False IE trojan

July 8, 2010 at 12:31:46
Specs: Windows Vista
I ran afoul of a site that downloaded malware to my CPU while doing a favor. I cleared it all out execpt for this: A fake Internet Explorer. The files are sqmapi.dll, ieinstall, ieuser, iexplore, iedw, hmmapi.dll and a folder called en-us. The folder contains copies of these with the suffix .mui.

I can tell this is fake in a few ways:
1: The folder hadn't ever been in Files (x86). Now, it is.
2: It lists as having been 'modified' the day the site hit me.
3: The folder tells me acess is denied when I try to rename, move, or delete it. There is only one user, which has admin rights. When I enabled the 'Administrator' user (that bypasses all other security), I got the same message from that one.
4: All attempts to give myself permission gave me a 'acess denied' message. This led me to use the cmd box line to delete it. This function doesn't see it.
5: Avira Antivirus found, but could not remove the files. (When I deleted them one at a time, they cloned themselves, and deleteing them all lead to acess denied.)


Short of bombing my hard drive, how do I fix this crap?


See More: False IE trojan

Report •


#1
July 8, 2010 at 13:51:14
Hi, i have vista as well. I have the folder you have with these same files and they are all legit. There is nothing harmfull about the files you have. I would not try to delete them.

Report •

#2
July 8, 2010 at 16:07:34
Indeed. My main worry was that it had been infected by a trojan. With everything I've done, I've written the fouled permissions to an inscrutable Microsoft thing, and plan on acting urther only if I catch more reason to think it's still infected.

Report •

#3
July 9, 2010 at 11:06:58
I have avira as well, and when i do a scan it does not say these are a threat. Yet you say it found these as a threat. ?.

Report •

Related Solutions

#4
July 9, 2010 at 17:48:20
It did a few times, but coordinated work from Avira and Spybot SD seems to have fixed it up.

Report •

Ask Question