Iexplore.exe error. It's right there!

Toggle sidebar Toggle sidebar
dnaphreaker

dnaphreaker

Distinguished
Dec 28, 2008
14
0
18,510
Hey, now when I attempt to start IE by clicking on the taskbar quick link I receive this message – “Windows cannot find ‘C:\Program Files\Internet Explorer\iexplore.exe’. So naturally I went to the IE directory to make sure everything was copasetic there and nothing seemed out of place, but I still get the message even when I double click directly on the .exe file. I’ve already scanned my system with Malwarebytes, AVG 8.0, AdAware, and HijackThis. Nothing major seemed to come up, but AVG did find something called klomp.exe, which I subsequently got rid off. I also made sure everything was completely cleared with the other programs. I’m thinking it’s a browser hijack, but HijackThis didn’t seem to come up with anything weird either. Task manager shows no strange processes running and nothing eating up excess amounts of RAM. I’ve tried repairing and reinstalling IE6 using my XP Home disc as per the Microsoft site directions, as well as IE7. I also ran sfc /scannow via the run prompt but that didn’t help. Anything I’m missing? Fire Fox stills runs perfectly fine and there are seemingly no issues with my gaming or anything else, just IE not starting. Any suggestions would be greatly appreciated. Thanks.
 



I tried a new IE install and repair via the Windows XP Home disc, but no go with either. I also downloaded the IE7 installation but also no fix. Any other installation suggestion?
 
try SFC /scannow from the command line. Have the WindowsXP CD ready.
Good luck,
 
will it fire up in safe mode?
If so try to go to tools|internet options|advanced|reset (IE7)

Also while on the .exe file right click properties and make sure everything is in order. eg no read only,archive and does have full permissions.
 
Klomp.exe is a trojan which is inserted into the execution code of iexplorer. I did the same thing you did with the same results. Do a search here http:

http://www.threatexpert.com/report.aspx?md5=90562378c8c4a5334687990fc7d10284

and have a look at the registry changes made. In particular the last two.
They are randomly created so the numbers won't match up exactly, but those two were pretty easy for me to find in my own registry.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{841B1672-2EF5-33DC-8356-76F2850970B1}]
IExplore = 0x00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]
Debugger = "%System%\klomp.exe"

Notice in the top key that iexplorer's address has been redirected, and in the second klomp.exe is loaded as the default debugger. You (and I) deleted Klomp.exe so a program iexplorer is being directed to doesn't exist therefore iexplorer does nothing when opened(?)

How to fix this I not sure. I'm not that computer litertate. I found most of the registry keys involved, but even if I find all of them I'm leary of deleting them even though they were created by the trojan. So, currently I'm waiting for Symantec to get off there posteriors start doing what I pay them for! I got a $60 Best Buy gift card for Christmas. Maybe I'll go buy some anti-virus software that works...........
 
If you search Symantec's site... they should at the very least have manual removal instructions if NAV doesn't automatically remove it. They may even have a tool that will remove it for you.

I'm no big fan of Norton, but if you've already paid for it, you might as well wait until your subscription runs out before getting something else.
 


I am sure this is it. I've tried all the other suggestions and nothing appears to be working. I'm not a super computer guy on handling registry issues so I'm not sure how to proceed in a situation like this.

Is there a way to can revert my registry files to the previous state or would I have to weed out all of the newly created registry values as shown here: http://www.threatexpert.com/report.aspx?md5=90562378c8c4a5334687990fc7d10284
Also, what progs can I use to analyze and sort through these files, as you did Midiwiz?
 


I'm not a big fan either and I wasn't able to find anything about this klomp on the site. From the few forums I stumbled across using Google, it appears this may be a fairly new hijacker.
 
It creates 15 registry keys, but i cant find wtf re-creates them on reboot :S

Just removing the
Debugger = "%System%\klomp.exe"
In
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]
Will solve the problem temporary atleast.

Hers some info.
http://www.threatexpert.com/report.aspx?md5=90562378c8c4a5334687990fc7d10284

I hope someone smart will find a sulution to this anoying ah heck this year ^^
 
It creates 15 registry keys, but i cant find wtf re-creates them on reboot :S

Just removing the
Debugger = "%System%\klomp.exe"
In
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]
Will solve the problem temporary atleast.

Hers some info.
http://www.threatexpert.com/report.aspx?md5=90562378c8c4a5334687990fc7d10284

I hope someone smart will find a sulution to this anoying ah heck this year ^^
Click to expand...

I deleted that line from my reg and it worked! Thanks so much for the suggestion.

As for the the 15 registry keys, you deleted all of them and they reappeared following reboot? Did the Debugger = "%System%\klomp.exe" return as well? I'll try deleting all 15 and let you know what happens on my end. As I've said, running Malewarebytes, AVG 8.0, and AdAware seemingly cleared any traces, which may keep it at bay after a reboot.
 


You'll probably have to sift through them one at a time as the numbers contained in each key have been randomly generated. Use the newly created registry values as a clue.

Also, notice that the numbers contained in in this key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{841B1672-2EF5-33DC-8356-76F2850970B1}]
IExplore = 0x00000001

They should match the numbers in the first CLSID folder. However the rest of them you'll have to search until you find the matching values.

I'm currently running Kaspersky's online scan (they have definations for this trojan) hopefully it will help me locate the bum registry keys for removal.


 


I started looking through and didn't see the first two entries, but I may have found some probable with the others. I haven't had much experience with registry manipulation so I'm hesitant to delete/modify any. Let me know how that scan went, as I'll likely be running it myself next chance I get. I did get IE to work again but I'd certainly like to make this clean as thorough as possible.
 


Kaspersky did find 4 trojans according to my daughters report to me while I was working. Unfortunately, I neglected to have her save it, and when I lost the internet connection, the scan report was no longer available. So, I never actually saw the report. Therefore, I'm not sure what was actually found.

Kaspersky's online scan 7.0 took several hours to download, update, and scan my system. And, though it was thorough it doesn't remove any malware it only alerts you of its presence so you can manually remove it.
Hence, we're back at square one: how to clean the system?

I may try again, but man, that scan takes to long.
 



Wow, that is a brutal amount of time for a scan. I've updated the scanners on my end and ran through all of them again with no detections of anything that is seemingly related to klomp.exe or associated registry entries. My system appears clean with no errors with IE, and no issues have been cropping up since I removed the registry entry.
 


Check your windows/system32 folder for recurances of klomp.exe or qdbon.dll yet?
 
Also, I believe that malwarebytes will find and delete all registry entrys related to this trojan. So you may well be clean.
 


I can't find any traces of either of these two files since my scans. Looking good so far.
 
Reboot your computer, and hit f8 as soon as you see your bios go by. Keep hitting f8 till you get to the windows safe mode prompts. Go to top and choose safe mode the very top option. Then choose what operating system you want to startup.

After windows boots up in safe mode, it will prompt you to a use windows restoration points. It will be yes or no. yes if you want to go into safe mode or NO if you want to use a restore point.

choose no and it will take you into windows restoration. Just choose a restoration point before you got the virus. You don't lose any saved work, just programs and such that have affected windows.

If you can choose a point before you got the virus you are golden. Worked like a charm for me.

At least till the virus protection companies find a solution to this problem.


I'd also check for the klomp.exe or the qdbon.dll before starting ie again.

This took me all of 5 minutes to fix this virus doing this.
 
I too deleted the registy value Debugger = "%System%\klomp.exe"
and I also have recovered the use of internet explorer. It works fine, and I've not found klomp.exe or qdbon.dll in the windows/system32 folder. But, I'm still concerned about the functions (if any) that the remaining created registry entries are performing. I downloaded and ran malwarebytes anti malware 1.31 it found and cleaned 27 infected objects. None directly related to klomp. I going to update it and run it one more time. But, damn it took 9+ hours to run a full system scan the first time I ran it, I could feel myself getting older as it ran.
 
This is my fix for the klomp issue.

Start-->Run-->Regedit

Navigate to HKEY_LOCAL_MACHINE/SOFTWARE
/Microsoft/Windows NT/CurrentVersion/Image File Execution/Iexplore.exe

Right click and go to properties.

For all users that are listed there, set each one to "Deny" top to bottom.

It then eliminates IE crippling issue, and also prevents reinsertion to the registry.

Run your Anti-virus/Spyware program (or perhaps you can now download one) and remove.

~Necrotech~
 


Thanks for the tip Necro. I was hoping to employ some safeguard from reinsertion, so I'll definitely try this. Looks like nothing has crept back at this point and this should cement that.
 
You got a huge problem dude, its the trojan.Vundo, it's integrated in windows essantial processes and it's integrated into your windows dictory.

Only option is to completely reinstall windows (i got the problem just 2 days ago)

I tried to reinstall using a packard bell master cd but the virus messed up the partition it made and i had to reinstall windows using a officail windows copy on CD with a new partition.

VIRUSSCANNERS REMOVE THE INFECTED FILES BUT DO NOT DETECT THE INFECTED PROCESSES AN WINDOWS FILES BECAUSE THE VIRUS USES THE ORIGINAL FILENAMES AND IT'S USES THE ORIGINAL FILES BUT THEN WITH A TROJAN IN IT, SO IT SIMPLY CANT BE REMOVED !!!!!!!!!!!

DO NOT TRY TO REMOVE BECAUSE IT CAN'T BE REMOVED, ONCE INTERGRATED INTO YOUR SYSTEM IT KEEPS COMING BACK, ONLY OPTION IS TO REINSTALL WINDOWS BY LEGAL COPY !!!

 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom