Malware Win32:Trojan-gen iedeinstal.exe

Hi,

I’m using Avast!'s free edition, windows 7 ultimate.

Not sure why but I’ve suddenly got a string of Avast notifications which hits about 50 before pausing and restarting.

Pop-up says malware blocked.
Object: C:\Users\Joey\AppData\Roaming\Internet Explorer\iedeinstal.exe
Infection: Win32:Trojan-gen
Process: C:\Windows\SysWOW64\explorer.exe

I’ve googled iedeinstal but nothing appears so it might be a random file name. I can access the roaming folder but can’t see the folder Internet Explorer.

Please help! Thanks in advance :smiley:

Submit those files to JOTTI and let us know the result please.

Google gives no result for iedeinstal.exe
Are you sure you spelled it corect?

explorer.exe can be either windows explorer or malware.
So please use Jotti and tell us.

1st check if system restore works or not
if system restore works then restore ur pc to back date
then all virus wil be vanish

otherwise
u do one thing
check untrusted process which is running
for that go to msconfig->boot & msconfig->startup

or in regedit check in HKLM/software/microsoft/windows/currentversion/run
& also in
HKCU/software/microsoft/windows/currentversion/run
if untrusted process is running just delete it
& restart ur pc

sometimes this virus adds following entry in registry:-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components{6778F1EE-80BB-4F27-BC69-F91B843782CD}
check out this
ok & inform me if not done then we wil test new technique for removal

Hi thanks for the replies, sorry for the delayed response.

I Googled iedeinstal.exe myself with no results, I’m sure it’s spelled correctly.

I used Jotti for explorer.exe, no malware was found. However I can’t actually find the file iedeinstal.exe

I have checked the registry and that entry wasn’t found.

The problem appears to have gone away after restarting, the string of pop-ups was probably triggered by something I did. As nothing has happened since, I’m not sure checking anything now will be useful in determining the cause.

If it occurs again, I will refer back to this thread and update accordingly.

Thank you!

Glad to hear it is solved. Take care. And if there is anything…
You know where we are :slight_smile: