applehebi

I don't know where else to ask, but suddenly I got this box appearing on my
screen with "applehebi" on it! I rebooted my vista desktop and now it shows
"blocked start up programs".
I never installed any applehebi and I cannot indicate that I want to remove
it from the start up.
this is what is shows in the description:
applehebi

File Name: explore.exe
Display Name: applehebi
Description: Not Available
Publisher: applehebi Install
Digitally Signed By: NOT SIGNED
File Type: Application
Startup Value: C:\Windows\system32\explore.exe
File Path: C:\Windows\system32\explore.exe
File Size: 61440
File Version: 1.00
Date Installed: 07/11/2008 12:27:54 PM
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Run
Classification: Not yet classified
Ships with Operating System: No
SpyNet Voting: In Progress

What it is??

"Veronika" <> wrote in message
news:...
>I don't know where else to ask, but suddenly I got this box appearing on my
>screen with "applehebi" on it! I rebooted my vista desktop and now it shows
>"blocked start up programs".
> I never installed any applehebi and I cannot indicate that I want to
> remove it from the start up.
> this is what is shows in the description:
> applehebi
>
> File Name: explore.exe
> Display Name: applehebi
> Description: Not Available
> Publisher: applehebi Install
> Digitally Signed By: NOT SIGNED
> File Type: Application
> Startup Value: C:\Windows\system32\explore.exe
> File Path: C:\Windows\system32\explore.exe
> File Size: 61440
> File Version: 1.00
> Date Installed: 07/11/2008 12:27:54 PM
> Startup Type: Registry: Local Machine
> Location: Software\Microsoft\Windows\CurrentVersion\Run
> Classification: Not yet classified
> Ships with Operating System: No
> SpyNet Voting: In Progress
>
> What it is??

Looks like you downloaded something you shouldn't have. Possibly a corrupt
copy of winrar?

From another web site - I cannot vouch for its authenticity so before
deleting anything, wait for others to chime in. But you can run spybot and
an antivirus.

>It's a trojan. First uninstall and delete this version of WinRAR from your
>system, it is a hacked copy. To remove the virus, any good spyware detector
>should identify and offer to fix it for you, but the basic steps are as
>follows:

You need to delete the following file from your system:

C:\Windows\System32\Explore.exe

Note the trojan has also probably added a registry entry to instruct Windows
to run Explore.exe at startup. You need to delete the "explore" entry from:

HKLM\Software\Microsoft\Windows\Curren...

Your Hosts file is probably also modified so that any attempt to view
several well known sites (google, facebook, etc) redirects to a download
page. Search for and download a program named "HijackThis" to detect and fix
issues such as this.

It's not hard to remove this annoyance from your machine, and there is lots
of information available on the web. Good luck.<<

As previous poster said, get rid of it.
Install, update and scan with the 2 programs listed below.
Scan in Safe Mode, if necessary.

http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

http://www.malwarebytes.org/mbam.php

Malwarebytes is as the name says, a Malware Remover!
For the Free version scroll down their page to either download from
Download.com, or Major Geeks.com

Download, install, and update.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D
while in Safe Mode.

--
Mad Mike


"Veronika" wrote:

> I don't know where else to ask, but suddenly I got this box appearing on my
> screen with "applehebi" on it! I rebooted my vista desktop and now it shows
> "blocked start up programs".
> I never installed any applehebi and I cannot indicate that I want to remove
> it from the start up.
> this is what is shows in the description:
> applehebi
>
> File Name: explore.exe
> Display Name: applehebi
> Description: Not Available
> Publisher: applehebi Install
> Digitally Signed By: NOT SIGNED
> File Type: Application
> Startup Value: C:\Windows\system32\explore.exe
> File Path: C:\Windows\system32\explore.exe
> File Size: 61440
> File Version: 1.00
> Date Installed: 07/11/2008 12:27:54 PM
> Startup Type: Registry: Local Machine
> Location: Software\Microsoft\Windows\CurrentVersion\Run
> Classification: Not yet classified
> Ships with Operating System: No
> SpyNet Voting: In Progress
>
> What it is??
>
>

I cannot find HKLM

where do I look?
Tx

"its_my_dime" <> wrote in message
news:u0x$...
>
> "Veronika" <> wrote in message
> news:...
>>I don't know where else to ask, but suddenly I got this box appearing on
>>my screen with "applehebi" on it! I rebooted my vista desktop and now it
>>shows "blocked start up programs".
>> I never installed any applehebi and I cannot indicate that I want to
>> remove it from the start up.
>> this is what is shows in the description:
>> applehebi
>>
>> File Name: explore.exe
>> Display Name: applehebi
>> Description: Not Available
>> Publisher: applehebi Install
>> Digitally Signed By: NOT SIGNED
>> File Type: Application
>> Startup Value: C:\Windows\system32\explore.exe
>> File Path: C:\Windows\system32\explore.exe
>> File Size: 61440
>> File Version: 1.00
>> Date Installed: 07/11/2008 12:27:54 PM
>> Startup Type: Registry: Local Machine
>> Location: Software\Microsoft\Windows\CurrentVersion\Run
>> Classification: Not yet classified
>> Ships with Operating System: No
>> SpyNet Voting: In Progress
>>
>> What it is??
>
> Looks like you downloaded something you shouldn't have. Possibly a
> corrupt copy of winrar?
>
> From another web site - I cannot vouch for its authenticity so before
> deleting anything, wait for others to chime in. But you can run spybot
> and an antivirus.
>
>>It's a trojan. First uninstall and delete this version of WinRAR from your
>>system, it is a hacked copy. To remove the virus, any good spyware
>>detector should identify and offer to fix it for you, but the basic steps
>>are as follows:
>
> You need to delete the following file from your system:
>
> C:\Windows\System32\Explore.exe
>
> Note the trojan has also probably added a registry entry to instruct
> Windows to run Explore.exe at startup. You need to delete the "explore"
> entry from:
>
> HKLM\Software\Microsoft\Windows\Curren...
>
> Your Hosts file is probably also modified so that any attempt to view
> several well known sites (google, facebook, etc) redirects to a download
> page. Search for and download a program named "HijackThis" to detect and
> fix issues such as this.
>
> It's not hard to remove this annoyance from your machine, and there is
> lots of information available on the web. Good luck.<<
>

"Veronika" <> wrote in message
news:%23dT$...
>I cannot find HKLM
>
> where do I look?
> Tx
>
> "its_my_dime" <> wrote in message
> news:u0x$...
>>
>> "Veronika" <> wrote in message
>> news:...
>>>I don't know where else to ask, but suddenly I got this box appearing on
>>>my screen with "applehebi" on it! I rebooted my vista desktop and now it
>>>shows "blocked start up programs".
>>> I never installed any applehebi and I cannot indicate that I want to
>>> remove it from the start up.
>>> this is what is shows in the description:
>>> applehebi
>>>
>>> File Name: explore.exe
>>> Display Name: applehebi
>>> Description: Not Available
>>> Publisher: applehebi Install
>>> Digitally Signed By: NOT SIGNED
>>> File Type: Application
>>> Startup Value: C:\Windows\system32\explore.exe
>>> File Path: C:\Windows\system32\explore.exe
>>> File Size: 61440
>>> File Version: 1.00
>>> Date Installed: 07/11/2008 12:27:54 PM
>>> Startup Type: Registry: Local Machine
>>> Location: Software\Microsoft\Windows\CurrentVersion\Run
>>> Classification: Not yet classified
>>> Ships with Operating System: No
>>> SpyNet Voting: In Progress
>>>
>>> What it is??
>>
>> Looks like you downloaded something you shouldn't have. Possibly a
>> corrupt copy of winrar?
>>
>> From another web site - I cannot vouch for its authenticity so before
>> deleting anything, wait for others to chime in. But you can run spybot
>> and an antivirus.
>>
>>>It's a trojan. First uninstall and delete this version of WinRAR from
>>>your system, it is a hacked copy. To remove the virus, any good spyware
>>>detector should identify and offer to fix it for you, but the basic steps
>>>are as follows:
>>
>> You need to delete the following file from your system:
>>
>> C:\Windows\System32\Explore.exe
>>
>> Note the trojan has also probably added a registry entry to instruct
>> Windows to run Explore.exe at startup. You need to delete the "explore"
>> entry from:
>>
>> HKLM\Software\Microsoft\Windows\Curren...
>>
>> Your Hosts file is probably also modified so that any attempt to view
>> several well known sites (google, facebook, etc) redirects to a download
>> page. Search for and download a program named "HijackThis" to detect and
>> fix issues such as this.
>>
>> It's not hard to remove this annoyance from your machine, and there is
>> lots of information available on the web. Good luck.<<
>>

It is a registry entry. Probably better that you don't deal with it if you
aren't used to registry editing.

Follow Mike Murphy's advice below. It will produce the same result.

--
lucky me I guess


"Veronika" wrote:

> I don't know where else to ask, but suddenly I got this box appearing on my
> screen with "applehebi" on it! I rebooted my vista desktop and now it shows
> "blocked start up programs".
> I never installed any applehebi and I cannot indicate that I want to remove
> it from the start up.
> this is what is shows in the description:
> applehebi
>
> File Name: explore.exe
> Display Name: applehebi
> Description: Not Available
> Publisher: applehebi Install
> Digitally Signed By: NOT SIGNED
> File Type: Application
> Startup Value: C:\Windows\system32\explore.exe
> File Path: C:\Windows\system32\explore.exe
> File Size: 61440
> File Version: 1.00
> Date Installed: 07/11/2008 12:27:54 PM
> Startup Type: Registry: Local Machine
> Location: Software\Microsoft\Windows\CurrentVersion\Run
> Classification: Not yet classified
> Ships with Operating System: No
> SpyNet Voting: In Progress
>
> What it is??
>
>
hi
I have had a Trojen my self, its gone now.
Spybot to complicated for me.
I used Malwarebytes it worked, as mention below it was in Registry.
and run in Safe Mode
When uninstalling from Programs and Features using the build in Uninstaller
it only removes the Stuff from there, leaving Registry Entry's and other
crap in your computer.
I use " Revo Uninstaller Free " you can also use it to find Registry Entrys
so you can delete them and find other useless crap.
System Restore is my good friend, so be for starting and when finish
I make a Restore Point, in the Event I do a System Restore and go back to
this time, all the crap comes back.
I am NO Expert, so read what others put here first

Well just just completed this:


--Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
--Download, install, update, and immunize your System with it.
--Then SCAN with it.
--Update it, and scan your System once a fortnight.

it removed some malware, but when I rebooted the system, my IE home page was
directed to:
http://www.google.com/
and the following message:
(this is top from view source:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from
url=(0047)http://privacy.microsoft.com/en-us/default.mspx -->
<HTML dir=ltr><HEAD><TITLE> Microsoft Security Center</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content=en-us name=MS.LOCALE>
<META content=MNP2.GenericNav name=search.mnp.template><LINK
href="microsoft_files/templatecss.css" type=text/css rel=Stylesheet>
)
Microsoft Security Center




Alert : Your computer have been attacked by spyware or viruses!



Please download AntiSpyware to fix.



Download AntiSpyware Now





So did I get rid of everything??










"silver hair" <> wrote in message
news:BFC0D7E2-5210-4764-87C7-...
>
> --
> lucky me I guess
>
>
> "Veronika" wrote:
>
>> I don't know where else to ask, but suddenly I got this box appearing on
>> my
>> screen with "applehebi" on it! I rebooted my vista desktop and now it
>> shows
>> "blocked start up programs".
>> I never installed any applehebi and I cannot indicate that I want to
>> remove
>> it from the start up.
>> this is what is shows in the description:
>> applehebi
>>
>> File Name: explore.exe
>> Display Name: applehebi
>> Description: Not Available
>> Publisher: applehebi Install
>> Digitally Signed By: NOT SIGNED
>> File Type: Application
>> Startup Value: C:\Windows\system32\explore.exe
>> File Path: C:\Windows\system32\explore.exe
>> File Size: 61440
>> File Version: 1.00
>> Date Installed: 07/11/2008 12:27:54 PM
>> Startup Type: Registry: Local Machine
>> Location: Software\Microsoft\Windows\CurrentVersion\Run
>> Classification: Not yet classified
>> Ships with Operating System: No
>> SpyNet Voting: In Progress
>>
>> What it is??
>>
>>
> hi
> I have had a Trojen my self, its gone now.
> Spybot to complicated for me.
> I used Malwarebytes it worked, as mention below it was in Registry.
> and run in Safe Mode
> When uninstalling from Programs and Features using the build in
> Uninstaller
> it only removes the Stuff from there, leaving Registry Entry's and other
> crap in your computer.
> I use " Revo Uninstaller Free " you can also use it to find Registry
> Entrys
> so you can delete them and find other useless crap.
> System Restore is my good friend, so be for starting and when finish
> I make a Restore Point, in the Event I do a System Restore and go back to
> this time, all the crap comes back.
> I am NO Expert, so read what others put here first
>
>
>
>
>
>
>
>

You have the GRAYBIRD.G virus. Stop everything and remove it with malwarebyte

www.malwarebyte.org


--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"Veronika" <> wrote in message news:...
>I don't know where else to ask, but suddenly I got this box appearing on my
> screen with "applehebi" on it! I rebooted my vista desktop and now it shows
> "blocked start up programs".
> I never installed any applehebi and I cannot indicate that I want to remove
> it from the start up.
> this is what is shows in the description:
> applehebi
>
> File Name: explore.exe
> Display Name: applehebi
> Description: Not Available
> Publisher: applehebi Install
> Digitally Signed By: NOT SIGNED
> File Type: Application
> Startup Value: C:\Windows\system32\explore.exe
> File Path: C:\Windows\system32\explore.exe
> File Size: 61440
> File Version: 1.00
> Date Installed: 07/11/2008 12:27:54 PM
> Startup Type: Registry: Local Machine
> Location: Software\Microsoft\Windows\CurrentVersion\Run
> Classification: Not yet classified
> Ships with Operating System: No
> SpyNet Voting: In Progress
>
> What it is??
>

No you did not. Do as I posted and download malwarebytes and run it in safe mode.

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"Veronika" <> wrote in message news:...
> Well just just completed this:
>
>
> --Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
> --Download, install, update, and immunize your System with it.
> --Then SCAN with it.
> --Update it, and scan your System once a fortnight.
>
> it removed some malware, but when I rebooted the system, my IE home page was
> directed to:
> http://www.google.com/
> and the following message:
> (this is top from view source:
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <!-- saved from
> url=(0047)http://privacy.microsoft.com/en-us/default.mspx -->
> <HTML dir=ltr><HEAD><TITLE> Microsoft Security Center</TITLE>
> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
> <META content=en-us name=MS.LOCALE>
> <META content=MNP2.GenericNav name=search.mnp.template><LINK
> href="microsoft_files/templatecss.css" type=text/css rel=Stylesheet>
> )
> Microsoft Security Center
>
>
>
>
> Alert : Your computer have been attacked by spyware or viruses!
>
>
>
> Please download AntiSpyware to fix.
>
>
>
> Download AntiSpyware Now
>
>
>
>
>
> So did I get rid of everything??
>
>
>
>
>
>
>
>
>
>
> "silver hair" <> wrote in message
> news:BFC0D7E2-5210-4764-87C7-...
>>
>> --
>> lucky me I guess
>>
>>
>> "Veronika" wrote:
>>
>>> I don't know where else to ask, but suddenly I got this box appearing on
>>> my
>>> screen with "applehebi" on it! I rebooted my vista desktop and now it
>>> shows
>>> "blocked start up programs".
>>> I never installed any applehebi and I cannot indicate that I want to
>>> remove
>>> it from the start up.
>>> this is what is shows in the description:
>>> applehebi
>>>
>>> File Name: explore.exe
>>> Display Name: applehebi
>>> Description: Not Available
>>> Publisher: applehebi Install
>>> Digitally Signed By: NOT SIGNED
>>> File Type: Application
>>> Startup Value: C:\Windows\system32\explore.exe
>>> File Path: C:\Windows\system32\explore.exe
>>> File Size: 61440
>>> File Version: 1.00
>>> Date Installed: 07/11/2008 12:27:54 PM
>>> Startup Type: Registry: Local Machine
>>> Location: Software\Microsoft\Windows\CurrentVersion\Run
>>> Classification: Not yet classified
>>> Ships with Operating System: No
>>> SpyNet Voting: In Progress
>>>
>>> What it is??
>>>
>>>
>> hi
>> I have had a Trojen my self, its gone now.
>> Spybot to complicated for me.
>> I used Malwarebytes it worked, as mention below it was in Registry.
>> and run in Safe Mode
>> When uninstalling from Programs and Features using the build in
>> Uninstaller
>> it only removes the Stuff from there, leaving Registry Entry's and other
>> crap in your computer.
>> I use " Revo Uninstaller Free " you can also use it to find Registry
>> Entrys
>> so you can delete them and find other useless crap.
>> System Restore is my good friend, so be for starting and when finish
>> I make a Restore Point, in the Event I do a System Restore and go back to
>> this time, all the crap comes back.
>> I am NO Expert, so read what others put here first
>>
>>
>>
>>
>>
>>
>>
>>
>

I completed the malwarebytes, all seems fine now.
thanks you all!

"Peter Foldes" <> wrote in message
news:...
No you did not. Do as I posted and download malwarebytes and run it in safe
mode.

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"Veronika" <> wrote in message
news:...
> Well just just completed this:
>
>
> --Spybot Search & Destroy 1.6 is a very good, FREE Anti-Spyware Program.
> --Download, install, update, and immunize your System with it.
> --Then SCAN with it.
> --Update it, and scan your System once a fortnight.
>
> it removed some malware, but when I rebooted the system, my IE home page
> was
> directed to:
> http://www.google.com/

>>
>>
>>
>>
>>
>>
>>
>