Sign in to follow this  
Followers 0
plastic

iexplore.exe virus help

44 posts in this topic

Plastic, it could be lecna by all symptoms so far?? (alias Backdoor.Win32.Lecna.B) or lebreat, see description from f-secure description database :

http://www.f-secure.com/v-descs/lecna_b.shtml

F-S have free (dos version) virus tool called f-prot get it and newest definitions here ftp://ftp.f-secure.com/anti-virus/free/ - first extract, then go to patches folder, copy those definitions over old ones. Maybe best would be use a USB stick, CD or other form of boot (so virus won't be resident) and then scan like that. (remember to make boot media with some other machine, www.bootdisk.org may provide helpful)

Share this post


Link to post
Share on other sites

I've messed around with restoring a bunch of friends computers after viruses. 99% of the time it's way less headache to just do a reformat/reinstall. You can spend hours upon hours researching, rebooting, editing, scanning etc. when if you just went weith the reformat/reinstall you would've been done last night.

Share this post


Link to post
Share on other sites

Advice:

Plastic: Copy off what data you can save and rebuild the system. Once you get everything loaded and the OS patched, make a ghost image of the system.

Barbie: Get on a plane to NC so I can comfort you in this time of need. If you cant make it send one of your brunette GFs.

Share this post


Link to post
Share on other sites

well xoftSPY 4.15 found it!

Swiffy is my hero!

it was a backdoor trojan. of all the crap i ran on her system, this is the only one that found and cleaned it.

IF U THINK U R SAFE WITH FIREFOX - WRONG!

just before I got xoft going it took control of firefox and tried to use it instead of IE. I killed it before it did, and it is now purged.

i suggest you guys run this program just to be safe, it is a lifesaver.

i owe ya swiffy.

Share this post


Link to post
Share on other sites

damn, still not the end

it is gone, but i cant run shit cause the dundll32.exe is corrupted and not associated. gonna try a copy and paste from a clean machine, but I expect i will have to do more than that.

Share this post


Link to post
Share on other sites

FFS!!!!!!!!!!!!!!

everytime I delete or overwrite rundll32.exe with a clean copy the damn windows file protection overwrites it with the original. where the hell was that when this damn thing overwrote it the first time???????????????

anyone have anyidea how to restore the file?

I cant open anything in the control panel.

i can't drop to a command prompt.

i cant run firefox.

i cant repair IE with the repair tool.

all the reg and system mechanic tools I downloaded all start with an exe, and thus they cant be run......

FFS

Share this post


Link to post
Share on other sites

only way i can find to disable file protection is with a hex editor, and that needs the dll to run.

even the damn cached dll file is protected and won't let me overwrite it like youc ould with 2000.

hmmmm......

damnit, i should have been a software guy instead of a HW guy, then I would know this crap.

HELP!

Share this post


Link to post
Share on other sites

You really need to get the info on your OS installation disk.

XP has a repair option that should work, since you've deleted the registry entries. I haven't read the entire thread, but doing an install over what's currently there should work, I would think. If you haven't been there already, go to www.symantec.com & read-up on it.

Given what you've said, I'd have already wiped & reloaded, but I have a Pro disk that needs no key entered.

Share this post


Link to post
Share on other sites

men don't stop and ask for directions, and they don't reformat!

i have got to fix this damn thing somehow. gotta find a way to get a clean copy of rundll32 pulled across. there is a command line way of doing it fromt eh xp disk, but I can't get to the shell, cause it uses that runtime environment.!!

grrrrr

Share this post


Link to post
Share on other sites

I blame Micro$oft.

Seriously, with all the hair-pulling you are doing right now, it's 10x easier to reformat & start clean, then there's ZERO doubt.

Man, if that box has been running as long as you say it has w/out a reformat, it would be like a new one if you did so.

Backing up those apps & data to CD-R isn't an option? The CD-R drives becoming industry standard made my life 20x easier. I could reformat right now inside of an hour & have my computer back up-to-speed.

Share this post


Link to post
Share on other sites

currently I cant launch any program besides IE that requires an EXE.

gonna pull important data across to a firewire drive and attempt to do a repair install. my dik is a bit scratched, so it may crap out along the way.

have to get another disk tomorrow if that is the case.

Share this post


Link to post
Share on other sites

man, tons of posts and help when this was in the other forums.

none here, I thought there were people displaying comminty support tags running around?

Share this post


Link to post
Share on other sites

have you tried booting off the Norton Disk? You can bypass XP and run a scan and windows will not interfere.

Share this post


Link to post
Share on other sites

also if you can Find the name of the virus, you can goto www.Symantec.com and do a search and they should have a step by step walk through on how to remove it or they will have a mini program that will run to remove it.

Share this post


Link to post
Share on other sites

Plas... what about disabling the drive, installing on a new drive, connect the old one and then try to switch it out?

Share this post


Link to post
Share on other sites

nah, you can't clean it in safe mode as WFP is still enabled.

I have it slaved to my system replacing the .dllcache and system32 files now.

ps i did a reinstall repair and the same problems persisted. this is the last run then I am going to just install to a new drive,, and slave this one one to pull data from.

Share this post


Link to post
Share on other sites
have you tried booting off the Norton Disk? You can bypass XP and run a scan and windows will not interfere.

nah, no love, norton doesn't recognize it.

I have cleaned the virus. it is gone by by, but the .dll carnage it left behind is what i struggle with now.

hopefully this copy to slave will fix it, but I had the same problems after copying in the recovery console, so we shall see in about five minutes.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.