Tech Problem - iexplore.exe not closing

[auhsor]

Yeah, this is really weird. Yesterday, I booted up the computer and found that there was an iexplore.exe file running as an active process using a heaps of CPU time, and I couldn't close it. From checking Zone Alarm, I found that it was trying to upload stuff, to where I don't know.

Well I connect to the internet, and what do you know. It stops trying to upload. But it still won't let me close it. This is really weird, as it only just started happening, and I havn'e installed any programs really.

I've scanned my computer with Ad Aware, and I have Norton System Works, which should pick up any virus I may have downloaded.

So does anyone here have any suggestions or anything? Thanks.

[Evil]

Are you on a lan? That maybe it. It sounds like a info hacker to me. I'm almost 100% sure.

[auhsor]

Nope, I'm not on a lan. Just a normal dial up. I've got Windows 200, btw.
And my computer is a PIII 450, 196MB RAM.

I'm doing and online virus scan now, just to see if Norton aint doing its job.

[jason]

Nope, I'm not on a lan. Just a normal dial up. I've got Windows 200, btw.
And my computer is a PIII 450, 196MB RAM.

I'm doing and online virus scan now, just to see if Norton aint doing its job.

Interesting, can you provide a link to this online virus scanner, Auhsor? Sorry no help here on the issue you're having. .

[auhsor]

jason: Just google Online virus scan and you'll find quite a few.

Well dad decided to restore our old settings or something, and so now we have no video card driver... Good old 16 colours... I'm getting a driver now so thats not a problem. Its still doing the weird thing with iexplore.exe tho.

[auhsor]

Well, I've found the IP address that it's trying to upload stuff to. Does anyone know if I can do anything with this?

[AGA]

http://www.infohq.com/Computer/Spam/finding-hackers-isp.htm - then report this to their ISP, who will do something about it...

[Paper Carnival]

Well, I once had a similar thingy called svchost.exe. That's supposed to be a system file, but I had two of those processes. I managed to find the malicious one and then I deleted it from my hard drive. I then put it inside a rar file in case it was a system file, but my pc was faster now.

And guess what... after about 1-2 months, TrendMicro online scan discovered it was a trojan downloader or something like that (it found it in the rar file where it was safe and then I completely deleted it). hehehe, I discovered it before *they* did...

[shbaz]

You may try an alternate virus scanner - the online ones aren't always so great, even if they are from a good provider they often have incomplete records.

For a free one that works quite well, google AVG Virus Scanner. The home version is free, comes with updates, and essentially has same functions as mcafee and such. Since you have dial-up.. might suck, but others were interested so I thought I would mention it. Http://www.thefreesite.com has an awesome listing of free everything, including virus scanners in the software section. AGS was listed there once, don't know if it still is.

You could find the location of the malignant file and boot in safe mode. There it shouldn't start the file, and you will be able to contain it.

To do this, search for all of the files named after the internet explor process. You'll know by it's location that it isn't real. Restart and press F8 until you get safe mode options, boot with no network support. Here you can decide to delete it, or preserve it in a zip or rar file for later.

[AGA]

Puh, anything except McAfee or Norton isn't worth bothering with.

[Pumaman]

Puh, having one is better than not having one

[Alynn]

Thank god for firewalls... Trojans no scare me... If one does somehow get on my system, myfirewall pops up, gives me the service port and ip's it is trying to reach... so then I can safely lock it so it cant get out of my system... run my virus scanner and surf the net...

Ahh technology!

[Inkoddi]

Well, I once had a similar thingy called svchost.exe. That's supposed to be a system file, but I had two of those processes. I managed to find the malicious one and then I deleted it from my hard drive. I then put it inside a rar file in case it was a system file, but my pc was faster now.

And guess what... after about 1-2 months, TrendMicro online scan discovered it was a trojan downloader or something like that (it found it in the rar file where it was safe and then I completely deleted it). hehehe, I discovered it before *they* did...

What am I supposed to do if I have four(4) svchost.exe prosecces?

[Alynn]

If running XP I know that is normal... 2 System a network and a local... its been too long I dont remember if the other NT based systems have that also...

But if you have that running on 98 you might have a problem

[Inkoddi]

I'm running XP, yes

[TheDude]

I think the most well known svchost.exe virus is if it's in capitals... i.e SVCHOST.EXE if you're not sure what capitals are :P

[OneThinkingGal and ._.]

If you still can't end the program download the NT resource pack from http://www.microsoft.com/NTServer/nts/downloads/recommended/ntkit/default.asp

and use kill.exe to get rid of any running process. Be careful not to stop system processes.

Oh, and firewalls, get a firewall. There's a coupla free ones out there www.zonelabs.com and http://smb.sygate.com/products/spf_standard.htm. The pay ones are better tho.

[auhsor]

Well the problems still there. I've upgraded Zone Alarm to a newer version (not the latest, cos i think you have to pay for it? I'm not sure). The virus checkers I''ve tried havn't picked up anything yet, but I've used Trojan Hunter, and they found a suspicious file called sysconf.exe in the system32 folder. So I'm not sure if its that tho.

Also I traced the IP thing to someone in china...

[shbaz]

China.. that's interesting. Most of the attacks on my school come from France, of all places.

China has a very developed strategy to bring down our web infrastructure with hacking, maybe they've made you a part of the greater scheme.  

[Matt Brown]

IT'S KIKME!!!!!

[Inkoddi]

PANDA ANTIKIKMERUS!!!