to do step 6 for now. Then move on to the below.

    Now run MGtools per the below instructions and attach the requested MGlogs.zip file
    WARNING: Do you have all important data backed up? You really should do this before continuing on to the next steps I will be posting after I see the above log since we will need to rewrite your MBR to fix this and while most times this can be done without any problem, these infections can react badly and that could result in a PC not being bootable. You really don't have much choice though since these infections are too dangerous to your security to leave on a PC.


    Also note if you have a Dell PC which uses a non-standard MBR ( or another manufacturer's who does similar to Dell) , fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not continue but you risk serious problems leaving this infection in place and thus your only other option would be to try using the Dell Restore Utility to return a factory ship state which will remove everything you additional you have put onto the PC.
     
    chaslang, Jul 25, 2010
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds