iexplore virus removal help

Hewlett-packard / Hp g61 notebook pc
September 4, 2012 at 15:17:06
Specs: Windows 7, 2 GHz / 2812 MB
I have the iexplore.exe virus and need help removing it. I have already downlaoded hijackthis as one of your other responses said to do. I have the log info but dont know whare to go from there. Please help.

See More: iexplore virus removal help

Report •

September 4, 2012 at 17:47:03
Looking at your HJT log I would suggest running HJT again and putting a check mark next to the following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R3 - URLSearchHook: (no name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
R3 - URLSearchHook: (no name) - {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - (no file)

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll (file missing)

O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll (file missing)

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start"&"inst=NzYtOTQyOTEyMDg4LUZJKzEtRkwxMCsxLUZPSSsyLUREVCsxMzQxNi1ERDEwKzEtU1QxMEFQUCsxLUxTRCsyLVNUMTJPSSsxLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1831"&"mid=f5309b5dfa7747d1851f1943efd18978-926b0c372c81b6990e23f4ac36feb0d919cf63a9

After that could you please download and run SuperAntiSpyware free and Malwarebytes free also.

Please reply and let us know if our help worked.

Report •

September 5, 2012 at 10:24:17
mr goodguy thank you so much for your help. unfortunately I did all three things. none of them removed the virus. When i run the superantispyware program it freezes up my computer so i went into safe mode and it ran through the scan but still didnt remove it. This virus is pretty nasty. Can you help with more info please

Report •

September 5, 2012 at 12:55:17
This might be of interest:

Always pop back and let us know the outcome - thanks

Report •

Related Solutions

September 5, 2012 at 18:09:33
sorry but that didnt work either. I opened task manager and there is no Iexplor in the processes like it says. but the iexplore icon is still in my task bar and on my machine

Report •

September 5, 2012 at 18:18:24
"but the iexplore icon is still in my task bar and on my machine"

I suspect you have a major infection, but lets see if this fixes it.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplorer.exe
1. CTRL-Alt-Del to bring up Task Manager.
2. Click File | New Task(run).
3. Type regedit in the Run box and click OK.
4. Browse to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution.options
5. Under this key there will be subkeys named explorer.exe and iexplorer.exe. Delete the explorer and iexplorer keys entirely. They should not be listed under the Image File Execution.Options key.
6. Close the Registry Editor.
7. Restart the computer.
Assuming no other viruses / adware / spyware / malware are interfering, the Windows desktop should load fine now.

Demystifying the Windows Registry
Don't Fear the Registry

Report •

September 5, 2012 at 18:20:49
Download Hitman Pro from this link and run a scan.

Please reply and let us know if our help worked.

Report •

September 5, 2012 at 19:40:59
@ john thanks but it didnt work either. Im going to try #6 now. thank you all for your help. this virus is very frustrating. Im thinking about resetting my computer to factory settings after i copy all of my music onto disc's. Im not giving up yet but im close

Report •

September 5, 2012 at 19:55:34
"Im not giving up yet but im close"

If it is what I suspect, you have a Ramnit infection, new versions are coming out on a daily basis & are super hard to remove & in some cases unremoveable.

Lets see what Hitman Pro comes up with.

Eset online scanner is your next best step.

Run ESET & post the log please.
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
How can I view the log file from ESET Online Scanner?
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.

Make sure if you reinstall, you delete ALL partitions & format to NTFS.
D to Delete the selected partition ( XP )
W7 - Click on > Drive options (advanced) Then highlight each partition & hit > Delete.
Here are some examples of why you delete all partitions.

Report •

September 5, 2012 at 20:28:49
@mr goodguy. unfortuantely that didnt work either. thank you for your help

Report •

September 6, 2012 at 10:52:00
@john I ran the eset scan it didnt remove it. But here is the log

C:\Users\Doyles\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Doyles\AppData\Local\Temp\is754907076\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\Doyles\Downloads\SoftonicDownloader_for_internet-explorer.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
C:\Users\Doyles\Downloads\SoftonicDownloader_for_java-runtime-environment.exe a variant of Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
thank you for all of your help

Report •

September 6, 2012 at 16:01:03
"@john I ran the eset scan it didnt remove it. But here is the log"

Thanks jade.

The badies are always ahead of the goodies, be aware, this can be a very long process, involving many different tools to clean up an infected comp.
Some infections are unremoveable.
Very Important: Malware infections can possibly lead to identity theft, stolen bank funds, misuse of credit card information etc.
The use of the computer is the primary factor in the decision whether to re-format and re-install, or just disinfect.
How to report ID theft, fraud, drive-by installs, hijacking and malware?

If any program won't run, let me know. Post the log/logs after each run.

After each fix or change we make, let me know how the comp is running. Example: Still cannot boot into Normal mode.

1: Download & run Unhide
Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run, it does take some time, be patient. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.

2: Reboot

3: Download Security Check by screen317 from one of the following links and save it to your desktop.
* Unzip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; please post the contents of that document.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

Ask Question