Malware? Multiple iexplore.exe's + muted wave audio slider

Discussion in 'Malware Help (A Specialist Will Reply)' started by Durkan123, Jul 9, 2010.

  1. Durkan123

    Durkan123 Private E-2

    Hello All,

    Starting on Wednesday July 7th I noticed my machine exhibiting problems. My sound was automatically muted. Had this not happened I might not have noticed my real my real problem. It appears I have been infected by some kind of malware or trojan or whatever. I have multiple iexplore process running all the time and random internet explored pop ups despite my input.

    I cannot end the iexplore processes because they immediately come back.

    I took the liberty of following your cleaning guide as best as I could and will post all logs.

    A few notes:

    1) Duing troubleshooting I attempted to rename iexplore.exe to iexploreR.exe. If this file comes up in any logs, its why.

    2) I was able to successfully run SuperAntiSpyware, Malwarebytes combofix and MGtools. When I tried to run Root Repeal it would hang my system right up for about 5 minutes and then it would crash to a blue screen and give a kernel error before rebooting on its own.

    3) During the combofix process, my registry editor application crashed twice but the combofix completed all the same.

    4) I have 2 physical drives, each with a single partition.

    5) I have two users on this computer. Both are admin accounts and have the same issues.

    I will post all of my logs in this post as I only have 4 due to the failure of root repeal.

    If any more information is require don't hesitate to ask.

    And thanks so much for any and all assistance, you guys are life savers.
     

    Attached Files:

    Durkan123, Jul 9, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It appears as though you have not disabled your disc emulation software. Please refer back to the Read and Run First instructions -> step 6.

    Now, please do this:

    • Download bootkit_remover.rar
    • Click the underlined DOWNLOAD text to download the file and save it to your Desktop.
    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip
    • After extracing remover.exe to your Desktop, double click the remover.exe file to run the program.
    • Attach or post inline here, the output from remover.exe
    Use windows explorer to find and delete:
    C:\WINDOWS\Temp\100.dat

    Now please put ComboFix directly on your desktop, not here:
    Running from: d:\downloads\ComboFix.exe

    NOTE: The Command Prompt window text can be copied to the clip board by right clicking on the top bar of the window and using the Edit commands to Mark, Copy, and Paste.
     
    TimW, Jul 9, 2010
    #2
  3. Durkan123

    Durkan123 Private E-2

    My issue is resolved by using fixmb on the Recovery Console. Thanks for the assistance,
     
    Durkan123, Jul 10, 2010
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good job. That was where we were going anyway!!

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:

     
    TimW, Jul 10, 2010
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds