cancel
Showing results for 
Search instead for 
Did you mean: 
nbarr
Level 7
Report Inappropriate Content
Message 1 of 1

Antivirus8 (AV8) and IEsafemode.exe malware removal solution

Web site and Trojan warning!

When I simply opened the imageshack.us/ website a trojan malware was installed onto my computer that said that my computer was infected.  A program with the heading of Antivirus8 (AV8) appeared to start running with many apparent virused described just like any other scan.  I immediately closed this and ran a McAfee scan which did not detect any of the viruses that it claimed that my computer had and the McAfee scan also did not detect that my computer was infected with Malware.  When I then tried to open either Internet Explorer or Safari browsers the results in either case was a window that appeared to be Internet Explorer with a title of Internet Explorer Safe Mode and a message in the body stating that only some web sites could be loaded.  All of the menu pull-down options were de-highlighted and did not function (including tools/options) other than File/Exit.  Addresses could be entered normally, however after a short time (sometimes within seconds) the web window would be replaced by another window stating that the computer was infected.  This window replacement prevented my internet provider from being able to remotely log into my computer to help diagnose.  I then ran SpyBot and it too found nothing.  I then reinstalled my Internet Explorer 8 and McAfee Internet Security only to get the same results.  When I checked the properties of the new IE8 shortcut it showed that the target program was IEsafemode.exe.  I verified that this was not a program listed in the Add and Remove programs of control panel.  I searched and found the program in C:\program files\Internet Explorer, and deleted it but after a reboot I still got the same Internet Explorer Safe Mode window.  An internet search on my second computer found that to remove this malware also required that the following registry repair was required for the removal and it worked.  I couldn't find any place on the McAfee web site other than this BLOG to tell McAfee about their failure to find this malware.  I hope this helps someone else!

Registry removal steps:

Do Start\Run and enter REGEDIT.   Browse to the HKEY_LOCAL_MACHINE entry: HKEY_LOCAL_MACHINE\SOFTWARE

\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

In the righthand pane select Debugger = iesafemode.exe -sb and delete it if it exists.
Close the registry editor.