IEXPLORE.EXE - Dangerous

What you should do about IEXPLORE.EXE:

Your PC may be infected. The presence of a file called IEXPLORE.EXE is a possible sign of infection.

You should urgently check your PC to make sure it is not infected. The free version of Prevx CSI will scan your PC in less than two minutes and check for millions of spyware and malware infections including IEXPLORE.EXE. Don't take the risk, check your PC now.

Download Prevx CSI Now

What we know about IEXPLORE.EXE:

The filename IEXPLORE.EXE was first seen on Sep 21 2007 in NETHERLANDS. It has also been seen in the following geographical regions of the Prevx community:

  • The UNITED KINGDOM on Mar 19 2008
  • SPAIN on May 15 2008
  • SLOVENIA on May 7 2008
  • INDIA on Jul 5 2008
  • The UNITED STATES on Sep 23 2007
  • GERMANY on Sep 21 2007
The filename IEXPLORE.EXE refers to many versions of an executable program.

The most common file size is 40,960 bytes. But the following file sizes have also been seen:

  • 7,871 bytes
  • 110,275 bytes
  • 17,408 bytes
  • 125,440 bytes
  • 131,072 bytes

The unsafe files using this name are associated with the malware group WORM.SPYBOTAX.99328.Some files using the name IEXPLORE.EXE are also associated with the malware groups:
  • Trojan.Gorhax
  • SystemPoser:Trojan-All Variants
  • System Poser:Trojan-IE
  • Worm.Lovgate
 These files have no vendor, product or version information specified in the file header.

IEXPLORE.EXE has been seen to perform the following behavior(s):

  • Executes a Process
  • Writes to another Process's Virtual Memory (Process Hijacking)
  • The Process is packed and/or encrypted using a software packing process
  • This Process Deletes Other Processes From Disk
  • Adds a Registry Key (RUN) to auto start Programs on system start up
  • This Process Creates Other Processes On Disk
  • Opens browser pop ups
  • Uses your PC to connect to Chat rooms
  • Can communicate with other computer systems using HTTP protocols
  • The Process is polymorphic and can change its structure
  • Downloads hidden code from covert web sites
  • Downloads program file(s) from the web
  • Registers a Dynamic Link Library File
  • Looks at the contents of the autoexec.bat file
  • Reads email address and phone book details
  • Creates a TCP port which listens and is available for communication initiated by other computers
  • Makes outbound connections to other computers using NETBIOSOUT protocols
  • Uses DNS to retrieve the IP address for web sites
  • Automatically changes your firewall settings to allow it to communicate over the internet
  • Can make outbound communication to other computers, IM chat rooms and other services using IRC protocols

IEXPLORE.EXE has been the subject of the following behavior(s):

  • Executed from Temporary Folders
  • Created as a process on disk
  • Deleted as a process from disk
  • Executed as a Process
  • Has code inserted into its Virtual Memory space by other programs
  • Added as a Registry auto start to load Program on Boot up
  • Copied to multiple locations on the system
  • Registered as a Dynamic Link Library File
  • Terminated as a Process
  • Created as a new Background Service on the machine

IEXPLORE.EXE can also use the following file names:

  • 007890-164E2C5F.EXE
  • 76501969.SVD
  • DPTRRAYWXW-437.PMS.EXE
  • A0030503.EXE
  • IEXPLORE[1].EXE
  • DPTRDWXLHM-967.PMS.EXE
  • 84183223.EXE
  • 22133785.SVD
  • DD3.EXE
  • 31889641.EXE
  • 72803074.DAT
  • 69933791.DAT
  • 21076196.SVD
  • DPTRNKNBXW-127.PMS.EXE
  • D3C67AC329FFBE18B33527F37E5688C1.EXE
  • PHOTOALBUM.EXE
  • CSRS.EXE
  • VUJF.EXE
  • YYJROUI.EXE
  • XGBBIUK.EXE
  • WINAMP.EXE
  • SPOOISV.EXE
  • LSSAS.EXE
  • WINIOGON.EXE
  • ZMGZUJT.EXE
  • SPOOLSVC.EXE

Virus, Spyware & Malware Center