iexplore.exe virus

**mttomasovich** · 14.01.2010, 01:36

im having trouble getting rid of the iexplore.exe virus, ive found some other threads in various places trying to get rid of the virus and none of them have worked for me, my lasat suggestion was to download the kaspersky virus removal tool, which i did, and i ran the autoscan feature, but half way through each time it freezes up and i have wait for nearly an hour for it to come back with no success, so i guess ill ask you guysto gimme a hand in trying to get rid of the virus, the problem itself is in my task manager it is always running iexplore.exe even when i am not and it has seemed to block my malware and virus protection programs. and the methods i have tried from the internet have not picked it up

thank you for your time

i forgot to attach my log file, here it is

**Aleksandra** · 14.01.2010, 09:34

Execute this script in AVPTool:

Код:

begin
SetAVZPMStatus(True);
RebootWindows(true);
end.

Make a new log of AVPTool.

**mttomasovich** · 15.01.2010, 01:07

i did what you told me to now here is my new log

**Rene-gad** · 15.01.2010, 10:41

Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore

- Execute following script in Manual Cure

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
 QuarantineFile('C:\DOCUME~1\HANDSO~1\LOCALS~1\Temp\twunk_32x.exe','');
 QuarantineFile('\systemroot\system32\drivers\H8SRTwnnpyrdscn.sys','');
 DeleteFileMask('\systemroot\system32\drivers\','H8SRT*.sys',true);
 DeleteFileMask('C:\DOCUME~1\HANDSO~1\LOCALS~1\Temp\','*.*',true);
 RegKeyParamDel('HKEY_USERS','S-1-5-21-3764035220-1479113233-1939366156-1006\Software\Microsoft\Windows\CurrentVersion\Run','twunk_32x.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.

After reboot execute following script in Manual Cure

Код:

begin
CreateQurantineArchive('C:\quarantine.zip');
end.

and upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.

- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file of AVPTool.
- Make a log file with Hijackthis ( Analysis, p.3 for further informations).
- Make a log file with GMER ( read here for further informations).
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Attach 3 logs to your new post..

**mttomasovich** · 15.01.2010, 21:59

Hope this is what you needed

**Aleksandra** · 15.01.2010, 22:54

1. Please, disable System Restore and antivirus (if you have).
2. Execute this script in AVPTool:

Код:

begin
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory+'Quarantine', '*.*', true);
 DelBHO('{710EB7A1-45ED-11D0-924A-0020AFC7AC4D}');
 QuarantineFile('C:\WINDOWS\system32\gebyv.dll','');
 DeleteFile('C:\WINDOWS\system32\gebyv.dll');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebyv','DLLName');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteRepair(1);
BC_Activate;
RebootWindows(true);
end.

3. After reboot execute this script in AVPTool:

Код:

begin
 CreateQurantineArchive('C:\quarantine.zip');
end.

Upload file C:\quarantine.zip, by link http://virusinfo.info/upload_virus.php?tid=67150

4. Execute commands in Gmer:

Код:

8uxvwmjx.exe -del service H8SRTd.sys
8uxvwmjx.exe -del file "c:\windows\system32\drivers\H8SRTwnnpyrdscn.sys"
8uxvwmjx.exe -del file "c:\windows\system32\H8SRToxkaritmkj.dll"
8uxvwmjx.exe -del file "c:\windows\system32\H8SRTarunsofxon.dat"
8uxvwmjx.exe -del file "c:\windows\system32\H8SRTqolkbtghmj.dll"
8uxvwmjx.exe -del file "c:\windows\system32\H8SRTauulsqbqly.dll"
8uxvwmjx.exe -del file "c:\windows\system32\H8SRTvmrohkqfix.dll"
8uxvwmjx.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys"
8uxvwmjx.exe -del reg "HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys"
8uxvwmjx.exe -reboot

5. Fix in HijackThis:

O20 - Winlogon Notify: gebyv - C:\WINDOWS\system32\gebyv.dll (file missing)

6. Make new logs: avptool_sysinfo, hijackthis + gmer.

**mttomasovich** · 19.01.2010, 08:59

heres what you asked for, since ive been trying to fix this ive gotten a few fatal error blue screens now and i can only run in safe mode

**Aleksandra** · 19.01.2010, 10:01

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-15 13:53:46
Windows 5.1.2600 Service Pack 3
Running: 8uxvwmjx.exe; Driver: C:\DOCUME~1\HANDSO~1\LOCALS~1\Temp\ugldypow.sys

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-19 00:34:15
Windows 5.1.2600 Service Pack 3
Running: jlr69xws.exe; Driver: C:\DOCUME~1\HANDSO~1\LOCALS~1\Temp\ugldypow.sys

It's not correct. Make a full scan with Gmer.

**CyberHelper** · 20.01.2010, 10:01

Статистика проведенного лечения:

Получено карантинов: 2
Обработано файлов: 7
В ходе лечения обнаружены вредоносные программы:
1. c:\windows\system32\drivers\h8srtwnnpyrdscn.sys - Packed.Win32.TDSS.aa

iexplore.exe virus

Опции темы

Итог лечения

Похожие темы

Kaspersky Anti-Virus: forbidden incoming virus Trojan-Downloader.BAT.Small.aq

Virus removal tool does not eliminate identified virus (заявка №41545)

Virus Removal Tool Failed to remove Virus (заявка №38037)

Постоянное сообщение Your system is infected with dangerous virus! и ошибки Iexplore после запуска Internet Explorer

Kaspersky internet security won't update and virus won't disappear despite running AVZ virus removal tool as instructed

Ваши права в разделе