help with computer problem

Author: Shimraa
Date: 31-Jul-2005, 6:51 PM

Author: Shimraa
Time: 31-Jul-2005 6:51 PM (Edited)
Post link

ok i need the help of someone who knows what they are doing when they are dealing with windows system files.

heres is my problem i have two IEXPLORE.EXE processes running on my computer when internet explorer is not running, and i know they are bad news. i have done scans with adaware, spybot and norton, and though they found and destroyed otherstuff, they are not killing this one. so i decided to so a google on it, and found that IEXPLORE.EXE when it runs in this manner could be a trogen, so i went to the symantics website and found the trogen that it would be and set out to delete it, i did everything that they told me bur found no sign of the trogen, norton didnt pick it up, nor did i find the file where it was supposed to be. so now i am at a lost, i want to get the fuckers off my computer cause everytime i open Internet explorer fucking adds pop up. can some one help plz.

Author: ricarleite
Time: 1-Aug-2005 2:06 AM
Post link

Hmn, the best suggestion I could give you is to rename every "iexplorer.exe" file you find into "iexplorer.old" and use FireFox instead.

Well, seriously though, I would look into the windows register, if this thing is starting on its own it's probably there. If you find the right keys in the register you could easily take it out. There was this program that would let you see what was being read on the register and you could use it to monitor it and keep track of that keys are being accessed, but I don't remember the program's name, a google search could do the trick though.

“Voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same in any country.” — Nazi Reich Marshal Hermann Goering

Author: Shimraa
Time: 1-Aug-2005 10:39 AM
Post link

i i couldnt find it in the registry

Author: s7en
Time: 1-Aug-2005 11:15 AM
Post link

It could be spyware/malware rather than a virus. The upshot of that being virus scanners won't pick it up but antispyware like AdAware or Spybot might. I recommend getting those on your system anyway for added security, if don't have them already.

There also online virus scans: This one from panda does a spyware scan too, could be worth a go.
Pandasoft Free Antivirus online

Pages like this list a lot of different trojans and nasties all calling themselves iexplore.exe

And this page has some advice for tackling it manually.

Quote
If you find this file in the system32 subdirectory then it is dangerous. I believe that it should reside in \Program Files\Internet Explorer. Remove all instances of it from the \windows\prefetch directory. Search through the registry in the HKLM....\Run and RunServices for data relating to "internet Explorer". Note the .EXE file name and remove this file from any where you can find it. My Opinion: nasty ad ware, and difficult to remove

There also seem to be variations named lexplore.exe (with an L instead of an I) to fool the unwary.

Hope something here is useful to you.

Author: Shimraa
Time: 1-Aug-2005 11:47 AM
Post link

i did find some registries with lots of numbers in there names but they were .pf files
that were routed from windows/prefetch

could those be them

Author: starkiller
Time: 1-Aug-2005 11:54 AM
Post link

I did a Google search for
Lexplore.exe Spyware and I found this site:

http://www.auditmypc.com/process/lexplore.asp

Don't know if it will help, but its a place to look.

Author: Trooperman
Time: 1-Aug-2005 12:12 PM
Post link

use FireFox instead

Absolutely.

Episode II: Shroud of the Dark Side

“Back when we made Star Wars, we just couldn’t make Palpatine as evil as we intended. Now, thanks to the miracles of technology, it is finally possible. Finally, I’ve created the movies that I originally imagined.” -George Lucas on the 2007 Extra Extra Special HD-DVD Edition

Author: s7en
Time: 1-Aug-2005 12:47 PM
Post link

Quote
i did find some registries with lots of numbers in there names but they were .pf files that were routed from windows/prefetch

could those be them

Its possible. It should be safe to delete any suspect files from the windows prefetch directory, according to this.

As for making changes to the registry, hard to say at this stage, so I'd leave that side of things alone rather than risk cocking it up. Although if any instances of iexplore appear here HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
or here
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
they should be deleted.

Author: JediSage
Time: 1-Aug-2005 1:01 PM
Post link

Make sure you have the latest Windows security updates in place, as one of them may patch the vulnerability. I wouldn't be satisfied with leaving it on there and using another browser (although FireFox is the long term answer). Do you have a firewall running? Try a software firewall like Sygate or ZoneAlarm. They may alert you to any outbound traffic that could be causing this, which would allow you get rid of the source. Sounds like you may have other major problems given the results of your other scans. What OS are you running? Windows 2000? XP? Might be a good time for a rebuild given what else is going on.

Nemo me impune lacessit

http://ttrim.blogspot.com

Author: Shimraa
Time: 1-Aug-2005 2:28 PM
Post link

i do use firefox

there is nothing in the two directors that you mentioned

and i have a hardware firewall i the form of a router as wel as the windows software firewall

Author: ricarleite
Time: 2-Aug-2005 2:30 AM
Post link

I would recomend Norton Internet Security, but I don't know how much it costs (my internet provider gives free copies for its users). I had some bad moments with ZoneAlarm and Pandasoft. Also, try getting Microsoft's beta Spyware software, it's actually good, and it's free so far.

WHY do people program this virus/spyware things! It's only porpouse is to make things difficult and to make us lose money and time, the programmer profits nothing with it, he indirectly loses too...!

Author: Shimraa
Time: 2-Aug-2005 9:01 AM
Post link

i was wondering the same thing, like most of the viruses i have encountered are completely useless, all they do is slow my computer down.