iexp1orer.exe - Dangerous
iexp1orer.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
It also attempts to propagate through the Kazaa file-sharing network by copying itself as the different files in the Kazaa share folders.
Starts an FTP server on a randomly chosen TCP port.
Attempts to make a connection to a randomly generated IP address on TCP port 445.
If successful, the worm sends shell code to the remote computer, which may cause it to run a remote shell on a randomly chosen TCP port.
Connects back to the FTP server on the port by using a shell, then downloads a copy of the worm.
Sends a predetermined message to all ICQ contacts.
Some of these messages display URLs that can download a copy of either W32.Mydoom.V@mm or Backdoor.Nemog.C.
Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: "iestart"="%System%\iexp1orer.exe"