It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Persistent Virus Has Me Stumped
page: 1share:
Okay, I've got a virus on my laptop that is driving me crazy. When I open IE the virus opens a second iexplore.exe process. If I delete the second
process it opens two more.
I have searched out and erased all of the iexplore.exe.hdmp files on my computer. I ran Malwarebytes and it found nothing. The Windows malacious software removal tool didn't help, Panda Anti-Virus says there is nothing wrong. Advanced System Care 4 did find the file Trojan.win32\Agent on my computer and supposedly fixed it. However, the virus is persistent. It hangs around and refuses to leave.
The only thing keeping it in check is IObit Malware Fighter. If I start it before I start IE the second .exe doesn't show up. So, it is still rattling around in there somewhere. IMF is just helping to contain it. Does anybody have a suggestion besides reformatting?
I have searched out and erased all of the iexplore.exe.hdmp files on my computer. I ran Malwarebytes and it found nothing. The Windows malacious software removal tool didn't help, Panda Anti-Virus says there is nothing wrong. Advanced System Care 4 did find the file Trojan.win32\Agent on my computer and supposedly fixed it. However, the virus is persistent. It hangs around and refuses to leave.
The only thing keeping it in check is IObit Malware Fighter. If I start it before I start IE the second .exe doesn't show up. So, it is still rattling around in there somewhere. IMF is just helping to contain it. Does anybody have a suggestion besides reformatting?
You should never ever need to reformat your computer, unless you're doing things you oughtn't and have Fatman on standby to nuke it into a safe pile
of unrecoverable digital ashes.
Anyway
Start your computer in safe mode.
Use to you bring up the safe mode prompt by tapping on the F8 key on boot.
In safe mode (with networking) update your virus definitions on whatever virus scanner you are using, and run a full system scan.
while the scan is running go to Start, then Run, and type Regedit, then hit enter.
In the registry editor go to HKey LocalMachine, then Software, then Microsoft, then Windows, then Current Version, then Run.
Look in the Run list to see if any programs are listed that don't sound like anything you use or need.
If anything looks fishy, write down the file name and location, delete the string, then go look for it in it's designated folder and delete it there too.
You can also open the run menu and type Msconfig. Once the System Configuration window opens, you can go to the Startup tab, and uncheck pretty much everything you don't need to run immediately on startup, and everything you don't know WTF it is. Apply.
Once your virus scan completes, restart your computer to normal mode and check to see if things are better.
Anyway
Start your computer in safe mode.
Use to you bring up the safe mode prompt by tapping on the F8 key on boot.
In safe mode (with networking) update your virus definitions on whatever virus scanner you are using, and run a full system scan.
while the scan is running go to Start, then Run, and type Regedit, then hit enter.
In the registry editor go to HKey LocalMachine, then Software, then Microsoft, then Windows, then Current Version, then Run.
Look in the Run list to see if any programs are listed that don't sound like anything you use or need.
If anything looks fishy, write down the file name and location, delete the string, then go look for it in it's designated folder and delete it there too.
You can also open the run menu and type Msconfig. Once the System Configuration window opens, you can go to the Startup tab, and uncheck pretty much everything you don't need to run immediately on startup, and everything you don't know WTF it is. Apply.
Once your virus scan completes, restart your computer to normal mode and check to see if things are better.
edit on 13-10-2011 by nineix because: (no reason given)
edit on 13-10-2011 by nineix because: (no reason given)
Download spybot s&d, ccleaner, hijackthis and avg free.
Stop using IE...Go to add/remove programs, sort by date installed-delete anything you installed or fishy things like "coupon printer", fake virus scanners, search bars, etc.
After that any bad stuff will still be in your C drive, take a look in program files and delete the folder of the program you removed from add/remove programs.
Start in safe mode if needed.
pm me I can walk you through, or run hijack this and send me the logfile/post it on here.
Stop using IE...Go to add/remove programs, sort by date installed-delete anything you installed or fishy things like "coupon printer", fake virus scanners, search bars, etc.
After that any bad stuff will still be in your C drive, take a look in program files and delete the folder of the program you removed from add/remove programs.
Start in safe mode if needed.
pm me I can walk you through, or run hijack this and send me the logfile/post it on here.
reply to post by MikeNice81
Remove the hard disk from your machine. Then find a friend with a clean machine and upto date virus checker. Add your disk into friends machine as a secondary disk (drive D if windows) then boot that machine and scan from the C drive.
This way any resident program cant hide from the virus checker.
Remove the hard disk from your machine. Then find a friend with a clean machine and upto date virus checker. Add your disk into friends machine as a secondary disk (drive D if windows) then boot that machine and scan from the C drive.
This way any resident program cant hide from the virus checker.
Whenever you run antivirus / antispyware on a Windows PC it is always best to reboot into Safe Mode before running the scan.
There are many places this virus could hide that most scanners would not detect.
The most effective (and annoying) method of removing this would be the format & reinstall.
I repair approx 200 computers per month, and have done so for the past several years - I've seen a lot of garbage.
From a time and security standpoint - reformatting is the way I usually go.
I've seen viruses like this that name themselves iexplore.exe but change the IE icon to point to themselves instead of the original location. They launch themselves, then launch the iexplore.exe file. You never mentioned if you enabled the show hidden files and show operating system files when you went through this process. Might want to check into that.
There are rootkits as well that will lurk in the bootsector of your HD (mbrcheck.exe can fix this, usually - google & download it), and others that will attach to system device drivers, such as the cdrom.sys driver. TDSSkiller is pretty good and will find some difficult stuff.
Another scanner to try would be superantispyware (.com) - they have a portable version that you can scan with and it seems to work fairly well too.
The most effective (and annoying) method of removing this would be the format & reinstall.
I repair approx 200 computers per month, and have done so for the past several years - I've seen a lot of garbage.
From a time and security standpoint - reformatting is the way I usually go.
I've seen viruses like this that name themselves iexplore.exe but change the IE icon to point to themselves instead of the original location. They launch themselves, then launch the iexplore.exe file. You never mentioned if you enabled the show hidden files and show operating system files when you went through this process. Might want to check into that.
There are rootkits as well that will lurk in the bootsector of your HD (mbrcheck.exe can fix this, usually - google & download it), and others that will attach to system device drivers, such as the cdrom.sys driver. TDSSkiller is pretty good and will find some difficult stuff.
Another scanner to try would be superantispyware (.com) - they have a portable version that you can scan with and it seems to work fairly well too.
I had the exact problem a while back. I found it by identifying a bogus .exe file that was spawning the extra ie sessions. Renamed the bogus .exe and
all was well.
Sorry I don't remember all the details but that was basically it.
Sorry I don't remember all the details but that was basically it.
reply to post by MikeNice81
Like previously stated before the best way to rid infections is running the scanners in "safemode"...
Believe it or not I find Microsoft's free virus software to be really descent software (which I thought it was about time they offered descent protection for their own open operating system). I've even brought computers back from the dead with it.... although their firewall could really use some revamping (I use Zone Alarm or Online Armor )
I usually hit up CNET.COM to download free programs.
Search for "Microsoft Securtiy Essentials"
other decent free software is "SuperAntiSpyware" & "Win Patrol" (and it seems you already know about IOBit, Malwarebytes)
If it persists you may need to reset your IE (start button / control panel / internet options / advanced / reset)
Like previously stated before the best way to rid infections is running the scanners in "safemode"...
Believe it or not I find Microsoft's free virus software to be really descent software (which I thought it was about time they offered descent protection for their own open operating system). I've even brought computers back from the dead with it.... although their firewall could really use some revamping (I use Zone Alarm or Online Armor )
I usually hit up CNET.COM to download free programs.
Search for "Microsoft Securtiy Essentials"
other decent free software is "SuperAntiSpyware" & "Win Patrol" (and it seems you already know about IOBit, Malwarebytes)
If it persists you may need to reset your IE (start button / control panel / internet options / advanced / reset)
I have tried everything on this thread. No dice. The virus is still there. I even had a friend in IT take a look. After six hours he could not find
it. He agrees that it is there. A reformat seems to be the only option.
Removal Procedure
This might help, their clean up procedures have not failed me yet on difficult infestations
This might help, their clean up procedures have not failed me yet on difficult infestations
I used t o get virus', but since I started using microsoft security essentials and just the firewall that comes with win 7, no virus.
First I would suggest to download security essentials and Temp File Cleaner from download.com
Go into safe mode and uninstall your current virus software then restart
Install security essentials and update
Go back to safe mode and before you scan make sure to go into folder options and show all hidden and protected windows files
Scan, remove virus and before you restart run the temp file cleaner
Dont use IE use firefox, chrome, or opera but, firefox is my choice. Get the addons addblock plus and no script.
First I would suggest to download security essentials and Temp File Cleaner from download.com
Go into safe mode and uninstall your current virus software then restart
Install security essentials and update
Go back to safe mode and before you scan make sure to go into folder options and show all hidden and protected windows files
Scan, remove virus and before you restart run the temp file cleaner
Dont use IE use firefox, chrome, or opera but, firefox is my choice. Get the addons addblock plus and no script.
Do you really have a virus or a problem with IE start-up.
Its possible you have two copies of IE working on top of each other.
The last time IE upgraded it did not completely delete all of the old copy that was up graded and parts of both are trying to run at the same time.
This would look like a virus but as there is no real virus or malware all the virus and malware checkers find nothing because nothing is there.( no Virus Signature)
i have over the years run into a few cases if this and most think they have a virus when the just have corrupt program.
You might try to defrag and if that does not work try reloading IE
Its possible you have two copies of IE working on top of each other.
The last time IE upgraded it did not completely delete all of the old copy that was up graded and parts of both are trying to run at the same time.
This would look like a virus but as there is no real virus or malware all the virus and malware checkers find nothing because nothing is there.( no Virus Signature)
i have over the years run into a few cases if this and most think they have a virus when the just have corrupt program.
You might try to defrag and if that does not work try reloading IE
reply to post by MikeNice81
Computer repairman here. Pay attention: A "Format" will not, repeat not, get rid of a virus, in fact, most virus are really a Trojan Horse. These will invade your computer, and create a new partition on your hard drive. All AVG, Symatec, or any of them can do is "quarantine" the virus, and keep the virus partition, usually a FAT 16, from accessing Windows. You can format until you are blue in the face, and when you reinstall, the virus is still there, waiting for you. Sorry, but the restore disc won't help you either, and you may even infect the restore CD.
You need to ERASE the hard drive, friend. Write all zeros to is, several times over in a random pattern. I highly recommend CopyWipe, or Darik's Boot And Nuke for this task. And remember, a full erase of a large drive, say a 250 GB, will take most of a day, or night, that is when I do erasing tasks. Both these are user friendly, even with a pretty bad virus just the default settings will wipe it away clean.
Then whip out your handy Linux CD/DVD.....ooops, I mean your Windows CD/DVD, and do a clean install. If you are installing Windows, take a hint and first thing you do is install Microsoft Security Essentials. Reboot, update it, and do a quick scan. You will have real time protection from then on. The link I gave is a good link. some links for this software come with a virus, sadly, Microsoft has made a lot of enemies. Sometimes you can get it via Windows Update.
The only thing keeping it in check is IObit Malware Fighter. If I start it before I start IE the second .exe doesn't show up. So, it is still rattling around in there somewhere. IMF is just helping to contain it. Does anybody have a suggestion besides reformatting?
Computer repairman here. Pay attention: A "Format" will not, repeat not, get rid of a virus, in fact, most virus are really a Trojan Horse. These will invade your computer, and create a new partition on your hard drive. All AVG, Symatec, or any of them can do is "quarantine" the virus, and keep the virus partition, usually a FAT 16, from accessing Windows. You can format until you are blue in the face, and when you reinstall, the virus is still there, waiting for you. Sorry, but the restore disc won't help you either, and you may even infect the restore CD.
You need to ERASE the hard drive, friend. Write all zeros to is, several times over in a random pattern. I highly recommend CopyWipe, or Darik's Boot And Nuke for this task. And remember, a full erase of a large drive, say a 250 GB, will take most of a day, or night, that is when I do erasing tasks. Both these are user friendly, even with a pretty bad virus just the default settings will wipe it away clean.
Then whip out your handy Linux CD/DVD.....ooops, I mean your Windows CD/DVD, and do a clean install. If you are installing Windows, take a hint and first thing you do is install Microsoft Security Essentials. Reboot, update it, and do a quick scan. You will have real time protection from then on. The link I gave is a good link. some links for this software come with a virus, sadly, Microsoft has made a lot of enemies. Sometimes you can get it via Windows Update.
Use google, and do a search for "ComboFix". Download the latest version from bleepingcomputer.com website. Once you've done that, run the program
on the laptop and tell it "ok" to any windows that pop up, and allow it to download .NET updates, etc if it asks. Then allow the program to fully
run. When it is done, it will ask to restart the machine, or may do so beforehand if it finds a rootkit. Once it runs and restarts, it will generate a
log telling you what it found and removed.
I've used this program countless times on similarly infected systems and it always fixes the problem.
After you've done that, run CCleaner and Malwarebytes (Full scan).
After this it should be gone and your machine back to normal.
I've used this program countless times on similarly infected systems and it always fixes the problem.
After you've done that, run CCleaner and Malwarebytes (Full scan).
After this it should be gone and your machine back to normal.
reply to post by imtheweasel
I wonder how many FAT 16 partitions are on your drive, friend? Download G-Parted iso, burn it to CD, and start on it. The program will clearly show all partitions on your drive. If you are running Windows, and I assume you are, then you should have but one.
I wonder how many FAT 16 partitions are on your drive, friend? Download G-Parted iso, burn it to CD, and start on it. The program will clearly show all partitions on your drive. If you are running Windows, and I assume you are, then you should have but one.
Originally posted by elevatedone
Search out and read up on Combofix.
I would recommend this method as well. Do not run in safe mode, run under regular windows. Best to download from another computer, put on flash drive, and run it. It will take a while. But, it's by far the best tool out.
Just recently found a GREAT pre-boot scanner application that incorporates something like 10 pre boot virus scanners plus other back-up/diagnostic
software.... it's called SARDU and uses ISO files (I used a free ISO burner to properly burn the ISO to CD). The great thing about preboot scanners
is that the virus/worm have no where to hide.
Anyway remembered you and thought I'd throw the info your way.... Been playing around with it for the last couple days. It may be a tad tricky for novice users, but i'm sure your IT friend can help you out if you have any questions
Anyway remembered you and thought I'd throw the info your way.... Been playing around with it for the last couple days. It may be a tad tricky for novice users, but i'm sure your IT friend can help you out if you have any questions
new topics
-
AI phrenology
Science & Technology: 6 hours ago -
4/27/24 New Jersey Earthquake
Fragile Earth: 11 hours ago
top topics
-
Canada caught red-handed manipulating live weather data and make it warmer
Fragile Earth: 17 hours ago, 16 flags -
4/27/24 New Jersey Earthquake
Fragile Earth: 11 hours ago, 8 flags -
I sleep no more.
Philosophy and Metaphysics: 17 hours ago, 6 flags -
CIA is alleged to be operat social media troll frms in Kyiv
ATS Skunk Works: 14 hours ago, 6 flags -
AI phrenology
Science & Technology: 6 hours ago, 3 flags -
Fun with extreme paints
Interesting Websites: 13 hours ago, 2 flags -
Rainbow : Stargazer
Music: 15 hours ago, 1 flags
active topics
-
Some hard numbers about the Vax and the effort to cover up said numbers
General Conspiracies • 84 • : annonentity -
Australian PM says the quiet part out loud - "free speech is a threat to democratic dicourse"...?!
New World Order • 12 • : BeTheGoddess2 -
Supreme Court Oral Arguments 4.25.2024 - Are PRESIDENTS IMMUNE From Later Being Prosecuted.
Above Politics • 122 • : Zanti Misfit -
The Mystery of Sodalitas Vulturis Volantis
ATS Skunk Works • 109 • : CitizenTame -
Definitive 9.11 Pentagon EVIDENCE.
9/11 Conspiracies • 436 • : Zanti Misfit -
Canada caught red-handed manipulating live weather data and make it warmer
Fragile Earth • 26 • : Macenroe82 -
FACT - There Was Indeed Wide-Spread Election Fraud in 2020 to Benefit JOE BIDEN.
Political Conspiracies • 207 • : WeMustCare -
Shocking Number of Voters are Open to Committing Election Fraud
US Political Madness • 15 • : WeMustCare -
University of Texas Instantly Shuts Down Anti Israel Protests
Education and Media • 382 • : CriticalStinker -
SHORT STORY WRITERS CONTEST -- April 2024 -- TIME -- TIME2024
Short Stories • 30 • : JJproductions