can't kill iexplore even in safe mode

In safe mode, IEXPLORE loads, unloads, loads about once per second. All
scans via online checks have found nothing.

Have stopped all non-essential services and have nothing else loading at
startup, nothing running. Have examined all of the registry and threads,
using autoruns and procexp via tools obtained from MS - can't find anything
suspicious. Tools are supposed to stop processes, but UNABLE to stop
IEXPLORE.EXE

Tried downloading new IE, every time install begins, computer reboots.

Is there anything short of low-level format to fixed this darned thing?
(buying a Mac, perhaps?)

From: "slswyoming" <>

| In safe mode, IEXPLORE loads, unloads, loads about once per second. All
| scans via online checks have found nothing.
|
| Have stopped all non-essential services and have nothing else loading at
| startup, nothing running. Have examined all of the registry and threads,
| using autoruns and procexp via tools obtained from MS - can't find anything
| suspicious. Tools are supposed to stop processes, but UNABLE to stop
| IEXPLORE.EXE
|
| Tried downloading new IE, every time install begins, computer reboots.
|
| Is there anything short of low-level format to fixed this darned thing?
| (buying a Mac, perhaps?)


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Thanks so much for your help, David. I sure wish I could take your
suggestion!!

After getting sp2 installed, winupdate said it had more updates to install,
one being critical update to IE6, so I told it to go ahead and install. Now
all the computer does is reboot continuously, even in safe mode. Whatever
this is, it's not going to allow anything, even the operating system, to kill
it.

Just a warning to everyone:
I clean nasties from computers for a living, every day. This is the worst
I've ever found, a total failure for me! Computer belongs to my boss's wife,
and she bought it without an operating system CD. Someone else may have
worked on it before me. Her complaint was unexpected reboots.

I suspect the trojan that caused this was dated October 21. I personally
examined all files on root, windows, sys32, & sys, and in "local settings",
cleaned up history, recent, all temp folder and disabled system restore so
they wouldn't come back; and also the registry, for anything that didn't
belong. A couple of files remained suspect, but a search of the internet
found nothing at all.

The computer had running, at the time of infection, Avast Antivirus
(damaged), SpyBot Search & Destroy, Microsoft Antispyware, AdAware SE
Personal, and Ultimate Cleaner. I uninstalled them all and removed them from
registry. At that point the computer was fine, booting really fast, except
for this bogus iexplore.exe running. Behavior was normal, but I knew it was
still infected.

I ran exhaustive searches through the interent for any description of the
behavior of iexplore loading/unloading in safe mode, and several other
descriptions of the problem, and could find nothing.

Once I get a system disk, will try to run repair, but I don't have much hope
for this installation. Looks like a lowlevel format in order.

Cheers

"David H. Lipman" wrote:

> From: "slswyoming" <>
>
> | In safe mode, IEXPLORE loads, unloads, loads about once per second. All
> | scans via online checks have found nothing.
> |
> | Have stopped all non-essential services and have nothing else loading at
> | startup, nothing running. Have examined all of the registry and threads,
> | using autoruns and procexp via tools obtained from MS - can't find anything
> | suspicious. Tools are supposed to stop processes, but UNABLE to stop
> | IEXPLORE.EXE
> |
> | Tried downloading new IE, every time install begins, computer reboots.
> |
> | Is there anything short of low-level format to fixed this darned thing?
> | (buying a Mac, perhaps?)
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in Normal Mode.
> This way all the components can be downloaded from each AV vendor's web site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files or you can
> download the files and perform a scan in Normal Mode. Once you have downloaded the files
> needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
> file. http://www.ik-cs.com/multi-av.htm
>
> Additional Instructions:
> http://pcdid.com/Multi_AV.htm
>
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

From: "slswyoming" <>

| Thanks so much for your help, David. I sure wish I could take your
| suggestion!!
|


Why not ??

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Why not? As I mentioned, the computer now won't stop rebooting, even in safe
mode, it just won't finish booting at all.

"David H. Lipman" wrote:

> From: "slswyoming" <>
>
> | Thanks so much for your help, David. I sure wish I could take your
> | suggestion!!
> |
>
>
> Why not ??
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

From: "slswyoming" <>

| Why not? As I mentioned, the computer now won't stop rebooting, even in safe
| mode, it just won't finish booting at all.
|

I want to ascertain this 'reboot' issue.

One moment you state "Tried downloading new IE, every time install begins, computer reboots.
"

{ If there is an issue, installuing the NEW version could indeed complicate and not correct
the problem }

The other time you indicated "Her complaint was unexpected reboots."

Unexpected reboots are indicative of a hardware problem. RAM, CPU, CPU FAN, etc.

Have you even tried downloading, installing, updating and thusly scanning with the Mult-AV
Scanning Tool ?



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

"David H. Lipman" wrote:

> From: "slswyoming" <>
>
> | Why not? As I mentioned, the computer now won't stop rebooting, even in safe
> | mode, it just won't finish booting at all.
> |
>
> I want to ascertain this 'reboot' issue.
>
> One moment you state "Tried downloading new IE, every time install begins, computer reboots.
> "
>
> { If there is an issue, installuing the NEW version could indeed complicate and not correct
> the problem }
>
> The other time you indicated "Her complaint was unexpected reboots."
>
> Unexpected reboots are indicative of a hardware problem. RAM, CPU, CPU FAN, etc.
>
> Have you even tried downloading, installing, updating and thusly scanning with the Mult-AV
> Scanning Tool ?
>
>
>
What was true on 22nd was not true on 23rd. From when I wrote first
message, more was done - too long a list to type in here. Now the computer
will get so far loading the operating system and reboot. In safe mode, too.
Can't use the keyboard or do anything, it just continuously reboots.

It is definitely not hardware. For one thing, there were error logs that
prove the problem wasn't hardware. And, the iexplore loaded when one hasn't
OPENED internet explorer, even in SAFE MODE, and unable to be "killed" with
Process Explorer or other tools, is definitely the problem. Something has
control of the boot process, probably disguised as a driver. I was just
wanting to find anyone who has seen similar problem with a 'spoofed'
iexplore.exe process running in safe mode.

From: "slswyoming" <>


| What was true on 22nd was not true on 23rd. From when I wrote first
| message, more was done - too long a list to type in here. Now the computer
| will get so far loading the operating system and reboot. In safe mode, too.
| Can't use the keyboard or do anything, it just continuously reboots.
|
| It is definitely not hardware. For one thing, there were error logs that
| prove the problem wasn't hardware. And, the iexplore loaded when one hasn't
| OPENED internet explorer, even in SAFE MODE, and unable to be "killed" with
| Process Explorer or other tools, is definitely the problem. Something has
| control of the boot process, probably disguised as a driver. I was just
| wanting to find anyone who has seen similar problem with a 'spoofed'
| iexplore.exe process running in safe mode.

Wipe the PC and reinstall the OS from scratch.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm