A compilation of symptoms has me stuck.

M

molotov256

New Member
Reaction score
0
Hey all... this might be to obscure or vague to get any answers, but I'll explain what I'm stuck on and hopefully somebody out there can offer better advice than I've been able to find through Googling.

I'm working on a gateway laptop with Win XP Media Center edition, and it came to me with the Paladin Antivirus and rootkit ordeal. I hunted around and removed it all (hooray for autoruns and hijack this!), and on reboot there was no sign of Paladin AV. Unfortunately, a new issue had arisen - the client has a copy of AdAware 2007 SE installed, and aawservice would repeatedly crash and post Unhandled Exception messages. The computer would freeze from time to time and was now running painfully slow. She asked me to remove AdAware as she wasn't using it anymore anyhow, but my attempts to uninstall have been unsuccessful. The uninstaller posts an error saying "a network error occured while attempting to read from the file C:\Windows\Installer\WISDED...blah blah blah...msi I used autoruns to stop the aawservice from loading at startup, and now the computer is running at normal speed again without any adaware messages. So, at this point:

  • Ad-Aware is still on there and being more stubborn than the scareware I removed
  • The computer periodically makes an alert noise (every min or so) but without any messages being displayed.
  • I can start taskmgr, but Process Explorer won't open, so it's hard to figure out where the alerts are coming from.

That's about all I can think to report... Any help is most appreciated as always.
 
iexplore.exe virus?

I just noticed process called iexplore.exe in taskmgr. Odd, because I'm not running Internet Explorer on there. I ended it and the chirps stopped, until it launched again in a few seconds. Sounds like more virus removal fun.
 
You always have the option of manual removal. It's a PITA, but it might take less time to just do it manually than the amount of time it takes to search for a quick fix.
 
Revo was a no go, so I guess manual it is. That's not priority number 1 now, though... I've got to figure out what's going on with this iexplore.exe that keeps popping into the task manager. I can't tell what it's doing or what it's attached to, but if i end it, it pops back up, and when it does, the computer makes the alert sound. I wonder if it was part of the paladin rootkit or something.

This is the part that's really getting to me:
  • When I open Sysinternals Process Explorer or Malware Bytes installer, they do not open. No error, no window that opens or closes, no noise, no nothing.

Based on what I've read today, MBAM is the most effective tool to use against this iexplore.exe virus, and I would freaking love to get into process explorer and get some more info on what this process is and what's launching it. Smells rootkitty to me.

I don't know if anybody here has been down this exact same path, but can anybody recommend other resources? These forums are pretty much the best IMHO, but I realize I'm getting into a pretty specific issue now.
 
Last edited:
May I suggest you try ComboFix. This usually works for me in these odd situations, especially with IE running in the background. Might also be worth trying RogueFix as well.

Make sure you copy and run these files from the desktop though.
 
when I have had machines that prevent malwarebytes from running.."sometimes" booting in safe mode will get it to launch and or renaming the exe file to anything else other than mbam.exe
 
Right on - ComboFix did the trick. I'd never heard of that one before, but it's getting added to the thumb drive! I had a hard time finding a legitimate download site for it, but as it turns out, there is a link at bleepingcomputer.com, it's just buried a few paragraphs into the disclaimers and tutorials.

If anybody wants to add this one to their toolkit, grab it from here.
 
Completely unrelated to any of these issues, but your avatar rules, sjlplat... Don Hertzfeldt is awesome!
 
You must log in or register to reply here.

Similar threads

YeOldeStonecat
Print a file such as DOCX out of New Outlook, 404 error.
Replies
5
Views
277
britechguy
britechguy
HCHTech
Slow opening times for files on a network drive
Replies
10
Views
659
trevm999
trevm999
britechguy
Latest Phishing Attempt, latest reply to a client who asked me "is this legitimate" before doing anything . . .
Replies
10
Views
462
britechguy
britechguy
Rigo
O365 - Outlook fails to dload messages - themessagingco service
Replies
16
Views
912
britechguy
britechguy
britechguy
Email for a "soon to be dead" account
Replies
17
Views
1K
britechguy
britechguy
Back
Top