ieaksie.exe ????

lisavan · Cadet Joined: Apr 15, 2004 Posts: 8 Location: USA

can anyone tell me what ieaksie.exe is and what it does? I have done a couple searches and come up with nothing. Thanks!

k027 · Posted: Tue May 11, 2004 9:24 pm Post subject:

Hello lisavan,

Do you mean ieaksie.dll? Confused

lisavan · Cadet Joined: Apr 15, 2004 Posts: 8 Location: USA

No, I mean ieaksie.exe. Sygate kept telling me that "ieaksie.exe is trying to connect to 206.58.237.248 using port ?? (don't remember, I didn't write that part down) ....." I also looked in my task manager and it showed ieaksie.exe.

IamHypnoS · Trooper Joined: May 11, 2004 Posts: 28 Location: USA

ieaksie is not an application (exe) it is a dynamic link library (dll)

ieaksie.exe I have never heard of.... in all my life.... HOWEVER CAUTION! viruses offen use names of programs that really exist or other file names that really exist but change them some to make the virus harder to find... I mean you wouldn't name a virus, BADBADVIRS.exe would you? nah you'd name is something like explores.exe or svchosts.exe both are real programs but the virus creator added an s to each one to try to make his code harder to detect... real examples Razz

k027 · Posted: Wed May 12, 2004 8:19 am Post subject:

Hello lisavan,

ieaksie.dll is legitimate, ieaksie.exe does not appear to be. Search for ieaksie.exe on your computer, right click (do not doubleclick) on "Properties", click on "Version", scroll through the menu and report back with what you find.

206.58.237.248 resolves to update.requestlookup.net. requestlookup.net is a search engine. You may have adware and/or spyware on your computer.

Download, install, update, and run Ad-aware and Spybot S&D:

http://computercops.biz/downloads-file-292.html
http://computercops.biz/downloads-file-108.html

Reboot your computer after running each program. Smile

lisavan · Cadet Joined: Apr 15, 2004 Posts: 8 Location: USA

Sorry it took so long to get back to you. I think I found the information you were asking me about. Here it is ...

Name: ieaksie.exe - 2A070641.pf
type of file: PF File
Opens with: Unknown Application
Location: C:\Windows\Prefetch
Size: 46.0 KB (47,202 bytes)
Size on disk: 48.0 KB (49,152 bytes)
Date created: Monday, May 10, 2004, 10:52:13 AM
Modified: Tuesday, May 11, 2004, 7:23:34 PM
Accessed: Today, May 13, 2004, 8:14:38 PM

I am guessing that since it was just created a few days ago, that it is something I don't need. I have done several virus scans and they all come up with nothing (AVG, Panda, Trend Micro). I also have Spybot & Ad-aware and run them daily (sometimes more than once), spybot shows nothing and Ad-aware has just been coming up with cookies for websites that I have been to (I have removed all of them). I did a sytem restore to last week and the program is currently not running (as far as I can tell), but I would like to get rid of it all together if it a possible virus. Thanks!

DaveSW · Cadet Joined: May 14, 2004 Posts: 3 Location: Uk

start -> run -> msconfig
click the startup tag, see if you can find it. If you do simply deselect the tickbox next to it.

It is sometimes necessary to reboot in safemode to do this, and the other step I sometimes use is start -> run -> regedit and use the find tool on the edit menu to locate any references to it. Then delete them.

I usually follow the first step because if it kills your computer because it was essential you can boot in safemode to retick it!

The other possibility is something like coreflood - http://us.mcafee.com/virusInfo/default....s_k=100312
It uses randomly generated filenames 7 characters long, although the fact it starts with ie would suggest otherwise.

PDragon616 · Cadet Joined: Jun 09, 2004 Posts: 1 Location: USA

What a coincidence. Mad

I happen to have an executable that showed up in my SYSTEM32 directory in the last week, which is also named after a DLL in the same directory and ZoneAlarm has been blocking its attempts to connect to the exact same IP you are seeing. 206.58.237.248:80

My guess is that there is a piece of hackerware that was deposited on my machine somehow or a virus, and it names the executable after *any* DLL in your system32 directory.

For me the exe is "iglzw32s.exe". When I bring up the process monitor, I can see it among the processes. Killing it does not appear to affect the computer. I've asked ZoneAlarm to permanently block it.

Something to watch out for... by picking a random real DLL and naming the exe after it, the hacker avoids people from searching for the filename in google and finding anything unusual. Sleazy.

Does anyone here have the ability to decompile an executable and figure out what it does? I'd be happy to send the exe to anyone who wants to look at it.

dakikat · Cadet Joined: Jun 11, 2004 Posts: 1 Location: USA

I also just encountered the same thing, except in my case my executable was named mqqm.exe. My firewall blocked it from accessing search.requestlookup.net port 80. (206.58.237.248:80)

Mine is a 52KB file

C:\WINDOWS\SYSTEM32
Size: 51.3 KB (52,626 bytes)
Size on disk: 52.0 KB (53,248 bytes)

I blocked it and renamed it ...Symantec anti-virus, Adaware, and Spybot didn't find anything

faithhope · Cadet Joined: Jun 13, 2004 Posts: 2 Location: Afghanistan

Me too. My file is d3d8.exe and it is in the Windows\system32 directory. Zone Alarm alerted me this was trying to connect. Hopefully we will figure out what this thing is soon.


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 527 pages served in previous 5 minutes. Page Generation: 0.488 seconds.