Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

iexplore.exe Opening at Startup as System Process

This is a discussion on iexplore.exe Opening at Startup as System Process within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I noticed this happening when iexplore.exe asked for access to the internet access from Bitdefender. I searched around and found


 
 
Thread Tools Search this Thread
Old 05-19-2008, 10:42 AM   #1
Guest
 
Join Date: Apr 2007
Posts: 64
OS:



I noticed this happening when iexplore.exe asked for access to the internet access from Bitdefender. I searched around and found many people posting similar problems but all seem very different. I have done full scans from HijackThis and Ad-Aware. They both show no signs of any kind of infection. IE appears to be attempting to access liuxing072.3322.org I have no idea what this location is or how genuine it is. I recently installed Service Pack 3 and IE 7. I also installed IE7Pro which is an addon for IE7 maybe this is what is causing these problems.

Please help me find out why Internet Explorer is trying to access liuxing072.3322.org, why it is starting with windows, what process is causing it to do this and how I can stop it doing so.

I have including 2 images which show information from HijackThis, BitDefender, Ad-Aware 2007, Windows Task Manager and Process Explorer



jimbob007 is offline  
Sponsored Links
Advertisement
 
Old 05-19-2008, 05:29 PM   #2
Guest
 
Join Date: Apr 2007
Posts: 64
OS:



Terminating the process seems to work and it doesn’t come back until I restart. Help me solve the mystery please.
jimbob007 is offline  
Old 05-21-2008, 05:59 AM   #3
Guest
 
Join Date: Apr 2007
Posts: 64
OS:



After trying quite a few different programs including BitDefender Total Security 2008, HijackThis, Ad-Aware 2007, Spybot - Search & Destroy, cwshredder, MRU-Blaster and Privacy Mantra the problem remained. Searching around I found the following in my registry:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU]
"000"="ldr64.dll"

[HKEY_CLASSES_ROOT\Applications\iexplore.exe]

[HKEY_CLASSES_ROOT\Applications\iexplore.exe\shell]

[HKEY_CLASSES_ROOT\Applications\iexplore.exe\shell\open]

[HKEY_CLASSES_ROOT\Applications\iexplore.exe\shell\open\command]
@="\"D:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3322.org]
"*"=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3322.org\dedmazay]
"*"=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3322.org\flashflashmx]
"*"=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3322.org\liuxing072]
"*"=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3322.org\www]
"*"=dword:00000004

I made a backup and removed these entries.

I then found another file trying to access liuxing072.3322.org. D:\Program Files\NetMeeting\mstinit.exe. I made a folder and forced all the files from the netmeeting folder into it so it lost its normal location.

I than installed and ran Uniblue SpyEraser which found Adware.PartyBingo.

Not sure which one of these stopped the iexplore loading but it seems to have worked. I hope other anti-malware organisations can find a way of doing more about this problem because currently its an epic failure for all I have used other than Uniblue (if that’s what removed it).

Thank you for your assistance.
jimbob007 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:49 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts