Problem with ihxb1.exe

Anything R'n'D unrelated.

Moderators: Flumminator, Zomis

Post Reply
User avatar
Francesco
Posts: 577
Joined: Thu Dec 29, 2005 2:22 pm
Location: Sardinia (Italy)
Contact:

Problem with ihxb1.exe

Post by Francesco »

Hi everybody,
it's some weeks that I'm having problems with this file "ihxb1.exe".

It seems that it's a trojan horse (Generic2.ABR, Generic2.ABW) that auto-installs itself on my system, and then kills my internet connection, trying to establish a new connection to an international number or something like this. My AVG antivirus got it a couple of times, but now it raises no warning at all!

Anybody had the same problems? Anybody knows a solution?
Anyway, by the way, have fun!
Francesco
User avatar
Alan
Posts: 661
Joined: Fri Jun 18, 2004 7:48 pm

Post by Alan »

Sorry to hear about this,

If it's a dialler (or malware) then it's unlikely the best AV will pick it up since it doesn't destroy data or spread to other PCs like a virus. I've had Norton AV (Super-duper corporate edition) miss things like this :-(

You get this kind of crap from the "do you want to install XXX on your system", If you get bombarded with this a lot then its only a matter of time before you slip up and hit "yes" by mistake.

Forget AV software for now and try Lavasoft's Adaware which is free.

The problem with these types of programs though is they can't be removed if they are running. Can you see "ihxb1.exe" in the running apps list? If so then find where it is on your PC, boot to DOS and delete it from there. Good luck.
User avatar
Francesco
Posts: 577
Joined: Thu Dec 29, 2005 2:22 pm
Location: Sardinia (Italy)
Contact:

Post by Francesco »

Sometimes the process can be killed, sometimes it can't. I used to scan my PC with Lavasoft AD-Aware, and also with Spybot S&D, but I stopped since I've put apart IE, switching to Firefox.

I guess it has been IE again to dump it in my system - I had to use it to check how some pages were displayed... oh well, doesn't matter, now I have installed the Tea Timer of Spybot S&D, which asks me confirmation for each and every registry change 8)

Luckily, I've also blocked all international numbers and all pay-numbers from my phone line years ago: I get infected by dialers very rarely, but it happens sometimes...
Anyway, by the way, have fun!
Francesco
User avatar
Francesco
Posts: 577
Joined: Thu Dec 29, 2005 2:22 pm
Location: Sardinia (Italy)
Contact:

Post by Francesco »

I think I got rid of that, it has been a little fight, anyway... I had to switch to Linux, delete manually some libraries, some executables, then going back to Windows I had to delete some new users that have been created by the malware, and finally I've got to delete some registry entries manually... hope this is truly the end of the story...
Anyway, by the way, have fun!
Francesco
Post Reply