iexplorer.exe trojan

Hi

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.




​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Because you did not do what was requested in the READ ME. Step 6 asked you to run Bitdefender online scan not install Bitdefender Antivirus. And you also made your log very large because you change options to show all files scanned....even clean ones which is a waste of time. You now violated step 3 of the READ ME since you have two antivirus applications installed.

Uninstall Bitdefender V8 now.

You also ignore the part of step 6 where we asked you to install the current Sun Java version and uninstall any old versions.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Also this Viewpoint Media Player should have been uninstall in step 0 of the READ ME! Uninstall it now.


You are also using MSconfig to control Startups! You must read step 0 of the READ ME and get into Normal Startup mode.



Now attach new logs from ShowNew and HijackThis.

 

HijackThis is not a malware scanning/detection tool. You should have considered the ramifications of downloading cracks and keygens. They are the cause of your malware problems. FOr example, things like below which should be deleted:

Code:

"C:\Documents and Settings\Khabarakh\Desktop\"
ADOBEK~1      Feb 10 2007              "Adobe Keygen_Activation Suite CS2"
CRACK         Feb 15 2007              "crack"

You already have it on your PC. It is an integral part of the Windows OS and cannot be removed. In additon, if you did try to remove Internet Explorer from your PC, you would not be able to connect to many websites and you would no longer be able to get various updates from Microsoft since they require Internet Explorer. Note the Internet Explorer 4+ just means you need at least Internet Explorer version 4 or greater to be used when connection to BitDefender Online. The same is true for PandaActiveScan.

It's all stuff you installed. Why did you install it if you don't need it? Uninstall all un-necessary software and use a programs options/settings to disable it from loading at startup. If you don't need all the tray item icons loading for quick links to various settings, then delete them permanently either from program options or by using HJT or a registry editor. Using MSconfig is not the proper approach and that was not the purpose of MSconfig.


Start by downloading a tool we will need - Pocket KillBox

Save it to its own folder somewhere that you will be able to locate it later.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplorer.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ante Four Glue Dumb] C:\Documents and Settings\All Users\Application Data\exitroadantefour\viewcdrom.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [RdrTrans] C:\DOCUME~1\KHABAR~1\APPLIC~1\GREATP~1\Proc About.exe
O4 - HKCU\..\Run: [PSwitch] C:\DOCUME~1\KHABAR~1\LOCALS~1\Temp\RarSFX0\ProxySwitcher.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

We don't recommend putting anything in the Trusted Zone unless you cannot live without it. In most cases it is totally unnecessary anyway. So I do recommend also fixing the below two lines.
O15 - Trusted Zone: *.impregnable.net
O15 - Trusted Zone: *.torrentcommander.com

After clicking Fix, exit HJT.


Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Documents and Settings\All Users\Application Data\exitroadantefour\viewcdrom.exe
C:\Documents and Settings\Khabarakh\Application Data\GREATP~1\Proc About.exe
C:\WINDOWS\iexplorer.exe

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.
After reboot locate the below folder and delete if found:
C:\Documents and Settings\All Users\Application Data\exitroadantefour

Please delete the below folder? Note that the Questionmark represents unprintable characters that were found during the scans, but they may appear to you as normal characters when you locate them using Windows Explorer. I will add comments in RED next to each item. Note the date of the folder which will help you to locate them:

Code:

"C:\Program Files\"
SSTEM~1       Feb 14 2007              "s?stem"  [B][COLOR=red]<-- may look like system[/COLOR][/B]

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Did you read thisDon't Bump! It Only Hurts You!!!


We volunteer are free time when we can, and we are literally helping a hundred or more people at any given time. You have to wait your turn and we will get to you. Each message you posted cost you many hours of additional waiting time. Message # 9 cost you 7 hours. Message 10 cost you and addional 12 hours. That's 19 total hours !


Since I now don't know what you have done to your PC since message # 8, you will have to attach new logs from

• GetRunKey
• ShowNew
• HJT

 

This message is the reason for my tone! When several hundred people per week constantly do not follow directions and also get impatient while waiting for FREE support, it gets quite annoying.