Trojan-gen in iexplorer.exe
WIN32: Trojan-gen.{UPX!}
Im helping someone, probaly to late to get you involved in it but
for my information how would you suggest replacing the exe ?
Acast makes a snapshot if i remember correcty of system files, could it have been used to replace iexplorer.exe ?
apparently the real one
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Trend (online) says its
TROJ GEMA.A
CA’s online see nothing
later RAV Online was used and it see’s
C:\Program Files\Internet Explorer\iexplorer.exe -
TrojanDownloader:Win32/Crypter → Infected
Hihackthis has been ran >>
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
all thats visible was (I think)
O4 - HKLM..\Run: [Imagemgt32] c:\winnt\system32\imagemgt32.exe
we fixed it but when looking for it to delete it didnt exist.
Post is here if you care to look http://www.windowsbbs.com/showthread.php?t=31539
If VRDB was generated prior the infection, then IEXPLORE.EXE could be repaired by clicking repair on the Avast detection dialog.
If not, then you might want to try generic cleaning.
I don’t have experience with this trojan but I guess peeps from the virus and worms subforum could help on on this.
Real Internet Explorer executable is named IEXPLORE.EXE
Notice that extra “R” letter? Its a very nasty trick wich is widely used in these days,especially for spyware files. Thats why he cannot repair it. Just delete it since its classified as trojan which is not a file infector.
It may be hiding in system restore (_restore file in XP), but this is ‘Last Good Configuration’ or something in win2000.
You will have to find a way to disable that (I don’t use win200, so no help there), scan with avast and or remove iexplorer.exe. reboot, scan and confirm clean and enable last good configuration.
The trojan might have reinstalled itself with another startup item.
Check for computer for spyware then try deleting this file from your computer.
If the file is in the _restore folder as DavidR mentioned, you will have to disable your System Restore feature before you could delete the file properly.