CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars
BHOs, Toolbars, SHs, Explorer Bars
| CLSID | Name | Filename | Description | Status |
| {F7F92BE7-9FBB-4AD0-96B9-71FC3F0A12F1} | (no name) [SFlashVideo.clsSFlashVideo] | IExplorer.txt | Infostealer trojan, detected by Kaspersky antivirus as Worm.Win32.VBNA.b, see this ThreatExpert Report | X BHO |
| {4943EFF5-229F-435D-BEA9-BE3CAEA783A8} | (no name) | iexplorer.dll | Infostealer trojan, detected by Sophos antivirus as Troj/Banker-FUN | X BHO |
| {D0DC7560-73EA-4B5B-8816-7964C4C4F7AD} | (no name) | iexplorer.txt | Password stealer aka "Banker" trojan of Brazilian origin, detected by Microsoft as TrojanDownloader:Win32/Banload.AEA - also see here | X BHO |
| {3B7DBC8A-BA1F-44B9-AB47-43C06D24E4A6} | G-Buster Browser Defense | IExplorer.txt | Password stealer aka "Banker" trojan of Brazilian origin, see here | X BHO |
| {52FD4F15-A75E-408E-850A-A7960AE00553} | (no name) [SFlashVideo.clsSFlashVideo] | IExplorer.txt | Password stealer aka "Banker" trojan of Brazilian origin, detected by Avast as "Win32:BHO-ABZ" - also see here | X BHO |
Startup List Results
Startup Entry
Startup Entry
| Name | Filename | Description | Status |
| winnt DNS ident | iexplorer.exe | Added by a variant of the Win32/Rbot WORM! Note: Located in \%WINDIR%\System32 Note: This is NOT the Internet Explorer program file, which is called Iexplore.exe, and will always be located \%Program Files%\Internet Explorer\ Note: Notice the difference in the spelling. | X |
| Msn Messenge | IExplorer.exe | Added by the Troj/Delf-LL TROJAN! Note: Located in \%WINDIR%\System32 Note: This is NOT the Internet Explorer program file, which is called Iexplore.exe, and will always be located \%Program Files%\Internet Explorer\ Note: Notice the difference in the spelling. | X |
| MSN Messenger | IExplorer.exe | Added by the Troj/Banker-EU TROJAN! Note: Located in \%WINDIR%\System32 Note: This is NOT the Internet Explorer program file, which is called Iexplore.exe, and will always be located \%Program Files%\Internet Explorer\ Note: Notice the difference in the spelling. | X |
| ravshell | IEXPLORER.EXE | Added by the Troj/Nofere-I TROJAN! Note: Located in \%Program Files%\Eset\ Note: This is NOT the Internet Explorer program file, which is called Iexplore.exe, and will always be located \%Program Files%\Internet Explorer\ Note: Notice the difference in the spelling. | X |
| Services | iexplorer.exe | Added by the Backdoor.Ranky TROJAN! Note: Located in \%WINDIR%\System32 Note: This is NOT the Internet Explorer program file, which is called Iexplore.exe, and will always be located \%Program Files%\Internet Explorer\ Note: Notice the difference in the spelling. | X |
O20 List Results
AppInit_DLLs & Winlogon Notify
AppInit_DLLs & Winlogon Notify
| Name | Filename | Description | Status |
| iexplorer | %SYSDIR%\iexplorer.dll | Troj/SCLog-AI | X Winlogon Notify |
O23 List Results
Windows Services
Windows Services
| Name | Filename | Description | Status |
| aim.ex | IEXPLORER.EXE | Added by the SDBOT.COW WORM! Note: Read the link, rootkit type stealth involved. | X |
| iexplorer (iexplorer) | iexplorer.exe | Added by the Troj/Singu-U TROJAN! Note: This trojan file is found in the System32 folder | X |
| Microsoft(R) Windows(R) Operat (Microsoft Corporation) | iexplorer.exe | Added by the Troj/Feutel-W TROJAN! Note: This is not the legitimate Windows Process (iexplore.exe) which is found in the Program Files\Internet Explorer folder. (Notice the difference in the spelling.) This trojan file (iexplorer.exe) is found in the System32\Internet Explorer folder. | X |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
| CLSID | Name | Filename | Description | Status |
| {81LOA534-TTBY-M685-BJ5E-QI7112N81IC7} | (no name) | iexplorer.exe | Infostealer trojan, see this ThreatExpert Report | X |
| {261C7F25-5C46-F6B0-2881-80D3E90588EE} | (no name) | iexplorer.exe | Infostealer trojan, detected by Microsoft as Backdoor:Win32/Poison.AU - see this ThreatExpert Report | X |
| {5795A3E4-2596-449A-695A-EC5286692F2C} | (no name) | iexplorer.exe | Infostealer trojan, detected by Microsoft as Backdoor:Win32/Poison.M, see this ThreatExpert Report | X |
| {C6020422-2143-4CAF-91BB-46425236F5A8} | (no name) | iexplorer.exe | Infostealer trojan, detected by Microsoft as PWS:Msil/Kelopol.A, see here | X |
| {11YK8548-32X8-882F-JIXU-57F7K703R48D} | (no name) | iexplorer.exe | Infostealer trojan, see this ThreatExpert Report | X |