February 13th, 2004, 02:07 PM
I don't have iexplore.exe in my task manager. I have explorer.exe, but then I also don't use IE as a browser.
I found this when searching for muliple iexplore.exe in task manager. as to be the likely cause. This came from here
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
February 13th, 2004, 02:55 PM
"explorer.exe" is windows explorer and is normal.
"iexplore.exe" is Internet Explorer and you will get one running for each instance of IE you have opened. That is actually clicking on the icon to run the program again, NOT opening something in a new page or window.
So, if you lgin and go on the net for a while and find that you have more than one iexplore.exe running, it means that you are infected.
As your problem is probably a trojan I would suggest that you get a trial of Moosoft's "The Cleaner".
AVs are not very good at detecting trojans
February 13th, 2004, 03:04 PM
I have managed to gather all the possible screen shots. I am uploading them in a zipped file. I have also found some strange processes when i looked more carefully, I have encircled them in the images, I am uploading. Moreover I also did netstat on ma PC and found some IP's, even when I was not doing something(no browsing/IM)Please have a look on them...
February 13th, 2004, 03:22 PM
1. Do you realise that you have a keylogger installed?
3. Some of the other stuff looks very suspect? I will have a look at it later today.....have to go to a meeting right now.
Perhaps some of the other members can help, if they recognise the items?
February 13th, 2004, 06:02 PM
yes Nihil, I do realise that I have installed a keylogger, and that is for montioring my PC when I am away. Kazaa is something that is I use for experiments, like looking for ways to tunnel its traffic with HTTP traffic but it nerver got connected neither I found some good tutorial or helping material that could help to make me understand that how can I tunnel Kazaa's traffic with HTTP traffic so that it look legitmate traffic to the firewall,but I never got connected to Kazaa(as my ISP has banned almost every p2p application for saving their bandwidth)
And do look at the netstat screen shot.
February 13th, 2004, 06:10 PM
and now its "explorer.exe" is hogging the CPY with 95% usage...and I believe its not a virus..and I couldnt access the defrag menu..when I try to access the menu, the computer gets stuck....
February 13th, 2004, 06:25 PM
There is another discussion about this problem going on here, now I didn't read through the whole thread, but there are a few posts with some advise on how you may cure this problem.
February 14th, 2004, 09:15 AM
did almost evrything..looked into microsoft knowledge base, googled it every where...ran AV with latest updates, ran anti trojan, registry-mechanics, but the problem is still there, as I searched it on google and alots of people are having these kinda problems with CPU hog...
this thread is dying
February 14th, 2004, 10:08 AM
1. Update Spybot S&D
2. Get AdAware & update it.
3. Update your AV
4. Boot into safe mode and run 1,2, & 3.
5. Empty your IE temporary files and history.
6. Defrag your HDD in safe mode.
7. Open your "Hosts" file in a text editor and delete all the stuff you do not recognise that you want..............mjxads is one to get rid of for example
8. Get rid of Kazaa
9. Run a couple of online scans like PcCillin (Trend Microsystems) and Panda
10. Get CW Shredder and run that.
11. Edit your startup file and only run things you really need............like you don't need a keylogger when you are on your machine? "BadBlue" ?????...........just start stuff when YOU need it, not when you boot up.............you avoid conflicts and memory leaks that way.
12. Update your video and soundcard drivers. ( trust me)
If that doesn't fix it try running Windows repair from your CD.
If that doesn't work try re-installing Windows and re-applying all the MS patches.
I do not know what uo428 is..........find the executable and rename it uo428.txt, then watch for error messages on boot-up. fhesrv32.exe is your folder hiding software (AB Hide Folder)
I could not resolve the DNS on most of those IPs, but I think that clearing the Hosts file will resolve that.
It might help if you posted a HijackThis log after step 10.