"Rick Rogers" <rick@mvps.org> wrote:
> "rajkiranpro" <rajkiranpro@hotmail.com> wrote:

>>I noticed in my task manger that Internet Explorer is running as a
>>process. though I try to end it., it reappears again in the process list..
>>this gives me problems while installing some software. I thought it might
>>be a spyware or virus but I scanned the system and found none and the
>>iexplore running is in the default program files directory. can anyone
>>tell me why this happens or suggest a solution to close the process
>>permanently so that it doesn't reappear. I don't want to uninstall
>>internet explorer.

> First, you can't uninstall Internet Explorer anyways, so that's not a
> solution. If IE runs as a process, it usually indicates malware. You might
> want to rerun the scans, only this time in safe mode where the malware is
> less likely to be active. When active, it can often mask itself from
> detection and removal.

Another approach for the OP would be to see what's behind the "iexplore"
process (with the caveat you noted about the ability of some infections to
hide themselves).

From a command prompt (privilege elevation not required), issue the
following command (uppercase used for clarity; the command is
case-insensitive):

WMIC PROCESS WHERE (CAPTION="IEXPLORE.EXE") GET COMMANDLINE /VALUE

Where I've shown "IEXPLORE.EXE" above, use the exact text shown in the Task
Manager, enclosed in quotes. The response *should* be:

CommandLine="C:\Program Files\Internet Explorer\iexplore.exe"

(with the quotes as shown). Further, at least on my system there are two
binary-identical files named IEXPLORE.EXE, one in C:\Program Files\Internet
Explorer" and the other in "C:\Windows\System32". A copy of Internet
Explorer from any other directory should be treated with great suspicion,
although the converse is not true: it's possible that the legitimate copies
of IEXPLORE.EXE in the "correct" folders have been replaced with infected
files.

Joe Morris