Wednesday, January 4, 2012

Instructions for IExplore.exe Virus Removal

Iiexplore.exe is Internet Explorer process which is displayed under Process Tab in Task Manager. Some virus makers add a malicious code so that original file stored in IE is replaced with malfunctioning file and whenever IE is loaded, in fact a virus is running.
In this article simple instructions are outlined for Iexplore.ex virus removal.
1. Run Windows in Safe Mode
2. Delete Infected Files
3. Clean Registry entries
4. Run an Antivirus Program

Run Windows in Safe Mode
Turn on your computer in safe mode with networking option which is helpful in prevention of iexplore.exe virus removal file from running at startup interval.
1. Reset your unit.
2. Press F8 | Safe Mode with Networking | Enter
Delete Infected Files
System that is infected with iexplore.exe virus, starts infecting program files such as files stored in IE and MSN messenger directories. You need to remove those files. Follow the steps given below to remove infected files.
1. Open My Computer.
2. Double click C | Windows | Temp
3. Press Alt key of your keyboard, select Edit | Select All. Then File | Delete.
4. Open C | Users | UserName | AppData | Local |Temp
5. In the same way, remove all temporary files stored in this directory.
6. Open C | Program Files | Internet Explorer | Right click the file IEXPLORE.EXE | Delete
7. Open C | Program Files | Messenger | Delete MSMSGS.EXE, MSSECES.EXE and COSHELP.DLL files.

Remove virus related Registry Entries
Iexplore.exe virus has made several registry entries, you need to remove those virus related entries in order to run programs without errors.
1. Open Registry Editor Click Start | Run.
3. Delete the following registry entries:
1. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run => MyDoc.EXE
2. HKEY_LOCAL_MACHINE \Software\Classes\CLSID\{F9BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} => fid 2434
3. HKEY_LOCAL_MACHINE \Software\Classes\CLSID\{F9BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} => wversion: 4.6.4
4. HKEY_LOCAL_MACHINE \Software\Classes\CLSID\{F9BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} => lver: 4.6.4
5. HKEY_LOCAL_MACHINE \Software\Classes\CLSID\{F9BA1AA9-CAD4-4C14-BDE6-922DFF5F6F38} => ldll (Value: C:\Program Files\Messenger\coshelp.dll)
6. Close Registry Editor.
7. Start a full registry scan with RegInOut and fix all the errors found in your system registry database.
Run an Antivirus Program
After removing virus related registry entries, you are advised to run a full virus scan on your system. Download some good antivirus program on your system such as Spamfighter here. Finally restart your computer in normal mode.

