• Hijacking virus of some sorts - iexplore.exe replicating, now explorer.exe
    13 replies, posted
Okay, so, today, I launched IE (Which I never do), and it froze on launch, on the MSN homepage. It then restarted my PC. On the boot back up, I started having multiple iexplore.exe (Not iexplorer.exe) opening up and replicating, impossible to end the process for all of them, as it'd just start itself up again. These processes were using up to 30% CPU and 3GB of memory. I ran a scan on MalwareBytes, Security Essentials, SAS, no results apart from some registry entries with MalwareBytes which were cleaned (Seemed related). Now, I thought, 'I'll go delete the .exe to prevent it from being able to run itself', so I did that, it was the 64-bit IE. Now, it seems to have moved onto explorer.exe, launching multiple instances, now using up to 50% CPU. I have no idea what the intentions of this malware is, but it's causing some serious slowdowns. A worthwhile note, when I restarted last time, my screen flicked just before the 'Windows is shutting down...' screen, and some fullscreen adverts showed for a moment. I don't know if this virus is slightly broken or something. My question is what the fuck do I do. Only thing I can think of is Spybot: Search and Destroy, but I'm thinking it's unlikely to help. Should I just back up and format? I assume this all derived from that security hole they discovered in IE versions, I have 9 installed because I never use it, and it was never updated. If anyone has any ideas, that'd be great. I realise now I can't exactly search for much, as there's nothing to go by..
wow that is scary sounds like moral of the story is never ever open internet explorer
Boot into safe mode, install MalwareBytes Anti-Malware and run, cross your fingers. Also do your Windows updates. Also, while in safe mode, open a command prompt as administrator, and run this command to run the system file checker: sfc /scannow
TDSSKiller your machine in safe mode. [editline]24th August 2014[/editline] [QUOTE=elixwhitetail;45783932]Boot into safe mode, install MalwareBytes Anti-Malware and run, cross your fingers. Also do your Windows updates. Also, while in safe mode, open a command prompt as administrator, and run this command to run the system file checker: sfc /scannow[/QUOTE] OP already ran MalwareBytes.
MSE started detecting things, finally, and it's telling me to use defender offline to clean it all, so I'm going to try that. If it doesn't work, I'll try TDSSKiller. Toiscoi is one of the viruses, some sort of password thing, oh, and loads of others that apparently result in allowing attackers control, so fuck it, off I go.
[QUOTE=voltlight;45784267]MSE started detecting things, finally, and it's telling me to use defender offline to clean it all, so I'm going to try that. If it doesn't work, I'll try TDSSKiller. Toiscoi is one of the viruses, some sort of password thing, oh, and loads of others that apparently result in allowing attackers control, so fuck it, off I go.[/QUOTE]The first time mse does what's meant to do.
if you have trouble removing stuff, i'd recommend seeking help at [url]www.geeks2go.com[/url] seriously these guys helped me out big time
I have a similar problem, but with chrome. The thing doesn't show up on the task bar, and trying to delete it ends up in it crash most of the time. Here is what I did: Go to task manager and right click on one of the explorers, and press view file location. It should show you where the file is located, and there you can do a scan. However, when I scanned it, it showed up nothing (though deleting a whole file and it just recopying itself doesn't seem safe). However, sometimes when the ad shows up, MB blocks the website, and gives me the exact location of where the file is.
try a system restore point before it makes it's way there
[QUOTE=Hollosoulja;45785842]try a system restore point before it makes it's way there[/QUOTE] Heaps of viruses get around that. OP, i reccomend using this [url]http://www.surfright.nl/en[/url] Make a kickstart drive and boot into that. Hitman pro can do wonders.
Try offline defender as well. Or KRD but that's slow as balls.
Hey guys, finally got chance to report back. Defender Offline didn't seem to quite remove it, at least not all of the problems, so I took the advice to run Malwarebytes in Safe Mode, and that did work for the majority of it. I always underestimate Safe Mode. I had to do another scan, in which yet another trojan was detected, so even now I'm not 100% sure I'm clean, but the main problem is completely gone, thanks for the help. One thing I saved from this adventure is the following, it made me laugh: [IMG]http://puu.sh/b5MHI/427eaea0d4.png[/IMG] Legit
Run [URL="http://gmer.net"]gmer[/URL] and just let the initial scan run, shouldn't take too long on modern machines. If it comes back with anything in red, that's probably a rootkit. Stuff that comes back in black text is probably normal, and it's normal for a bunch of stuff in black, or nothing/next to nothing to come up, depending on your system's configuration. Just to be sure. Gmer does a lot of other stuff, but I wouldn't mess with it unless there's a specific need, because it can potentially render your system unbootable if misused badly. Dealing with the rootkit/s, if any, is going to be a separate thing, since it'll depend on what it is.
Also know that many things set off rootkit detectors. The most common are OEM recovery partitions and antivirus's with an anti-rootkit function (because those are actually root kits themselves)
Sorry, you need to Log In to post a reply to this thread.