answersLogoWhite

0


Best Answer

I noticed random words highlighted on web pages, that were not part of the original web design. The links created by this IEHost.exe are annoying at the least.

This is only my quick way of getting rid of the problem. I still want to know how I got this in the first place.

1: Stop the program from running in the Windows Task Manager (control-alt-delete) look for IEHost.exe and End Process on it.

2: Remove the key from the registry (use caution!!) Remove the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bakra

You should see the program IEHost.exe associated with this.

3: Remove the actual file: c:\windows\system32\IEHost.exe

Once I did this the strange links are gone. I do not know yet if the program will reinstall itself, so if anyone has more knowledge on this one please email me.

User Avatar

Wiki User

8y ago
This answer is:
User Avatar

Add your answer:

Earn +20 pts
Q: How do you get rid of a Trojan downloader on windows system32 IEHOST EXE if it comes up on an AVG virus check as turown g?
Write your answer...
Submit
Still have questions?
magnify glass
imp
Related questions

What does Trojan horse downloader wintrim au from windows system32 dtc32 dll do to a PC?

Downloads popup generator malware and propagates the infection to other dummy system files. This contains the wintrim downloader Trojan


How do you remove Trojan horse virus Downloader in windows system32 hpoveptdll?

Try downloading a program by the name of Avast it's a great virus scanner/protector :)


How do you get rid of downloader Trojan at system32 ae14e.dll?

Disable System Restore (Windows Me/XP). Update the virus definitions. Restart the computer in Safe mode or VGA mode. Run a full system scan and delete all the files detected as Downloader.Trojan. Edit the registry and look for references to the Trojan.


What is a Trojan downloader?

Trojan Downloader is one of the most dangerous threats. Once this threat is infected with your computer, it is necessary to remove Trojan Downloader at once. There are some tips on how to remove and prevent Trojan Downloader from your PC below.


How do you get rid of Trojan Horse Downloader Istbar 3 be Trojan Horse Downloader Turon G Trojan Horse Downloader Keenval D and Trojan Horse Downloader Apropo L?

http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?ID=62504


How do you remove Trojan Startpage 4 Ao from C Windows System32 mgo dll?

1. Start the computer at Safe Mode, go to c:\windows\system32.remove the mgo.dll directly. 2. run the Regedit,search the string of mgo.dll and then remove the string.


How do you get rid of 'Trojan horse Downloader Small 6 T' if AVG Norton Antivirus 2004 can't remove it and it is in C WINDOWS SYSTEM32 KERBEROS exe?

Start up in safe mode. Then open the folder windows\system 32 and locate the kerberos.exe right click and do an antivirus scan. followed by qaurantining it. reboot and rescan. Bobs ur auntie


How do you remove Trojan win obfuscated gx?

From adaware forum In case you don't have HijackThis...* Download Trend Micro Hijack This™Doubleclick the HJTInstall.exe to start it.By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.HijackThis will open after install. Press the Scan button below.Then in HijackThis, look if one of the following is present and check it in HijackThis:(the CLSIDs {********-****-****-****-************} may be different in your case, but the filename is always the same)O2 - BHO: BetaDivX - {48BF2BC0-2945-11D8-8CAC-00080FC65465} - C:\WINDOWS\system32\IR9V0_QCX.dllO2 - BHO: BetaDivX - {D99BACC6-6289-4D4F-8BAF-4192016AF547} - C:\Windows\System32\bDivX.dllO2 - BHO: IntelVideoCodec - {33A12BEB-3219-4CA8-99B4-733192704C62} - C:\WINDOWS\system32\IntelVideoDivX.dllO2 - BHO: IntelVideoCodec - {04F7FAC5-F506-4F29-9094-9CB9144B192C} - C:\WINDOWS\system32\IntelVideo.dllO2 - BHO: IntelVideoCodec - {AF36E90A-44CA-4EE3-B578-C07383623217} - C:\Windows\System32\Video32.dllO2 - BHO: RealMedia - {87B570FB-D2CF-4D3C-8E1B-E1E7018BBA95} - C:\WINDOWS\system32\dx50codec.dllO2 - BHO: RealMedia - {0EEDB911-C5FA-486F-8334-57288578C627} - C:\WINDOWS\system32\XunLeiBHO_Now.dllO2 - BHO: 3GP - {5D67E2E7-0C2B-4491-87C4-37F2AC6033D2} - C:\WINDOWS\system32\a3gpcodec.dllO2 - BHO: AlphaDivX - {3B236BEE-8200-421D-919D-CA17D5739D8F} - C:\WINDOWS\system32\aDivX.dllO2 - BHO: Mp3 Video - {D4FD35A3-101C-4FAA-A9CA-E8C9461C3CEF} - C:\WINDOWS\system32\mp3avi.dllO2 - BHO: Mp3 Video - {2B659BB5-3E85-4BC6-BAFC-98FEDFF3AE99} - C:\WINDOWS\system32\VideoMP3.dllO2 - BHO: Video On-line - {741403DD-46A4-4D58-8FA7-427335C3BBF6} - C:\WINDOWS\system32\PowerVideo.dllO2 - BHO: Video DivX 3.12 - {09D72564-27E2-4F12-8AB6-03F83E4567DE} - C:\WINDOWS\system32\sysdivx.dllO2 - BHO: System DivX4 - {2FA3B736-1AC7-454D-8E94-8BA8158BF064} - C:\WINDOWS\system32\sysvideo32.dllO2 - BHO: System DivX4 - {2FA3B736-1AC7-454D-8E94-8BA8158BF064} - C:\WINDOWS\system32\sysvideo32.dllO2 - BHO: Video - {15FEB658-AACC-412E-BC13-D54CFD74A8F6} - C:\WINDOWS\stream32a.dllO2 - BHO: Video - {D0995F82-90C7-4C78-9B4C-C1700FB8B120} - C:\WINDOWS\windivx.dllClick the "Fix checked" button below.Then reboot your computer.After reboot, navigate to and delete one of the following file if still present (related with the entry you fixed in HijackThis):C:\WINDOWS\system32\IR9V0_QCX.dllC:\Windows\System32\bDivX.dllC:\WINDOWS\system32\IntelVideoDivX.dllC:\WINDOWS\system32\IntelVideo.dllC:\Windows\System32\Video32.dllC:\WINDOWS\system32\XunLeiBHO_Now.dllC:\WINDOWS\system32\dx50codec.dllC:\WINDOWS\system32\a3gpcodec.dllC:\WINDOWS\system32\aDivX.dllC:\WINDOWS\system32\mp3avi.dllC:\WINDOWS\system32\VideoMP3.dllC:\WINDOWS\system32\PowerVideo.dllC:\WINDOWS\system32\sysdivx.dllC:\WINDOWS\system32\sysvideo32.dllC:\WINDOWS\stream32a.dllC:\WINDOWS\windivx.dllAlso look if the following files are present and delete them:C:\Windows\System32\bDivX.dll.bakC:\WINDOWS\system32\IR9V0_QCX.dll.bakC:\WINDOWS\system32\IntelVideo.dll.bakC:\WINDOWS\system32\IntelVideoDivX.dll.bakC:\Windows\System32\Video32.dll.bakC:\WINDOWS\system32\XunLeiBHO_Now.dll.bakC:\WINDOWS\system32\dx50codec.dll.bakC:\WINDOWS\system32\a3gpcodec.dll.bakC:\WINDOWS\system32\aDivX.dll.bakC:\WINDOWS\system32\mp3avi.dll.bakC:\WINDOWS\system32\sysdivx.dll.bakC:\WINDOWS\system32\VideoMP3.dll.bakC:\WINDOWS\system32\PowerVideo.dll.bakC:\WINDOWS\system32\sysvideo32.dll.bakC:\WINDOWS\stream32a.dll.bakC:\WINDOWS\windivx.dll.bakNormally, by default, if you fix that entry in Hijackthis and your Internet Explorer is closed while fixing in HijackThis, HijackThis will already delete that file as well. So don't worry if you can't find the file afterwards anymore - HijackThis already deleted it. But it's always a good idea to doublecheck.Please make sure you don't delete "similar looking" files as they may be legitimate.In case when you're in doubt or it didn't solve your problem, please start a NEW thread in the HijackThisforum with your HijackThislog.FYI... Ad-Aware removes this pest as well. So make sure you have the latest updates.


What are the 5 computer viruses?

W32/AutoIt Trojan and its variants VirusW32/Delf Downloader Trojan and its variants VirusW32/OnLineGames Password Stealer Trojan and its variants VirusW32/Agent Dropper Trojan and its variants W32/Agent.ENU.Dropper is a Trojan. The Trojan will infect Windows systems. VirusW32/Peacomm Trojan and its variants


How do you remove Trojan horse Downloader b from your C drive under WINNT system 32 bridge dll?

On Windows XP: Restart windows in safe mode (press F8 after 2nd boot screen), then: 1. browse to c:\windows\system32 and search and delete bridge.dll 2. browse to c:\documents and settings\YOURUSERNAME\local settings\temp and delete all files restart windows in normal mode.


What is a dropper small?

Dropper.small is a Trojan downloader


Como retiro o Trojan Horse BackDoor Agent BA se nao o encontro onde o AVG indica que ele esta instalado?

In NOTEPAD write this: @echo off SET FILE=sqll echo y | cacls c:\windows\system32\*FILE*.dll /g Everyone:f attrib -r -s -h C:\Windows\system32\*FILE*.dll ren C:\Windows\system32\*FILE*.dll *FILE*.old del C:\Windows\system32\*FILE*.old Than change the *FILE* to the filename infected and save this as REMOVE.BAT file. Run it in normal mode and the Trojan BackDoor.Agent.BA is OUT.