Tech Support banner

Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
64 Posts
Discussion Starter #1 (Edited)
I noticed this happening when iexplore.exe asked for access to the internet access from Bitdefender. I searched around and found many people posting similar problems but all seem very different. I have done full scans from HijackThis and Ad-Aware. They both show no signs of any kind of infection. IE appears to be attempting to access liuxing072.3322.org I have no idea what this location is or how genuine it is. I recently installed Service Pack 3 and IE 7. I also installed IE7Pro which is an addon for IE7 maybe this is what is causing these problems.

Please help me find out why Internet Explorer is trying to access liuxing072.3322.org, why it is starting with windows, what process is causing it to do this and how I can stop it doing so.

I have including 2 images which show information from HijackThis, BitDefender, Ad-Aware 2007, Windows Task Manager and Process Explorer



 

·
Registered
Joined
·
64 Posts
Discussion Starter #2
Terminating the process seems to work and it doesn’t come back until I restart. Help me solve the mystery please.
 

·
Registered
Joined
·
64 Posts
Discussion Starter #3
After trying quite a few different programs including BitDefender Total Security 2008, HijackThis, Ad-Aware 2007, Spybot - Search & Destroy, cwshredder, MRU-Blaster and Privacy Mantra the problem remained. Searching around I found the following in my registry:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}\FilesNamedMRU]
"000"="ldr64.dll"

[HKEY_CLASSES_ROOT\Applications\iexplore.exe]

[HKEY_CLASSES_ROOT\Applications\iexplore.exe\shell]

[HKEY_CLASSES_ROOT\Applications\iexplore.exe\shell\open]

[HKEY_CLASSES_ROOT\Applications\iexplore.exe\shell\open\command]
@="\"D:\\Program Files\\Internet Explorer\\iexplore.exe\" %1"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3322.org]
"*"=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3322.org\dedmazay]
"*"=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3322.org\flashflashmx]
"*"=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3322.org\liuxing072]
"*"=dword:00000004

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3322.org\www]
"*"=dword:00000004

I made a backup and removed these entries.

I then found another file trying to access liuxing072.3322.org. D:\Program Files\NetMeeting\mstinit.exe. I made a folder and forced all the files from the netmeeting folder into it so it lost its normal location.

I than installed and ran Uniblue SpyEraser which found Adware.PartyBingo.

Not sure which one of these stopped the iexplore loading but it seems to have worked. I hope other anti-malware organisations can find a way of doing more about this problem because currently its an epic failure for all I have used other than Uniblue (if that’s what removed it).

Thank you for your assistance.
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top