Forums > Computers - Technology

Help with iexplore in processes --possible trojan?--

(1/2) > >>

TheNightWatchman:
Alright, I have noticed lately IE popping up randomly with ads and figured something was up.
I've scanned Spybot and deleted anything that came up, scanned NOD32 but it was all fine. Looked up HiJackthis and deleted anything I thought looked suspicious (although, I'm not that much of an expert so could have missed something) but never the less, I get 2 iexplore.exe 's in the processes running all the time. In my process manager I tried to delete it there (usually works when task manager doesn't) but it still comes up by itself, piggy backing off an exe I can't find. It's annoying because it's using up quite a bit of memory, and uses about 70% of the CPU for about 10 seconds when I kill its process.

I don't know if you've heard about any of this before, I tried searching around but couldn't find anything that helped.

If no one knows what it is I could post my HiJack this and start from there?

Any help would be appreciated

NWM

texasboy:
 ;D I`m not an expert as you already know. But a few thoughts.
On your IE toolbar  check for manage plug ins, it will give you a list of all plug ins associated with IE. if there are duplicates or suspicious ones you dont recognise.
There are a few older trojans that when they first run they copy themselves to IE.exe.  Troj/Proxy-ER and Troj/Domuz-A
You also might like to check http://www.castlecops.com/s13551-ie_exe.html.
From browsing through different sources it may not be a process manager problem and as you said may be somewhere in Hi-Jack.
Probably not much help. Hope you get it sorted
cheers

chip!:
yeah go ahead and post your HiJackThis report...

also:  http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx

you can use process explorer to figure out the path of where ever that iexplore.exe is locate, kill it, delete it, etc..

Quantum:
If it's piggy backing off some other exe or dll, or whatever, you should be able to do a detailed view and search with procexp:

http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx

It's like a really advanced version of task manager, very useful, should give you an insight if all else fails in to what needs targeting and killing.

TheNightWatchman:
That program was actually what I was using... but it doesn't tell me anything because the piggy back program disappears (unless I missed something?)
Here are some screen shots:

Ok so it starts off like this


Then when I right click and end process it does:


Then switches to:


And then back to:


The other iexplore reloads as this name:


If I run IE (I usually use firefox) it runs under explorer.exe the same as for example Photoshop, but these do not.

Hopefully this sparks some ideas?  ???

EDIT:
Interestingly I can end their process now -- I downloaded the latest version of Process Explorer (I was using v8.4 and the latest is 10.21) and it enables me to kill them at least. Still I need to stop it from reoccurring.

EDIT2:
Ok no they came back :( It just seemed to delay the time for a bit.

Navigation

[0] Message Index

[#] Next page

Go to full version