I have avast home edition and it keeps alerting me about IEXPLORE.exe virus like every 2 minutes. What is worse is that it messed up my internet connection. A lot of the times i cannot access the internet and when i can it redirects pages to 64.111.211.158. Or it will redirect to some other pages i completely did not want. I think this post might be similar:
Also I would like to mention that it made all my documents hidden.
Things I tried:
system restore
boot scan of avast anti virus
safe mode scan of avast anti virus
safe mode spy bot search and destroy
safe mode smitfraudfix
safe mode malwarebytes anti-malware
All of these tools found stuff which i deleted but end result did not change it still persists with that annoying popup every few minutes and all the behvaiours i described above still happen!
Things i wanted to try but could not:
system recovery (no option at boot time)
format by right click on c drive but keep getting message: “Windows cannot format this drive. Quit any disk utilities or other programs that are using this drive and make sure that no window is displaying the contents of the drive. Then try formatting again.”
re-install xp but i don’t have the CD since windows xp came with the computer installed already
System specs:
windows xp professional service pack 3
Acer computer
intel core 2 duo cpu @ 3.06 GHz
2.99 GB of RAM
Edit: sorry i posted in wrong section! I hardly got to this forum from all the redirects. please move. Thanks!
Edit 2: I ran combofix and attached log. The problem still did not go away after running combofix. I still see the popup IEXPLORE. After combofix avast does not seem to appear in system tray everytime i boot up computer like it did before but i do think its still running in the background from checking the processes running.
Hi could you give a screenshot of the Avast alert please
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.
[*]Close ALL OTHER PROGRAMS.
[*]Double-click on OTS.exe to start the program.
[*]Check the box that says Scan All Users
[*]Under Additional Scans check the following:
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
I couldn’t upload the file from the infected computer. Kept stopping after few percent. I saved the log file on external HD and uploaded on another computer. Hopefully I can’t infect the other computer doing that?
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Files/Folders - Created Within 30 Days]
NY -> dD04201OlMmG04201 -> C:\Documents and Settings\All Users\Application Data\dD04201OlMmG04201
[Files/Folders - Modified Within 30 Days]
NY -> D952.378 -> C:\Documents and Settings\Alexander\Application Data\D952.378
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
[*]Download TDSSKiller and save it to your Desktop.
[*]Extract its contents to your desktop.
[*]Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
[*]If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
[*]If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of “TDSSKiller.[Version][Date][Time]_log.txt”. Please copy and paste the contents of that file here.
essexboy i can’t seem to launch this program. I double click and nothing happens on the infected computer. I tried to launch it in safe mode and still can’t launch it
DownloadMBRCheck.exe to your Desktop. Run the application.
If no infection is found, it will produce a report on the desktop. Post that report in your next reply.
If an infection is found, you will be presented with the following dialog:
[QUOTE]Enter ‘Y’ and hit ENTER for more options, or ‘N’ to exit:
[/quote]
Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
[QUOTE]Found non-standard or infected MBR.
Enter ‘Y’ and hit ENTER for more options, or ‘N’ to exit:
[/quote]
Enter Y and press Enter.
The following dialog will be presented:
[QUOTE]Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
[/quote]
Enter 2 and press Enter
The following dialog will be presented:
[QUOTE]Enter the physical disk number to fix (0-99, -1 to cancel):
[/quote]
Enter >>0<< and press Enter
The following dialog will be presented:
Enter >>1<< and press Enter
The following dialog will be presented:
[QUOTE]Do you want to fix the MBR code? Type ‘YES’ and hit ENTER to continue:
[/quote]
Type YES and press Enter (Must type the full word, YES). You will be inform if successfully wrote a new MBR code!
And last the following dialog will be presented:
[QUOTE]Done! Press ENTER to exit…
[/quote]
Press Enter. A report will be produced on the desktop. Post that report in your next reply.
